Home Security Tools FireELF- Fileless Linux Malware Framework

FireELF- Fileless Linux Malware Framework

by ethhack

FireELF- Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform and permits customers to simply create and handle payloads.

By default is comes with ‘memfd_create’ which is a brand new solution to run linux elf executables fully from reminiscence, with out having the binary contact the harddrive.


  • Select and construct payloads
  • Means to minify payloads
  • Means to shorten payloads by importing the payload supply to a pastebin, it then creates a really small stager suitable with python
  • Output created payload to file
  • Means to create payload from both a url or an area binary

Included payload memfd_create

The one included payload ‘memfd_create’ relies on the analysis of Stuart, this payload creates an nameless file descriptor in reminiscence it then makes use of fexecve to execute the binary immediately from the file descriptor.

This enables for the execution fully in reminiscence which signifies that if the linux system will get restarted, the payload will probably be no the place to be discovered.

Making a Payload

By default fireELF comes with ‘memfd_create’ however customers can develop their very own payloads. By default the payloads are saved in payloads/ and as a way to create a sound payload you merely want to incorporate a dictonary named ‘desc’ with the parameters ‘title’, ‘description’, ‘archs’, and ‘python_vers’. An instance desc dictonary is beneath:

desc = {“title” : “check payload”, “description” : “new reminiscence injection or fileless elf payload”, “archs” : “all”, “python_vers” : “>2.5”}

Along with the ‘desc’ dictonary the entry level the plugin engine i constructed makes use of requires a essential perform which can mechanically get handed two parameters, one is a boolean that if its true it means its getting handed a url the second parameter it will get handed is the information.

An instance of a easy entry level is beneath:

def essential(is_url, url_or_payload):

In case you have a way be happy to commit a payload!

Set up

Obtain the dependencies by operating:

pip3 -U -r dep.txt

fireELF is developed in Python 3.x.x


utilization: essential.py [-h] [-s] [-p PAYLOAD_NAME] [-w PAYLOAD_FILENAME]
               (-u PAYLOAD_URL | -e EXECUTABLE_PATH)

fireELF, Linux Fileless Malware Generator

non-obligatory arguments:
  -h, –help           present this assist message and exit
  -s                   Supress Banner
  -p PAYLOAD_NAME      Identify of Payload to Use
  -w PAYLOAD_FILENAME  Identify of File to Write Payload to (Extremely Really useful if
                       You are not Utilizing the Paste Website Choice)
  -u PAYLOAD_URL       Url of Payload to be Executed
  -e EXECUTABLE_PATH   Location of Executable

Download FireELF

Source link

Related Articles

Leave a Comment