Fireelf - Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform in addition to allows users to easily exercise in addition to grapple payloads. By default is comes amongst 'memfd_create' which is a novel way to run linux elf executables completely from memory, without having the binary affect the harddrive.

Features

• Choose in addition to construct payloads.
• Ability to minify payloads.
• Ability to shorten payloads yesteryear uploading the payload source to a pastebin, it in addition to then creates a really minor stager compatible amongst python <= 2.7 which allows for tardily deployment.
• Output created payload to file.
• Ability to exercise payload from either a url or a local binary.

Included payload memfd_create
The exclusively included payload 'memfd_create' is based on the enquiry of Stuart, this payload creates an anonymous file descriptor inward memory it in addition to then uses fexecve to execute the binary straight from the file descriptor. This allows for the execution completely inward retentiveness which agency that if the linux organization gets restarted, the payload volition last no where to last found.

Creating a Payload
By default fireELF comes amongst 'memfd_create' but users tin prepare their ain payloads. By default the payloads are stored inward payloads/ in addition to inward lodge to exercise a valid payload you lot merely require to include a dictonary named 'desc' amongst the parameters 'name', 'description', 'archs', in addition to 'python_vers'. An event desc dictonary is below:

desc = {"name" : "test payload", "description" : "new retentiveness injection or fileless elf payload", "archs" : "all", "python_vers" : ">2.5"}

In add-on to the 'desc' dictonary the entry betoken the plugin engine i built uses requires a primary component subdivision which volition automatically perish passed 2 parameters, 1 is a boolean that if its truthful it agency its getting passed a url the mo parameter it gets passed is the data. An event of a elementary entry betoken is below:

def main(is_url, url_or_payload):     return

If you lot accept a method experience costless to commit a payload!

Screenshots

Installation
Download the dependencies yesteryear running:

pip3 -U -r dep.txt

fireELF is developed inward Python 3.x.x

Usage

usage: main.py [-h] [-s] [-p PAYLOAD_NAME] [-w PAYLOAD_FILENAME]                (-u PAYLOAD_URL | -e EXECUTABLE_PATH)  fireELF, Linux Fileless Malware Generator  optional arguments:   -h, --help           demonstrate this assistance message in addition to travel out   -s                   Supress Banner   -p PAYLOAD_NAME      Name of Payload to Use   -w PAYLOAD_FILENAME  Name of File to Write Payload to (Highly Recommended if                        You're non Using the Paste Site Option)   -u PAYLOAD_URL       Url of Payload to last Executed   -e EXECUTABLE_PATH   Location of Executable

Download fireELF