Repo Location: https://github.com/Veil-Framework/Veil-Evasion
Team Veil is proud to announce the release of Veil v2.0. This drastically reworked version of the Veil AV-evasion framework incorporates a new structure, a slew of new features, and a variety of new payloads:
- Veil has moved from a single flat file towards a truly modular framework:
- Payload modules dropped into ./modules/payloads/[language] are loaded into the framework automatically
- Common reusable functions are stored in various files in ./modules/common/*
- Source/compiled files are output by default to ./output/source/ and ./output/compiled/
- ./config/update.py is executed automatically on first run, producing a common configuration file at ./config/veil.py, which can be edited manually
- External tools used by payloads are stored in ./tools/
- ./doc/* contains pydoc generated documentation for the framework
- A tutorial describing how to develop payload modules is forthcoming.
- Veil’s menus and interface have been redesigned for increased usability.
- One of the common requests for Veil was the inclusion of additional msfvenom shellcode payloads. To incorporate this, we built in automatic crawling of the metasploit /windows/* payload tree and the extraction of necessary payload parameters. The payloads should tab complete within the shellcode selection menu, in msfvenom windows/PAYLOAD format.
- Tab completion has also been added in a variety of places around the framework, including most menus, LHOST for IP completion, and LPORT for 4444 completion. Try it out!
- A new python ‘crypter’ named ‘pyherion’ (inspired by Null Security’s Hyperion) has been introduced, which encapsulates python payload files in an AES/base64 encoded wrapper that dynamically decodes/decrypts the python code in memory and executes it. A standalone version has also been introduced in ./tools/pyherion.py . A short post explaining its implementation details will be forthcoming.
- Command line switches have been implemented for almost all options. Type ./Veil.py -h for details.
- C payloads – Using both a void pointer reference and direct injection into memory with VirrtualAlloc calls
- Powershell – VirtualAlloc injection, MSF-psexec formatted resource file generation, and download/execution of a secondary payload.
- C# payloads – VirtualAlloc and base64 obfuscated payloads have been introduced, along with C# .exe compilation.
- Native payloads – hyperion and pescrambler