SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures


SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads.
  • Obfuscation
  • Encoding
  • Run-time Code Compiling
  • Character Substitution
  • Patched Meterpreter Stage Support
  • Blocked powershell.exe Bypass
    ___ ___  ___   ___  _  _____ _      _   ___ ___ 
    / __| _ \/ _ \ / _ \| |/ / __| |    /_\ | _ \ __|
    \__ \  _/ (_) | (_) | ' <| _|| |__ / _ \|   / _| 
    |___/_|  \___/ \___/|_|\_\_| |____/_/ \_\_|_\___|

            Version    : 2.0
            Author     : Halil Dalabasmaz
            WWW        : artofpwn.com, spookflare.com
            Twitter    : @hlldz
            Github     : @hlldz
            Licence    : Apache License 2.0
            Note       : Stay in shadows!

 [*] You can use "help" command for access help section.

SpookFlare > list

 ID | Payload                | Description                                                
----+------------------------+------------------------------------------------------------
 1  | meterpreter/binary     | .EXE Meterpreter Reverse HTTP and HTTPS loader             
 2  | meterpreter/powershell | PowerShell based Meterpreter Reverse HTTP and HTTPS loader 
 3  | javascript/hta         | .HTA loader with .HTML extension for specific command      
 4  | vba/macro              | Office Macro loader for specific command                   

Installation
# git clone https://github.com/hlldz/SpookFlare.git
# cd SpookFlare
# pip install -r requirements.txt

Technical Details
https://artofpwn.com/spookflare.html

Usage Videos and Tutorials
  • SpookFlare HTA Loader for Koadic:

  • SpookFlare PowerShell/VBA Loaders for Meterpreter

  • v1.0 Usage Video:


Acknowledgements and References:


SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures Reviewed by Zion3R on 10:12 AM Rating: 5