Share
## https://sploitus.com/exploit?id=D65DDDCE-D996-5316-BD5F-5B4558BC8B55
```
    ____   ____.__                     ___________                           
    \   \ /   /|__|_____   ___________ \_   _____/__________  ____   ____  
     \   Y   / |  \____ \_/ __ \_  __ \ |    __)/  _ \_  __ \/ ___\_/ __ \ 
      \     /  |  |  |_> >  ___/|  | \/ |     \(   )  | \/ /_/  >  ___/ 
       \___/   |__|   __/ \___  >__|    \___  / \____/|__|  \___  / \___  >
                  |__|        \/            \/             /_____/      \/ v1.0.0-beta
                                Red Team Exploit Factory
```



![Go](https://img.shields.io/badge/Go-1.21+-00ADD8?style=for-the-badge&logo=go&logoColor=white)
![Shell](https://img.shields.io/badge/Launcher-Bash-4EAA25?style=for-the-badge&logo=gnubash&logoColor=white)
![License](https://img.shields.io/badge/License-GPLv3-blue?style=for-the-badge)
![Status](https://img.shields.io/badge/Status-Beta-orange?style=for-the-badge)
![Version](https://img.shields.io/badge/Version-1.0.0--beta-red?style=for-the-badge)

**Wizard-driven, modular Red Team exploit factory built in Go.**  
*Inspired by Metasploit's interactive console โ€” built for pwn scripts and payload generation.*



---

## โš ๏ธ Disclaimer

> **ViperForge is intended exclusively for authorized penetration testing, CTF competitions, and security research in controlled lab environments.**  
> Using this tool against systems you do not own or lack explicit written permission to test is **illegal**. The authors assume no liability for misuse.

---

## Overview

ViperForge is an interactive, wizard-driven CLI framework that automates the generation of production-ready exploit scripts. It features a Metasploit-style interactive console, a categorized exploit registry with 18 modules, a polymorphic XOR encoder for shellcode obfuscation, automated C payload compilation, and a Python template engine (pwntools/requests compatible).

### Why ViperForge?

- **Speed**: Eliminate repetitive boilerplate. Go from vulnerability โ†’ weaponized script in seconds.
- **Evasion-first**: Every binary payload is XOR-encoded with a polymorphic JMP-CALL-POP decoder stub โ€” no two outputs are identical.
- **Extensible**: Add new exploit categories and templates with minimal effort.
- **CTF-ready**: Scripts are generated with pwntools/requests patterns that work out-of-the-box on competition platforms.

---

## Features

| Feature | Description |
|---|---|
| ๐Ÿ—‚๏ธ **Categorized Exploit Registry** | 18 modules across 6 attack categories |
| ๐Ÿง™ **Interactive Wizard** | Metasploit-style parameter configuration per exploit |
| ๐Ÿ” **Polymorphic XOR Encoder** | Runtime-randomized key + JMP-CALL-POP decoder stub |
| โš™๏ธ **C Payload Compiler** | Auto-compiles `.c` payloads โ†’ shellcode via `gcc` + `objcopy` |
| ๐Ÿ“„ **Template Engine** | Go-templated Python exploit script generation |
| ๐Ÿ“œ **Command History** | Persistent readline history across sessions |
| ๐Ÿงน **Clear / Back navigation** | MSF-style shell UX with `clear`, `back`, `exit` |

---

## Exploit Categories & Modules

### ๐Ÿ’ฅ Binary Exploitation
| # | Module | Description |
|---|---|---|
| 1 | `bof_remote` | Remote Buffer Overflow via TCP |
| 2 | `bof_local` | Local Buffer Overflow (CLI Arguments / Stdin) |
| 3 | `rop_chain` | Return-Oriented Programming (ROP) Chain Generator |
| 4 | `format_string` | Format String Arbitrary Memory Write |
| 5 | `heap_uaf` | Heap Exploitation โ€” Use-After-Free |

### ๐ŸŒ Web Exploitation
| # | Module | Description |
|---|---|---|
| 6 | `web_lfi` | Local File Inclusion โ†’ RCE (Log Poisoning) |
| 7 | `web_sqli` | Blind SQLi โ†’ RCE via `INTO OUTFILE` |
| 8 | `web_ssti` | Server-Side Template Injection (Jinja2/Flask) |
| 9 | `web_cmd_exec` | OS Command Injection via HTTP Parameters |
| 10 | `web_xxe` | XML External Entity (XXE) Data Exfiltration |
| 11 | `web_deserialization` | Insecure Deserialization (Python Pickle) |
| 12 | `web_ssrf` | SSRF Internal Port Scanner |

### ๐Ÿ”ผ Privilege Escalation
| # | Module | Description |
|---|---|---|
| 13 | `privesc_suid` | SUID PATH Hijacking |
| 14 | `privesc_sudo_token` | Sudo Token Hijacking |

### ๐ŸŒ Network Attacks
| # | Module | Description |
|---|---|---|
| 15 | `network_ftp_anon` | FTP Anonymous Login & Payload Upload |
| 16 | `network_smb_relay` | SMB Relay Attack (Wrapper) |

### ๐Ÿ”’ Cryptography
| # | Module | Description |
|---|---|---|
| 17 | `crypto_padding_oracle` | Padding Oracle Attack Automation |

### ๐Ÿข Active Directory
| # | Module | Description |
|---|---|---|
| 18 | `ad_kerberoasting` | Kerberoasting Attack Automation |

---

## Installation

### Prerequisites

- **Go** 1.21+
- **GCC** (for C payload compilation โ€” `gcc`, `objcopy`)
  ```bash
  sudo apt install gcc binutils
  ```
- **Python 3** + `pwntools` / `requests` (for running generated exploit scripts)

### Setup

```bash
# Clone the repository
git clone https://github.com/MrEx-Right/ViperForge.git
cd viperforge

# Download Go dependencies
go mod tidy

# Make the launcher executable
chmod +x viperforge.sh

# Run
./viperforge.sh
```

> The launcher script automatically compiles the Go binary on first run (and re-compiles whenever source changes), so you never need to run `go build` manually.

---

## Usage

```bash
./viperforge.sh
```

### Navigation

```
ViperForge > [1-6]          Select an exploit category
ViperForge (Category) > [N] Select a specific exploit module
ViperForge > clear          Clear screen
ViperForge > exit           Terminate session
```

### CLI Preview

![ViperForge CLI](docs/images/cli.png)

### Workflow Example โ€” Remote Buffer Overflow

```
[1] Binary Exploitation
     โ†“
[1] bof_remote
     โ†“
 > RHOST (Target IP Address) [127.0.0.1]: 10.10.14.5
 > RPORT (Target Port) [4444]: 9001
 > OFFSET (Offset to EIP/RIP) [100]: 112
 > EIP (Return Address) [0x080484b6]: 0xdeadbeef
 > PAYLOAD (C Payload Name) []: execve
     โ†“
[ EXPLOIT PREVIEW & EXECUTION PLAN ]
     โ†“
[1] Generate Exploit Script  โ†’  output/bof_remote_exploit.py
```

### C Payloads

Pre-built C payload sources in `templates/payloads/`:

| File | Description |
|---|---|
| `execve.c` | Linux `execve("/bin/sh")` shellcode |
| `win_exec.c` | Windows shellcode via PEB parsing + API hashing |

Payloads are auto-compiled with GCC, extracted via `objcopy`, XOR-encoded with a random key, and embedded into the generated Python script.

---

## Adding New Exploits

**1. Create a template** in `templates/exploits/my_exploit.tmpl`:
```python
#!/usr/bin/env python3
# ViperForge Generated Exploit โ€” my_exploit
from pwn import *

r = remote("{{.RHOST}}", {{.RPORT}})
# ... your exploit logic
```

**2. Register the module** in `core/registry.go`:
```go
{
    ID:          19,
    Name:        "my_exploit",
    Category:    "Binary Exploitation",
    Description: "My Custom Exploit",
    Template:    "my_exploit",
    Options: []ExploitOption{
        {"RHOST", "Target IP Address", "127.0.0.1"},
        {"RPORT", "Target Port", "4444"},
    },
},
```

That's it โ€” ViperForge automatically discovers and routes the new module.

---

## Architecture

```
User Input (readline)
       โ”‚
       โ–ผ
  console/shell.go  โ”€โ”€โ–บ Category Menu โ”€โ”€โ–บ Exploit Menu โ”€โ”€โ–บ Wizard
                                                               โ”‚
                              โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                              โ–ผ
                        core/session.go    (stores user options)
                              โ”‚
                    โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
                    โ–ผ                    โ–ผ
             core/compiler.go      core/templater.go
         (C source โ†’ shellcode)   (template โ†’ .py script)
                    โ”‚
                    โ–ผ
             core/encoder.go
         (XOR encode + stub injection)
```

---

## Dependencies

| Package | Purpose |
|---|---|
| [`github.com/chzyer/readline`](https://github.com/chzyer/readline) | Interactive CLI with history & autocomplete |
| `crypto/rand` (stdlib) | Cryptographically secure random key generation |

---

## License

This project is licensed under the **GNU General Public License v3.0 (GPLv3)**.

You are free to use, study, modify, and distribute this software under the terms of the GPLv3. Any derivative works must also be distributed under the same license.

See [LICENSE](LICENSE) for the full license text, or visit [gnu.org/licenses/gpl-3.0](https://www.gnu.org/licenses/gpl-3.0.html).

---


Made for the red team. Use responsibly.