# 第十一课：工具介绍Veil-Evasion

项目地址：\
<https://github.com/Veil-Framework/Veil-Evasion>

## 1、Veil-Evasion

Veil-Evasion 是与 Metasploit 生成相兼容的 Payload 的一款辅助框架，并可以绕过大多数的杀软。

Veil-Evasion 并没有集成在kali，配置 sources.list，可直接 apt-get。

```bash
root@John:~/Deskto#cat /etc/apt/sources.list

#中科大
deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
#阿里云
#deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
#deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
#清华大学
#deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
#deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
#浙大
#deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free
#deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free
#东软大学
#deb http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
#deb-src http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
#官方源
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
#重庆大学
#deb http://http.kali.org/kali kali-rolling main non-free contrib
#deb-src http://http.kali.org/kali kali-rolling main non-free contrib
```

## 2、安装

```bash
root@John:~/Desktop# apt-get install veil-evasion
```

由于在实验中本机已经安装，所以我们在虚拟机中使用 git 方式来下载和安装。（以便截图）\
ps:本次 kali 下截图使用 scrot

```bash
root@John:~/Deskto# apt-get install scrot
root@John:~/Deskto# scrot -s //即可
root@John:~/Deskto# git clone https://github.com/Veil-Framework/Veil-Evasion.git
```

![](/files/-LZJx4_kqxErEQCmxVh2)

```bash
root@John:~/Veil-Evasion# ./setup.sh
//安装漫长
```

![](/files/-LZJx4_pc6BjlykT7CzV)

![](/files/-LZJx4_u4nLiMbCF55KB)

![](/files/-LZJx4a0ju7up2sL_rQf)

## 3、测试

以 `c/meterpreter/rev_tcp` 为例：\
![](/files/-LZJx4a4ufw-eHV7GnGG)

![](/files/-LZJx4a7AdT8edsQGhLL)

ps:Veil-Evasion 不再更新，新版本项目地址：\
<https://github.com/Veil-Framework/Veil>

## 4、附录：

```bash
[*] 可支持生成payloads:  
1) auxiliary/coldwar_wrapper  
2) auxiliary/macro_converter  
3) auxiliary/pyinstaller_wrapper  
4) c/meterpreter/rev_http  
5) c/meterpreter/rev_http_service  
6) c/meterpreter/rev_tcp  
7) c/meterpreter/rev_tcp_service  
8) c/shellcode_inject/flatc  
9) cs/meterpreter/rev_http  
10) cs/meterpreter/rev_https  
11) cs/meterpreter/rev_tcp  
12) cs/shellcode_inject/base64_substitution  
13) cs/shellcode_inject/virtual  
14) go/meterpreter/rev_http  
15) go/meterpreter/rev_https  
16) go/meterpreter/rev_tcp  
17) go/shellcode_inject/virtual  
18) native/backdoor_factory  
19) native/hyperion  
20) native/pe_scrambler  
21) perl/shellcode_inject/flat  
22) powershell/meterpreter/rev_http  
23) powershell/meterpreter/rev_https  
24) powershell/meterpreter/rev_tcp  
25) powershell/shellcode_inject/download_virtual  
26) powershell/shellcode_inject/download_virtual_https  
27) powershell/shellcode_inject/psexec_virtual  
28) powershell/shellcode_inject/virtual  
29) python/meterpreter/bind_tcp  
30) python/meterpreter/rev_http  
31) python/meterpreter/rev_http_contained  
32) python/meterpreter/rev_https  
33) python/meterpreter/rev_https_contained  
34) python/meterpreter/rev_tcp  
35) python/shellcode_inject/aes_encrypt  
36) python/shellcode_inject/aes_encrypt_HTTPKEY_Request  
37) python/shellcode_inject/arc_encrypt  
38) python/shellcode_inject/base64_substitution  
39) python/shellcode_inject/des_encrypt  
40) python/shellcode_inject/download_inject  
41) python/shellcode_inject/flat  
42) python/shellcode_inject/letter_substitution  
43) python/shellcode_inject/pidinject  
44) python/shellcode_inject/stallion  
45) ruby/meterpreter/rev_http  
46) ruby/meterpreter/rev_http_contained  
47) ruby/meterpreter/rev_https  
48) ruby/meterpreter/rev_https_contained  
49) ruby/meterpreter/rev_tcp  
50) ruby/shellcode_inject/base64  
51) ruby/shellcode_inject/flat
```

\--By Micropoor


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://micro8.gitbook.io/micro8/contents-1/11-20/11-gong-ju-jie-shao-veilevasion.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.