GitHub - lengjibo/FourEye: AV Evasion Tool For Red Team Ops
How to Download and Install Evasion Framework on Linux
If you are a penetration tester or a red teamer, you might have heard of Evasion Framework, a tool that can help you bypass common antivirus and EDR solutions. In this article, we will show you how to download and install Evasion Framework on Linux, and how to use it to generate evasive payloads.
evasion.github.io download
What is Evasion Framework?
Evasion Framework is a project that consists of two main components: Veil and Ordnance.
A tool for generating evasive payloads
Veil is a tool that can generate metasploit payloads that evade common antivirus solutions. It can use various open-source converters, such as Donut, sRDI, and Pe2Sh, to transform native binaries, DLLs, and .Net binaries into position independent code (PIC) shellcode. It can also encode, compress, or encrypt the shellcode using different methods, such as XOR, AES, or Base64. Veil can output the shellcode in different formats, such as C, Python, Ruby, PowerShell, or executable.
A collection of evasion techniques and modules
Ordnance is a tool that can embed various evasion techniques and modules into the payload. These include AMSI bypass, WLDP bypass, ETW bypass, sandbox deception, and EDR evasion. Ordnance can also generate custom shellcode with user-defined options, such as port, protocol, encoder, bad characters, etc.
How to Download Evasion Framework?
There are two ways to download Evasion Framework from GitHub: using git clone command or using wget command.
Using git clone command
The git clone command can clone the entire repository of Evasion Framework to your local machine. To use this method, you need to have git installed on your system. You can install git by running the following command:
sudo apt install git
Then, you can clone the repository by running the following command:
evasion github topics python antivirus tool
antivirus evasion github repositories python veil
phantom evasion github python antivirus tool download
antivirus evasion github topics veil-evasion
pezor github shellcode antivirus evasion tool
chimera github powershell obfuscation script antivirus evasion
herpaderping github process obfuscation technique antivirus evasion
spookflare github loader dropper generator antivirus evasion
hacktheworld github python script payloads antivirus evasion
foureye github shellcode av evasion tool
msfmania github python av evasion tools
godgenesis github python payload generator antivirus evasion
cloak github python backdoor script antivirus evasion
invizzzible github assessment tool virtual environments antivirus evasion
bashfuscator github bash obfuscation framework antivirus evasion
defendercheck github bytes detection tool microsoft defender evasion
ddexec github binaries fileless stealthy execution linux evasion
mortar github bypass technique security products evasion
adversarial robustness toolbox github python library machine learning security evasion
telemetrysourcerer github enumeration disable tool telemetry av edr evasion
git clone
This will create a folder named Veil in your current directory.
Using wget command
The wget command can download a single file from a URL. To use this method, you need to have wget installed on your system. You can install wget by running the following command:
sudo apt install wget
Then, you can download the setup script of Evasion Framework by running the following command:
wget
This will save the file named setup.sh in your current directory.
How to Install Evasion Framework?
To install Evasion Framework, you need to run the setup script that you downloaded in the previous step. The setup script will install all the dependencies and configure the framework for you.
Installing dependencies
The setup script will check if you have all the required dependencies for Evasion Framework. These include Python 2.7, Python 3.7, Wine 32-bit, Metasploit Framework, etc. If any dependency is missing, the script will ask you if you want to install it automatically. You can answer yes or no depending on your preference.
Running setup script
To run the setup script, you need to make it executable first by running the following command:
chmod +x setup.sh
Then, you can run the script by running the following command:
sudo ./setup.sh
The script will ask you some questions during the installation process. You can answer them according to your needs Launching Veil interface
After the installation is complete, you can launch the Veil interface by running the following command:
veil
This will open a menu where you can choose between Veil and Ordnance. You can use the arrow keys and enter to select an option.
If you choose Veil, you will see a list of available converters that you can use to generate evasive payloads. You can use the arrow keys and enter to select a converter, or type the number of the converter.
If you choose Ordnance, you will see a list of available evasion techniques and modules that you can use to embed into the payload. You can use the arrow keys and enter to select a technique or module, or type the number of the technique or module.
After you select a converter or a technique/module, you will be asked to provide some options for the payload, such as target architecture, output format, shellcode options, etc. You can type the value of each option or press enter to use the default value.
Once you provide all the options, Veil or Ordnance will generate the payload for you and save it in the output folder. You can also copy the payload to your clipboard by typing "copy" at the prompt.
Conclusion
In this article, we have shown you how to download and install Evasion Framework on Linux, and how to use it to generate evasive payloads that bypass common antivirus and EDR solutions. Evasion Framework is a powerful tool that can help you in your penetration testing and red teaming activities. However, you should always use it ethically and responsibly, and only with permission from the target.
FAQs
What is the difference between evasion and obfuscation?
Evasion is a technique that aims to avoid detection by antivirus or EDR solutions. Obfuscation is a technique that aims to make the code or data harder to understand by humans or machines. Evasion can use obfuscation as a means to achieve its goal, but not all obfuscated code is evasive.
What are some examples of antivirus and EDR solutions that Evasion Framework can bypass?
Some examples of antivirus and EDR solutions that Evasion Framework can bypass are Windows Defender, Symantec Endpoint Protection, McAfee Endpoint Security, Carbon Black, CrowdStrike Falcon, etc.
What are some limitations of Evasion Framework?
Some limitations of Evasion Framework are that it does not guarantee 100% evasion rate, it does not support all types of payloads or formats, it does not work on all platforms or architectures, and it may trigger some behavioral or heuristic detections.
How can I update Evasion Framework?
You can update Evasion Framework by running the following command:
veil-update
This will check for any updates from GitHub and install them if available.
Where can I find more information about Evasion Framework?
You can find more information about Evasion Framework on its official website: . There you can find documentation, tutorials, videos, issues, etc.