┌─┐┌─┐┬ ┬┬ ┌─┐┌─┐┌┬┐┬┌─┬┌┬┐
├─┘├─┤└┬┘│ │ │├─┤ ││├┴┐│ │
┴ ┴ ┴ ┴ ┴─┘└─┘┴ ┴─┴┘┴ ┴┴ ┴
v1.0 @jordanjoewatson
An offensive security framework for writing payloads.
Purpose of the framework is to take a binary, the tool then generates various mutations of the binary depending on the module. For example, the C# AES module will create base16, base64, hex and int versions, and provides C# functions to decrypt the encrypted binary. These generated segments of code can easily be added into a payload.
More modules soon.
- C++ XOR
- C++ ROT13
- C# XOR
- C# DLLImports (limited imports available)
- C# AES
- C# Environmental Keying
- PowerShell XOR
- PowerShell Environmental Keying
- Visual Basic XOR
- Cobalt Strike DLLImports (limited imports available)
- Format C Hex String
- Format Hex String
- Format Int Array
- Format Hex Array
python3 -m venv ./venv
source venv/bin/activate
pip3 install -r requirements
python3 payloadkit.py
payloadkit uses the python typer module. The tool has three options
lsìnforun
python3 payloadkit.py ls
Lists all modules available
python3 payloadkit.py info <modulename>
Prints out information on module, such as arguments required and description of module
python3 payloadkit.py run <modulename> [YAML/Args]
Some modules require a string argument, some modules require a YAML file
Config
key: this is my key
payload: ./path/to/payload.bin
Run
python3 payloadkit.py run cpp.xor xor.yaml
Config
payload: /path/to/payload.bin
Run
`python3 payloadkit.py run cpp.rot13 rot13.yaml
Config
blocksize: AES-256
payload: /path/to/payload.bin
Run
python3 payloadkit.py run csharp.aes aes.yaml
Fetches DllImport statements to use in payloads, doesn't require a YAML file. Only a few imports are currently available but planning to add more with time
Run
python3 payloadkit.py run cobaltstrike.dllimport malloc
Compares an environment variable with an XOR'd value, to ensure something will only run on a specific device
Config
key: username
value: jord
xorkey: enc
Run
python3 payloadkit.py run csharp.environmentalkeying env.yml
Config
key: this is my XOR key
payload: /path/to/payload.bin
Run
python3 payloadkit.py run csharp.xor xor.yaml
Config
key: this is my XOR key
payload: /path/to/payload.bin
Run
python3 payloadkit.py run powershell.xor xor.yaml
Compares an environment variable with an XOR'd value, to ensure something will only run on a specific device
Config
key: username
value: jord
xorkey: art
Run
python3 payloadkit.py run powershell.environmentalkeying env.yml
Fetches DllImport statements to use in payloads, doesn't require a YAML file. Only a few imports are currently available but planning to add more with timeS
Run
python3 payloadkit.py run cobaltstrike.dllimport malloc
Config
key: this is my XOR key
payload: /path/to/payload.bin
Run
python3 payloadkit.py run visualbasic.xor xor.yaml
Uses a single argument for a filepath, reads in as bytes and writes out in the format of a C Hex string, e.g. "\xAB\xCD..."
Run
python3 payloadkit.py run format.chexstring /path/to/binary.bin
Uses a single argument for a filepath, reads in as bytes and writes out in the format of a Hex string, e.g. "ABCD..."
python3 payloadkit.py run format.hexstring /path/to/binary.bin
Uses a single argument for a filepath, reads in as bytes and writes out in the format of an int array, e.g. 41,42,...
Run
python3 payloadkit.py run format.intarray /path/to/binary.bin
Uses a single argument for a filepath, reads in as bytes and writes out in the format of a hex array, e.g. 0xAB,0xCD,...
Run
python3 payloadkit.py run format.hexarray /path/to/binary.bin