20 个仓库
Tools that modify binary file structures and signatures to evade detection by security software.
Distinct from Payload Obfuscation: Distinct from Payload Obfuscation (which focuses on data transport masking): this specifically targets executable file signatures and binary structures.
Explore 20 awesome GitHub repositories matching security & cryptography · Executable Obfuscators. Refine with filters or upvote what's useful.
This project is a JavaScript code protection tool designed to transform source code into a version that is difficult for humans to read. Its primary purpose is to protect intellectual property and prevent reverse engineering by altering the original program logic. The tool employs several advanced techniques to hinder analysis, including control flow flattening and the injection of dead code. It can compile functions into custom bytecode executed by an embedded virtual machine and encrypt string literals to prevent static analysis of text. Additional capabilities include anti-debugging mecha
Provides a CLI to automate the transformation of JavaScript source code using various security presets.
TheFatRat is a security exploitation framework designed to automate the creation, obfuscation, and deployment of payloads for penetration testing. It functions as a comprehensive toolkit that streamlines the exploitation lifecycle, enabling users to generate malicious executables, manage network listeners, and execute post-exploitation tasks through a unified command-line interface. The framework distinguishes itself by integrating various third-party exploitation utilities into a single, orchestrated workflow. It provides specialized capabilities for embedding code into legitimate binaries a
Modifies file signatures and binary structures to evade detection by antivirus software and security filters.
Sliver is a command and control framework designed for adversary emulation and security assessment operations. It provides a centralized platform for managing remote systems, enabling security professionals to coordinate multi-operator sessions and maintain persistent, secure communication channels across diverse network environments. The framework distinguishes itself through its focus on stealth and infrastructure flexibility. It utilizes dynamic payload obfuscation to generate unique binaries and supports in-memory execution to minimize disk artifacts. Communication is secured through mutu
Generates unique, obfuscated binaries during the build process to evade signature-based detection by security software.
jsfuck 是一种深奥的编程语言和 JavaScript 源代码混淆器。它作为一个代码编码器,将标准 JavaScript 源代码转换为由最小字符集组成的等效功能代码。 该项目将其源代码限制为六个特定字符,以隐藏逻辑并绕过阻止标准字母数字字符的安全过滤器。它通过使用类型强制转换来派生符号,并通过原型操作访问内部语言对象来实现这一点。 该系统通过将字符串转换为可执行函数并通过执行上下文检索全局作用域,实现了任意 JavaScript 执行。它利用数组包装器和原生构造函数调用来管理复杂的逻辑和函数参数。
Transforms standard JavaScript source code into an obfuscated functional equivalent to prevent reverse engineering and bypass filters.
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Creates encoded or obfuscated shellcode, PowerShell commands, or executables to evade antivirus detection.
Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str
Transforms injection strings through a modular tamper pipeline of filter-specific obfuscation scripts to evade WAFs.
Ladon 是一款内网渗透扫描器和漏洞评估工具,旨在识别跨网段的高风险安全漏洞和资产。它作为一款无文件安全扫描器,直接在内存中执行引擎和模块,从而避免在目标系统上留下磁盘痕迹。 该项目的特色在于作为 Cobalt Strike 框架中命令信标(Beacon)的插件集成。这实现了内存驻留的网络发现和漏洞检测。它还通过载荷和脚本混淆,以及绕过终端检测与响应(EDR)系统的技术,支持隐蔽操作。 该工具提供了一套全面的后渗透功能,包括凭据审计、提取,以及用于域渗透的 Kerberos 攻击执行。它通过多协议扫描和服务指纹识别来处理资产发现,以识别操作系统和 Web 技术。此外,它还支持横向移动自动化、权限提升以及远程代码执行载荷的部署。 该框架通过插件架构实现扩展,允许动态加载外部程序集或脚本,以添加自定义扫描模块和概念验证(PoC)。
Transforms executables and scripts into different formats to evade antivirus and EDR detection.
Pacu is an exploitation framework designed for auditing and testing the security of Amazon Web Services environments. It serves as a cloud penetration testing tool and resource enumerator used to identify misconfigurations, map attack surfaces, and execute privilege escalation paths. The framework provides specialized capabilities for post-exploitation and red team operations, including establishing persistence through identity and access management backdooring. It distinguishes itself with a plugin-based module system that allows for the development of custom tasks and the orchestration of A
Creates malicious resource identifiers that trigger formula execution when log exports are opened in spreadsheets.
本项目是一个无服务器表单处理器和后端服务,用于捕获 HTML 表单提交并将数据直接写入 Google Sheets。它作为一个集成工具,将表单输入名称映射到电子表格列标题,从而在无需专用后端数据库的情况下实现数据收集自动化。 该服务包含一个路由系统,根据隐藏字段值将提交内容定向到特定的电子表格标签页。为了维护数据完整性,它通过清理输入以防止公式执行来实现电子表格注入保护,并使用蜜罐字段来过滤自动机器人提交。 其他功能包括一个电子邮件通知服务,在提交成功或失败时发送自动警报。该系统处理输入数据到电子表格行的映射,并提供实时潜在客户捕获和信息跟踪机制。
Prevents spreadsheet command execution by sanitizing inputs that start with formula symbols.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Provides techniques to mask payloads and obfuscate command-line execution to evade antivirus and EDR detection.
这是一个精心策划的工具、脚本和技术指南集合,旨在增强使用 Cobalt Strike 的进攻性安全操作。它作为管理命令与控制 (C2) 基础设施和部署安全参与的资源中心。 该集合包括用于规避端点检测与响应 (EDR) 系统的工具包,以及用于自动化红队任务(如侦察和主机枚举)的库。它为开发后渗透框架提供了资源,特别侧重于创建反射式库和驻留内存的代码。 该仓库涵盖了广泛的操作功能,包括用于避免检测的网络流量定制、用于基础设施分析的内存取证,以及各种 shellcode 混淆技术。它还包括用于配置命令与控制服务器和执行主机进程注入的指南。
Includes tools to mask shellcode and binaries, altering their structure to evade antivirus and EDR detection.
EQGRP 是一个远程访问木马框架和后渗透工具包。它提供了一个集中式命令与控制基础设施,用于部署持久化植入物并管理跨不同操作系统的远程智能体。 该项目包括用于数字取证规避的工具,例如修改系统日志和文件系统时间戳以删除执行痕迹。它具有一个网络拦截系统,用于通过挂钩系统根目录来捕获和重构数据流,以及专为内核权限提升而设计的漏洞利用,以将进程权限提升为管理根权限。 该工具包涵盖了广泛的功能,包括远程代码执行、用于签名规避的 Shellcode 打包,以及移动设备日志和电信记录的渗出与解析。它还提供用于绑定网络端口和浏览解密归档的工具。
Compresses and obscures shellcode to bypass signature-based detection by antivirus and EDR software.
Veil is a payload generation framework and a suite of tools designed to automate the creation of obfuscated binaries and encoded shellcode. It functions as an anti-virus evasion tool that transforms binary code to bypass security scanners and endpoint detection software. The framework utilizes multi-language payload generation, employing various programming language compilers to create executables that evade signature-based detection. It includes an evasive shellcode encoder to remove forbidden characters and apply obfuscation techniques to hide payload logic. The project covers the generati
Provides tools that mask shellcode and binaries to evade detection by antivirus and EDR software.
Invoke-Obfuscation is a PowerShell-based tool for transforming PowerShell commands and scripts into obfuscated forms to evade signature-based detection. It applies token-level, string-level, and encoding techniques to hide execution logic, and supports compressing commands before obfuscation to reduce size while concealing the original code. The tool distinguishes itself through layered obfuscation that can be applied and reversed one layer at a time, allowing users to restore a script's original form. It offers multiple encoding schemes including ASCII, hex, octal, binary, and XOR, and can h
Runs obfuscation operations directly from the command line using compact syntax without interactive mode.
This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vector
Provides a utility for encoding and hiding malicious content within documents to evaluate security scanners.
This project is a comprehensive command-line reference and toolkit designed for Linux system administration and network security assessment. It provides a collection of technical snippets and operational guides focused on managing remote environments, orchestrating shell sessions, and executing administrative tasks through native terminal utilities. The repository distinguishes itself by offering specialized techniques for stealthy operations and infrastructure manipulation. It covers methods for establishing encrypted tunnels to bypass firewalls, obfuscating process identities and command hi
Encodes scripts into base64 strings for stealthy remote execution via DNS or startup scripts.
phpggc is a security assessment utility and command-line tool designed for the automated generation, obfuscation, and wrapping of serialized object chains. It functions as a gadget chain framework used to identify and verify remote code execution vectors by testing for PHP object injection vulnerabilities. The project provides a modular system for constructing complex serialized object sequences and includes a dedicated payload obfuscator to transform byte streams for bypassing web application firewalls and security filters. It also features a generator for wrapping serialized data into archi
Provides a modular tamper pipeline for transforming serialized byte streams to bypass web application firewalls.
Hoaxshell is a command and control system for Windows remote command execution. It provides a framework for generating and managing reverse shell payloads that utilize an HTTP beaconing protocol, where victim clients periodically poll a handler to receive and execute instructions. The project distinguishes itself through its ability to bypass PowerShell Constrained Language Mode using specialized payload generation. It supports encrypted command and control via TLS certificate injection and provides mechanisms for remote session recovery, allowing a handler to reestablish control over active
Randomizes session IDs, URLs, and headers to obfuscate payload signatures and evade antivirus detection.
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Obfuscates shellcode and binaries using AES, RC4, or XOR to evade antivirus and EDR software.
Phantom-Evasion is a security research framework designed for generating obfuscated payloads and automating post-exploitation tasks during authorized security assessments. It provides a suite of utilities for creating custom executables and libraries intended to test the effectiveness of antivirus and endpoint security detection systems. The framework distinguishes itself through a focus on memory-resident operations, allowing for the execution of encrypted binaries and shellcode directly within system memory. By utilizing techniques such as junk code injection, payload encryption, and remote
Applies encryption and polymorphic transformations to executable code at generation time to prevent signature-based antivirus identification.