Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions. Veil-Evasion’s code is located at https://www.github.com/Veil-Framework/Veil-Evasion/ and it’s a part of the Veil super project at https://github.com/Veil-Framework/Veil which we recommend mosts users clone and install. Relevant blog posts are here, and its active developers are listed below. Feel free to contact them with questions, comments, or feedback.
Chris Truncer
Twitter: @ChrisTruncer
Website: https://www.christophertruncer.com
E-Mail: Chris [at] veil-framework [dot] com
HarmJ0y
Twitter: @HarmJ0y
formerly @the_grayhound
Mike Wright
Twitter: @TheMightyShiv
error in the payload … not associated program .. (OS kali) I do?
http://store1.up-00.com/2015-03/1426838479431.jpg
easy_install -U pip it’s solution !!!
reinstall veil-evasion
i need veil-evasion x32 :s
avast does not report the Payload of veil-evasion as malicious, but when I run it while it analyzes the flag as malicious ( sorry for bad english)
thanks for the excellent work!!
Very excellent work! I want to advice to scan on this site: http://nodistribute.com/ i think it’s serious and don’t distribute to av companies the payload… (they say you have 4 scan for day, but if you change ip or tor….) :D
noob!
metascan.org/free_scan.php
DO NOT USE nodistribute.com.
USE METASCAN
dont compromise the purpose of the project by submitting it to the AV scanner , they are never meant to be your friends . Why not use a VM for the same .
error veil after update metasploit
how to solve it?
http://pastebin.com/0SXt8rhX
Any solution to this? I see it’s listed as issue 57. Here is the link https://github.com/Veil-Framework/Veil-Evasion/issues/57 however I still can’t seem to fix this.
same with me , after i install veil-evasion, i got error like that , how to fix ?
error of veil evasion that of pip
after installation they get error of pip install and something
how pip error was solve
hi there… First of all, I really apreciate your work. It is amazing! But paying attention at the source code, I havent really understood yet why yuo have concealed the variables in the source code using random strings. I’m saying that becouse there is no evidence in the binary of them and doing so the source code looks unintelligible. So why did you do that?
Thanks!
I have installed Veil on my Kali laptop and a Kali VM following Chris’s Youtube video without any problems. However when trying to install Veil on an instance of Kali in Amazon EC2 I encounter numerous unexpected differences.
I can get as far as cloning Veil from Github, but when CDing into the Veil folder there is no setup folder, therefore no setup.sh to execute. Instead there is an Install.sh and a Readme file.
Attemting to execute Install.sh does not lead to Veil being installed. Please help.
can i change the process name of the ruby reverse_tcp exploit ? i mean i generate a file for a victim and when he runs the file, the name of my file in the task manager is rubyw.exe . Can i somehow change that to whatever i want to ?
python/meterpreter/rev_https caught (check out mcafee’s result, Trojan-Veil.gen.b)
http://nodistribute.com/result/ywQUpr6tPf73zKo
and this is the best I can get, other payloads’ results are 14/34-24/34.
The big “that bypass common antivirus solutions” is just a show-off it’s no better than any of the other bigmouth crypters.
unsatisfied_user, they can’t necessarily help it if there’s end users who are submitting samples to virustotal or the like. It’s also a safe assumption to make that AV companies know about this website and framework as well.
hello,
sorry my English.
I’m using, veil-evasion in armitage using python / meterpreter / rev_tcp
eset nod 32, avast are detecting. Some solution or another way to create another payload?
sara19872233@yahoo.com
18 Major AV’s detect 90% of the encryption methods…. is there an update expected?
Hello trying to install your tool kali linux I get the following errors aver if you can help me:
E: Could not find package mingw-w64
E: The “monodoc-browser” package does not have a candidate for installation
E: Could not locate the package monodevelop
E: Could not find package python-pefile
dont know what else to do, and tried everything,
I hope your answers, thanks.
Hello, Straight to the point. I get this error when installing Veil. Any advice will be greatly appreciative.
=========================================================================
Veil-Evasion | [Version]: 2.17.0
=========================================================================
[Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
=========================================================================
Traceback (most recent call last):
File “./Veil-Evasion.py”, line 283, in
controller = controller.Controller(oneRun=False)
File “/home/Hack3r/Veil/Veil/Veil-Evasion/modules/common/controller.py”, line 129, in __init__
self.LoadPayloads()
File “/home/Hack3r/Veil/Veil/Veil-Evasion/modules/common/controller.py”, line 141, in LoadPayloads
d = dict( (path[path.find(“payloads”)+9:-3], imp.load_source( “/”.join(path.split(“/”)[3:])[:-3],path ) ) for path in glob.glob(join(settings.VEIL_EVASION_PATH+”/modules/payloads/” + “*/” * x,'[!_]*.py’)) )
File “/home/Hack3r/Veil/Veil/Veil-Evasion/modules/common/controller.py”, line 141, in
d = dict( (path[path.find(“payloads”)+9:-3], imp.load_source( “/”.join(path.split(“/”)[3:])[:-3],path ) ) for path in glob.glob(join(settings.VEIL_EVASION_PATH+”/modules/payloads/” + “*/” * x,'[!_]*.py’)) )
File “/home/Hack3r/Veil/Veil/Veil-Evasion//modules/payloads/native/backdoor_factory.py”, line 14, in
from tools.backdoor import pebin
File “/home/Hack3r/Veil/Veil/Veil-Evasion/tools/backdoor/pebin.py”, line 42, in
import pefile
ImportError: No module named pefile
P.S. Loved your talk at Defcon 22.
Thanks
Hello, I have the same problem and i fix it to execute ./setup.sh in /root/Veil/Veil-Evasion/setup/
After Veil works fine !
easy-install pefile helped it work.
=========================================================================
Veil-Evasion | [Version]: 2.13.4
=========================================================================
[Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
=========================================================================
Traceback (most recent call last):
File “Veil-Evasion.py”, line 283, in
controller = controller.Controller(oneRun=False)
File “/usr/share/veil-evasion/modules/common/controller.py”, line 129, in __init__
self.LoadPayloads()
File “/usr/share/veil-evasion/modules/common/controller.py”, line 141, in LoadPayloads
d = dict( (path[path.find(“payloads”)+9:-3], imp.load_source( “/”.join(path.split(“/”)[3:])[:-3],path ) ) for path in glob.glob(join(settings.VEIL_EVASION_PATH+”/modules/payloads/” + “*/” * x,'[!_]*.py’)) )
File “/usr/share/veil-evasion/modules/common/controller.py”, line 141, in
d = dict( (path[path.find(“payloads”)+9:-3], imp.load_source( “/”.join(path.split(“/”)[3:])[:-3],path ) ) for path in glob.glob(join(settings.VEIL_EVASION_PATH+”/modules/payloads/” + “*/” * x,'[!_]*.py’)) )
File “/root/Veil-Evasion//modules/payloads/auxiliary/pyinstaller_wrapper.py”, line 12, in
from modules.common.pythonpayload import PythonPayload
ImportError: No module named pythonpayload
If you have this. Try “easy-install pefile” That’s what I did to make it work.
Opps posted the above comment on the wrong feed.
Just did a gut pull and ran update.py. Everything working fine except know all files store in /usr/share/veil-output instead of /root/veil-output. Just wondering if this is the new behavior or did I screw up. Running on Kali fully patched. Thanks
Kool beens. I used easy-onstall pefile and it now works. Thanks
Opps, I meant “easy-install pefile” HA. Works like a charm. Wished I had known that sooner. But now it’s working great. Thanks again
ok guys so I have created a plethora of payloads using this but when the time comes they always get detected either it’s avg or avast. so can someone pls point me to the right direction or stuff following which I could finally create a truely undetectable Payload for real?
do not scan with any antivirus scanner online do it manually by running vmware and a compatible windows os for your test, i use virtualbox with windows 7 install and my test antivirus is avast and avira , and so far nothing detected , but detected on mcafee antivirus . thanks bro
i think every pentester can create a small lab using a virtualization technology(vmware , vurtualbox, hyper-v, e.tc. ) always test on your own before using
Thanks for your hardwork. Look forward to future releases
There seems to be an error in the setup.sh script running under Archlinux. the package “mingw-w64-mingw-w64-winpthreads” should be changed to “mingw-w64-winpthreads”