View Issue Details

IDProjectCategoryView StatusLast Update
0000421Kali Linux[All Projects] Queued Tool Additionpublic2021-05-18 11:03
Reporterg0tmi1k Assigned Todookie  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version1.0.5 
Summary0000421: Veil 2.0 – AV Evasion Framework
DescriptionRepo Location:

Team Veil is proud to announce the release of Veil v2.0. This drastically reworked version of the Veil AV-evasion framework incorporates a new structure, a slew of new features, and a variety of new payloads:

New Structure
Veil has moved from a single flat file towards a truly modular framework:
Payload modules dropped into ./modules/payloads/[language] are loaded into the framework automatically
Common reusable functions are stored in various files in ./modules/common/*
Source/compiled files are output by default to ./output/source/ and ./output/compiled/
./config/ is executed automatically on first run, producing a common configuration file at ./config/, which can be edited manually
External tools used by payloads are stored in ./tools/
./doc/* contains pydoc generated documentation for the framework
A tutorial describing how to develop payload modules is forthcoming.
New features

Veil’s menus and interface have been redesigned for increased usability.
One of the common requests for Veil was the inclusion of additional msfvenom shellcode payloads. To incorporate this, we built in automatic crawling of the metasploit /windows/* payload tree and the extraction of necessary payload parameters. The payloads should tab complete within the shellcode selection menu, in msfvenom windows/PAYLOAD format.
Tab completion has also been added in a variety of places around the framework, including most menus, LHOST for IP completion, and LPORT for 4444 completion. Try it out!
A new python ‘crypter’ named ‘pyherion’ (inspired by Null Security’s Hyperion) has been introduced, which encapsulates python payload files in an AES/base64 encoded wrapper that dynamically decodes/decrypts the python code in memory and executes it. A standalone version has also been introduced in ./tools/ . A short post explaining its implementation details will be forthcoming.
Command line switches have been implemented for almost all options. Type ./ -h for details.
New payloads

C payloads – Using both a void pointer reference and direct injection into memory with VirrtualAlloc calls
Powershell – VirtualAlloc injection, MSF-psexec formatted resource file generation, and download/execution of a secondary payload.
C# payloads – VirtualAlloc and base64 obfuscated payloads have been introduced, along with C# .exe compilation.
Native payloads – hyperion and pescrambler



2013-08-11 13:55

reporter   ~0000704

Added in veil_2.0.1-1kali0



2013-08-11 15:10

reporter   ~0000711

Re-opening this so I can re-resolve it and have it show up in the change log.


2013-08-11 15:11

reporter   ~0000712

Added in veil_2.0.1-1kali0

Issue History

Date Modified Username Field Change
2013-06-25 11:15 g0tmi1k New Issue
2013-08-11 13:55 dookie Note Added: 0000704
2013-08-11 13:55 dookie Status new => resolved
2013-08-11 13:55 dookie Resolution open => fixed
2013-08-11 13:55 dookie Assigned To => dookie
2013-08-11 15:10 dookie Note Added: 0000711
2013-08-11 15:10 dookie Status resolved => feedback
2013-08-11 15:10 dookie Resolution fixed => reopened
2013-08-11 15:11 dookie Note Added: 0000712
2013-08-11 15:11 dookie Status feedback => resolved
2013-08-11 15:11 dookie Fixed in Version => 1.0.4
2013-08-11 15:11 dookie Resolution reopened => fixed
2013-08-16 14:03 dookie Fixed in Version 1.0.4 => 1.0.5
2021-05-18 11:03 g0tmi1k Category New Tool Requests => Queued Tool Addition