python写的一款免杀工具(shellcode加载器)BypassAV,国内杀软全过(windows denfend)

Overview

FuckAV

中文 English

Travis Travis Travis

农民工写的免杀工具,2021-9-13 1frame [email protected]

更新记录

时间 2021-9-13 版本:1.2

  1. shellcode加载方式由远程加载改为了本地加载,shellcode写死在了exe里面,因为远程加载太麻烦,点开直接上线更方便,现在直接运行shell.exe就能上线
  2. 增加了upx压缩,缩小了exe体积
  3. 自动更新图标文件的md5,防止图标资源成为查杀的特征码,现在不需要每隔一段时间次就替换图标文件
  4. 支持powershell脚本免杀(还没开发的,就这几天弄)
  5. 加载器已经被杀软分析透了,得大改才能活下去,开源之后差不多活了两个月,也还算可以了

时间 2021-9-23 版本:1.3

  1. 去除了upx压缩,压缩率太低,没啥用,画蛇添足
  2. 每次都会重置ico还有py的文件名
  3. 封装了主main依赖库

温馨提示

使用之前安装一下python库 pip install -r requirement.txt,出现啥依赖库报错,大家自己解决吧,因为这个每个人的环境不一样,解决个依赖库报错相信不是啥难题

  • 脚本采用python3.7编写,Windows环境!!!!!!

  • 采用pyinstaller打包,使用之前请安装pyinstaller

  • 运行之前先确认一下pip库有没有安装

  • 环境实在报错就用fuckav.exe

  • 因为开源了嘛,估计要不了半个月就会被加入360豪华套餐了,但是整个程序够简单,被杀了再去改几个特征码照样又可以免杀半个月,反正我自己用了半个月,一直都是国内杀软全过,保持更新,但是频率比较慢,因 为我只是个没用的安服

  • 不得不说这个脚本确实有很多地方是在造轮子,但是是有意造的轮子,看似造轮子,实则是为了以后方便魔改(说白了就是菜,因为我是一个没用的安服)

  • 因为脚本逻辑实在太过于简单,没啥技术含量,所以大家尽量还是不要把马子上传到云杀箱了吧,为了免杀活更久一点

存活动态

  • 截止到 2021-8-20,360、火绒、Windows denfend、卡巴静态全过
  • 截止到 2021-8-28,360、火绒、Windows denfend、卡巴静态全过 2021-8-28更新
  • 截止到 2021-9-13,360、火绒、Windows denfend、静态全过,无法过360动态查杀(约一分钟之后就会报毒,可以再查杀之前选择进程注入。)
  • 截止到 2021-9-23,360、火绒动静态全过 Windows denfend、卡巴静态全过,更新了一下改了改规则,又能过了....不愧是md5查杀器
  • 截止到 2021-9-26,360、火绒动静态全过 Windows denfend、卡巴静态全过,Windows denfend、卡巴 动态杀

image image image

You might also like...
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

A windows post exploitation tool that contains a lot of features for information gathering and more.
A windows post exploitation tool that contains a lot of features for information gathering and more.

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

This is a keylogger in python for Windows, Mac and Linux!

Python-Keylogger This is a keylogger in python for Windows, Mac and Linux! #How to use it by downloading the zip file? Download the zip file first The

This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

IP Denial of Service Vulnerability
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

Windows Server 2016, 2019, 2022 Extracter & Recovery

Parsing files from Deduplicated volumes. It can also recover deleted files from NTFS Filesystem that were deduplicated. Installation git clone https:/

Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)
Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

Comments
  • error

    error

    一直报错,应该是生成图片的地方

    Traceback (most recent call last):
      File "/opt/FuckAV-main/FuckAV.py", line 84, in <module>
        rename_ico()
      File "/opt/FuckAV-main/FuckAV.py", line 71, in rename_ico
        ico=GeticoDir('.\\', ['ico'])[0]
    IndexError: list index out of range
    
    opened by cat577 0
  • version not found.

    version not found.

    Hi;

    I try to download the reuqirments; but version not found;

    #pip3 install -r requirement.txt file; Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from -r requirement.txt (line 1)) (0.4.4) ERROR: Could not find a version that satisfies the requirement time ERROR: No matching distribution found for time

    opened by b4sh1t1 0
Owner
1frame
1frame
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

Ayoub 861 Feb 18, 2021
Windows Stack Based Auto Buffer Overflow Exploiter

Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter Autoflow is a tool that exploits windows stack based buffer overflow automatically.

Himanshu Shukla 19 Dec 22, 2022
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Pupy Installation Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to u

null 7.4k Jan 4, 2023
Crowbar - A windows post exploitation tool

Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script

null 29 Nov 20, 2022
Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems

KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for

Black Lantern Security 35 Oct 25, 2022
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Introduction evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high numbe

NVISO 116 Dec 29, 2022
edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

stryngs 43 Dec 23, 2022
A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

Al Sweigart 26 Sep 4, 2022
Steal Files on a Windows Machine

File-Stealer Steal Files on a Windows Machine About This Script will steal certain Files on a Windows Machine and sends them to a FTP Server. Preview

Marcel 5 Nov 17, 2022
A python implementation of the windows 95 product key check.

Windows 95 Product Key Check Info: This is a python implementation of the windows 95 product key check. This was just a bit of fun and a massive 5 hou

null 11 Aug 7, 2022