Extremely minimal update to make this work on Linux.
Nimalathatep is a Nim shellcode payload generation project that aims to get a stealthy binary into your hands quickly. All methods use well-known API-call sequences.
AV/EDR avoidance is performed through AES encryption followed by Base64, with the payload itself only being decrypted at runtime. The IV is currently static, but I aim to change this in the future. Compiling to a control panel item is your stealthiest approach for now.
Ensure you have NIM downloaded from here: https://nim-lang.org/install.html
Install the winim, ptr_math, and nim crypto prior to compiling with the following commands:
nimble install winim
nimble install nimcrypto
nimble install ptr_math
nimble install sysrandom
To compile:
nim -d:release c .\nimalathatep.nim
Run the executable and give it the desired API method, shellcode file, and output file type:
.\nimalathatep.exe <apiMethod> <binFile> <outfiletype>
-Added support for all API calls to be used as an XLL
-Added random key for encryption
-Formatting fixes
-Added new API method (EnumCalendarInfo)
-Generation option to directly place the file into a PDF as an attachment
-Custom unhook stuff
-Add option to pack payload into iso or 7zip
Some code bits from:
https://github.com/byt3bl33d3r/OffensiveNim
https://www.ired.team/
https://github.com/bigb0sss/Bankai <--Initial inspiration
Only use this for purposes involving systems that you have been given permission to access and alter. I am not responsible if you do illegal stuff.