This tool combines SCC runtime, rofi, Msfvenom, Ngrok and a dynamic template processor, offering an easy to use interface for compiling custom, highly evasive ELF payloads for testing Linux ecosystems. Automatic integration with Metasploit Framework Console offers infinite prototypying possibilities.
Simply install all required dependencies using
apt-get or any other package manager. Running
./install.sh should usually suffice. Issuing
./revenant.sh afterwards will start a TUI session.
- Free code composition from templates - every C fragment is self-contained; can be placed anywhere within the source.
- Responsive, fast TUI.
- Non-standard payloads for daemonization/IPC, pingbacks, system mapping, data exfiltration, persistence, process priority manipulation, mutexes, networking etc.
- Powerful macro processor - forget about complex hex conversions or constantly looking up your machine's address - all context-specific variables are filled automatically.
- Extended bad characters removal from generated binary blob.
- Integration with reverse TCP tunnels.
- Ideal for both
stage1+delivery strategy thanks to a raw Assembly dropper.
- Generic command stagers if no SO/BO-based vuln is present, yet Remote Command Execution was identified as a possible entrypoint.
- Highly automated encoding and encryption, including random combination of encoders thanks to
- Anti-disassembly techniques - random breakpoint/syscall insertion every X instructions.
- Optional power source detector to restrict payload's operativeness to servers and workstations.
- A general purpose CIDR lock for the similar purpose as power source detector.
- Not a Metasploit fan? The initialization of the framework can be disabled after the ELF compilation, leaving you just with a freshly baked binary file.
- A wide range of sandbox/virtualization detection methods, with customizable action triggers when VM check returns
true. Some of them are quite new
- NOP sled (canonical/non-canonical) and junk data padding can be enabled to increase polymorphism and reliability in less stable exploits.
- Crafted source in C is opened in default editor before compilation to enable easy changes and fixes.
Compiler with Metasploit importer
Available C fragments
Payload creation interface
Example TUI session
Please make sure to fill the pool of authtokens inside
tokens.txt before issuing a tunneled connection.
If interested in the Full or Enterprise version of the framework, please contact us