SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads.
- Obfuscation
- Encoding
- Run-time Code Compiling
- Character Substitution
- Patched Meterpreter Stage Support
- Blocked powershell.exe Bypass
___ ___ ___ ___ _ _____ _ _ ___ ___
/ __| _ \/ _ \ / _ \| |/ / __| | /_\ | _ \ __|
\__ \ _/ (_) | (_) | ' <| _|| |__ / _ \| / _|
|___/_| \___/ \___/|_|\_\_| |____/_/ \_\_|_\___|
Version : 2.0
Author : Halil Dalabasmaz
WWW : artofpwn.com, spookflare.com
Twitter : @hlldz
Github : @hlldz
Licence : Apache License 2.0
Note : Stay in shadows!
[*] You can use "help" command for access help section.
SpookFlare > list
ID | Payload | Description
----+------------------------+------------------------------------------------------------
1 | meterpreter/binary | .EXE Meterpreter Reverse HTTP and HTTPS loader
2 | meterpreter/powershell | PowerShell based Meterpreter Reverse HTTP and HTTPS loader
3 | javascript/hta | .HTA loader with .HTML extension for specific command
4 | vba/macro | Office Macro loader for specific command
Installation
# git clone https://github.com/hlldz/SpookFlare.git
# cd SpookFlare
# pip install -r requirements.txt
Technical Details
https://artofpwn.com/spookflare.html
Usage Videos and Tutorials
- SpookFlare HTA Loader for Koadic:
- SpookFlare PowerShell/VBA Loaders for Meterpreter
- v1.0 Usage Video:
Acknowledgements and References:
- https://github.com/rapid7/metasploit-framework
- https://github.com/zerosum0x0/koadic
- https://github.com/EmpireProject/Empire
- https://github.com/Veil-Framework/Veil
- https://github.com/nccgroup/demiguise