Implementing bypass through patching legitimate files, without adding other evasion techniques. May become ineffective relatively quickly. You can create new versions based on the shellcode template.
If you find my project useful, please leave a stars. It will motivate me to update more frequently.
GitHub Downloads (all assets, all releases)
2026年2月2日 0.6 re-released, VT scan all green
2026年1月15日 0.5 No resources have been added. Feel free to modify it yourself if needed
2026年1月8日 0.4 remove unnecessary environment dependencies to optimize the user experience
2025年12月30日 0.3 Changed the legitimate program, modified patch method, replaced call chain, achieved full green on VT
2025年12月26日 0.2 Modified resources, bypass 360qvm
2025年12月24日 0.1
Use the donut tool with command donut.exe -i mimikatz.exe -o 123.bin to convert post-exploitation tools to shellcode,
Then use the sgn tool with command sgn.exe -i 123.bin -o work.bin for encryption, naming it work.bin.
Then place work.bin in the same directory as the binary program from the release, and run the binary program.
The original exe cannot be encrypted or packed, such as the release version of fscan, which cannot be converted to shellcode for use.
This tool is limited to legal penetration testing only. Do not use it for illegal activities. Any damages caused by this tool shall be borne by the user.
360: Screenshot 2025年12月17日 093934
Huorong: Screenshot 2025年12月17日 093951
Defender: Screenshot 2025年12月17日 094237
Kaspersky: Screenshot 2025年12月17日 093919
VT Scan: image
References:
https://xz.aliyun.com/news/14518
https://www.52pojie.cn/thread-1900852-1-1.html
https://github.com/yinsel/BypassAV