How to Download and Install Evasion Framework on Linux

If you are a penetration tester or a red teamer, you might have heard of Evasion Framework, a tool that can help you bypass common antivirus and EDR solutions. In this article, we will show you how to download and install Evasion Framework on Linux, and how to use it to generate evasive payloads.

What is Evasion Framework?

Evasion Framework is a project that consists of two main components: Veil and Ordnance.

evasion.github.io download

A tool for generating evasive payloads

Veil is a tool that can generate metasploit payloads that evade common antivirus solutions. It can use various open-source converters, such as Donut, sRDI, and Pe2Sh, to transform native binaries, DLLs, and .Net binaries into position independent code (PIC) shellcode. It can also encode, compress, or encrypt the shellcode using different methods, such as XOR, AES, or Base64. Veil can output the shellcode in different formats, such as C, Python, Ruby, PowerShell, or executable.

A collection of evasion techniques and modules

Ordnance is a tool that can embed various evasion techniques and modules into the payload. These include AMSI bypass, WLDP bypass, ETW bypass, sandbox deception, and EDR evasion. Ordnance can also generate custom shellcode with user-defined options, such as port, protocol, encoder, bad characters, etc.

How to Download Evasion Framework?

There are two ways to download Evasion Framework from GitHub: using git clone command or using wget command.

Using git clone command

The git clone command can clone the entire repository of Evasion Framework to your local machine. To use this method, you need to have git installed on your system. You can install git by running the following command:

sudo apt install git

Then, you can clone the repository by running the following command:

git clone

This will create a folder named Veil in your current directory.

Using wget command

The wget command can download a single file from a URL. To use this method, you need to have wget installed on your system. You can install wget by running the following command:

evasion github topics python antivirus tool

antivirus evasion github repositories python veil

phantom evasion github python antivirus tool download

antivirus evasion github topics veil-evasion

pezor github shellcode antivirus evasion tool

chimera github powershell obfuscation script antivirus evasion

herpaderping github process obfuscation technique antivirus evasion

spookflare github loader dropper generator antivirus evasion

hacktheworld github python script payloads antivirus evasion

foureye github shellcode av evasion tool

msfmania github python av evasion tools

godgenesis github python payload generator antivirus evasion

cloak github python backdoor script antivirus evasion

invizzzible github assessment tool virtual environments antivirus evasion

bashfuscator github bash obfuscation framework antivirus evasion

defendercheck github bytes detection tool microsoft defender evasion

ddexec github binaries fileless stealthy execution linux evasion

mortar github bypass technique security products evasion

adversarial robustness toolbox github python library machine learning security evasion

telemetrysourcerer github enumeration disable tool telemetry av edr evasion

sudo apt install wget

Then, you can download the setup script of Evasion Framework by running the following command:

wget

This will save the file named setup.sh in your current directory.

How to Install Evasion Framework?

To install Evasion Framework, you need to run the setup script that you downloaded in the previous step. The setup script will install all the dependencies and configure the framework for you.

Installing dependencies

The setup script will check if you have all the required dependencies for Evasion Framework. These include Python 2.7, Python 3.7, Wine 32-bit, Metasploit Framework, etc. If any dependency is missing, the script will ask you if you want to install it automatically. You can answer yes or no depending on your preference.

Running setup script

To run the setup script, you need to make it executable first by running the following command:

chmod +x setup.sh

Then, you can run the script by running the following command:

sudo ./setup.sh

The script will ask you some questions during the installation process. You can answer them according to your needs Launching Veil interface

After the installation is complete, you can launch the Veil interface by running the following command:

veil

This will open a menu where you can choose between Veil and Ordnance. You can use the arrow keys and enter to select an option.

If you choose Veil, you will see a list of available converters that you can use to generate evasive payloads. You can use the arrow keys and enter to select a converter, or type the number of the converter.

If you choose Ordnance, you will see a list of available evasion techniques and modules that you can use to embed into the payload. You can use the arrow keys and enter to select a technique or module, or type the number of the technique or module.

After you select a converter or a technique/module, you will be asked to provide some options for the payload, such as target architecture, output format, shellcode options, etc. You can type the value of each option or press enter to use the default value.

Once you provide all the options, Veil or Ordnance will generate the payload for you and save it in the output folder. You can also copy the payload to your clipboard by typing "copy" at the prompt.

Conclusion

In this article, we have shown you how to download and install Evasion Framework on Linux, and how to use it to generate evasive payloads that bypass common antivirus and EDR solutions. Evasion Framework is a powerful tool that can help you in your penetration testing and red teaming activities. However, you should always use it ethically and responsibly, and only with permission from the target.

FAQs

What is the difference between evasion and obfuscation?

Evasion is a technique that aims to avoid detection by antivirus or EDR solutions. Obfuscation is a technique that aims to make the code or data harder to understand by humans or machines. Evasion can use obfuscation as a means to achieve its goal, but not all obfuscated code is evasive.

What are some examples of antivirus and EDR solutions that Evasion Framework can bypass?

Some examples of antivirus and EDR solutions that Evasion Framework can bypass are Windows Defender, Symantec Endpoint Protection, McAfee Endpoint Security, Carbon Black, CrowdStrike Falcon, etc.

What are some limitations of Evasion Framework?

Some limitations of Evasion Framework are that it does not guarantee 100% evasion rate, it does not support all types of payloads or formats, it does not work on all platforms or architectures, and it may trigger some behavioral or heuristic detections.

How can I update Evasion Framework?

You can update Evasion Framework by running the following command:

veil-update

This will check for any updates from GitHub and install them if available.

Where can I find more information about Evasion Framework?

You can find more information about Evasion Framework on its official website: . There you can find documentation, tutorials, videos, issues, etc. 44f88ac181