SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they “learn” the technique and behavior of SpookFlare payloads.
  • Obfuscation
  • Encoding
  • Run-time Code Compiling
  • Character Substitution
  • Patched Meterpreter Stage Support
  • Blocked powershell.exe Bypass

    ___ ___  ___   ___  _  _____ _      _   ___ ___ 
/ __| _ / _ / _ | |/ / __| | /_ | _ __|
__ _/ (_) | (_) | ' <| _|| |__ / _ | / _|
|___/_| ___/ ___/|_|__| |____/_/ __|____|

Version : 2.0
Author : Halil Dalabasmaz
WWW : artofpwn.com, spookflare.com
Twitter : @hlldz
Github : @hlldz
Licence : Apache License 2.0
Note : Stay in shadows!

[*] You can use "help" command for access help section.

SpookFlare > list

ID | Payload | Description
----+------------------------+------------------------------------------------------------
1 | meterpreter/binary | .EXE Meterpreter Reverse HTTP and HTTPS loader
2 | meterpreter/powershell | PowerShell based Meterpreter Reverse HTTP and HTTPS loader
3 | javascript/hta | .HTA loader with .HTML extension for specific command
4 | vba/macro | Office Macro loader for specific command

Installation

# git clone https://github.com/hlldz/SpookFlare.git
# cd SpookFlare
# pip install -r requirements.txt

Technical Details
https://artofpwn.com/spookflare.html

Usage Videos and Tutorials

  • SpookFlare HTA Loader for Koadic:

  • SpookFlare PowerShell/VBA Loaders for Meterpreter
  • v1.0 Usage Video:

Acknowledgements and References: