A polymorphic/metamorphic shellcode obfuscator designed for shellcodes/implants that need to run in W^X memory.
Metamorpheus is a polymorphic/metamorphic shellcode obfuscator that is designed to evade signature-based antivirus solutions and payload-based IPS Systems. Shellcode generated with this script is also capable of bypassing some basic dynamic detection mechanisms.
Metamorpheus is designed to work in W^X memory regions (you can either write or execute, but not both), so you can place obfuscated code into the .text section of a PE file. It also works on shellcode for exploits.
This script can also be used to set the C2 ip and port.
python3 main.py -(arguments) --file (file_name_here) IP=(server_ip) PORT=(server_port)
Feature | Description |
---|---|
Anti Debug | Checks the trap flag. If it is 1, the program crashes. |
Garbage Bytes | Adds random bytes to shift the disassembler's perceived instruction locations. |
Logic Replacement | Changes constants in the program for mov instructions. |
Long Sleep | Adds a long loop before the shellcode executes. |
Useless Instructions | Adds useless instructions that have no impact on how the shellcode is run. |
These features often involve adding instructions to existing shellcode. Therefore, all subroutine-related instructions are updated correctly with regards to what was added. This will take in to account whether a call is inside or outside of the shellcode and what is between the jump and its target.
(bad)
in https://defuse.ca/online-x86-assembler.htm.Open a terminal in the polymorpheus directory and type: pip install -r requirements.txt