Source: donut-shellcode
Section: python
Priority: optional
Maintainer: Kali Developers <[email protected]>
Uploaders: Sophie Brun <[email protected]>
Build-Depends: debhelper-compat (= 12), dh-python, python3-setuptools, python3-all-dev
Standards-Version: 4.6.1
Homepage: https://github.com/TheWover/donut
Vcs-Browser: https://gitlab.com/kalilinux/packages/donut-shellcode
Vcs-Git: https://gitlab.com/kalilinux/packages/donut-shellcode.git
Testsuite: autopkgtest-pkg-python
Package: python3-donut
Architecture: any
Depends: ${python3:Depends}, ${misc:Depends}, ${shlibs:Depends}
Suggests: python-donut-doc
Description: Generates position-independent shellcode from memory and runs them
Donut is a position-independent code that enables in-memory execution of
VBScript, JScript, EXE, DLL files and dotNET assemblies. A module created by
Donut can either be staged from a HTTP server or embedded directly in the
loader itself. The module is optionally encrypted using the Chaskey block
cipher and a 128-bit randomly generated key. After the file is loaded and
executed in memory, the original reference is erased to deter memory scanners.
The generator and loader support the following features:
- Compression of input files with aPLib and LZNT1, Xpress, Xpress Huffman
via RtlCompressBuffer.
- Using entropy for API hashes and generation of strings.
- 128-bit symmetric encryption of files.
- Patching Antimalware Scan Interface (AMSI) and Windows Lockdown Policy
(WLDP).
- Patching command line for EXE files.
- Patching exit-related API to avoid termination of host process.
- Multiple output formats: C, Ruby, Python, PowerShell, Base64, C#,
Hexadecimal.
.
This package installs the Python 3 module.
Package: python-donut-doc
Architecture: all
Section: doc
Depends: ${sphinxdoc:Depends}, ${misc:Depends}
Description: Donut documentation
Donut is a position-independent code that enables in-memory execution of
VBScript, JScript, EXE, DLL files and dotNET assemblies. A module created by
Donut can either be staged from a HTTP server or embedded directly in the
loader itself. The module is optionally encrypted using the Chaskey block
cipher and a 128-bit randomly generated key. After the file is loaded and
executed in memory, the original reference is erased to deter memory scanners.
The generator and loader support the following features:
- Compression of input files with aPLib and LZNT1, Xpress, Xpress Huffman
via RtlCompressBuffer.
- Using entropy for API hashes and generation of strings.
- 128-bit symmetric encryption of files.
- Patching Antimalware Scan Interface (AMSI) and Windows Lockdown Policy
(WLDP).
- Patching command line for EXE files.
- Patching exit-related API to avoid termination of host process.
- Multiple output formats: C, Ruby, Python, PowerShell, Base64, C#,
Hexadecimal.
.
This is the common documentation package.