Implementing bypass through patching legitimate files, without adding other evasion techniques. May become ineffective relatively quickly. You can create new versions based on the shellcode template.
If you find my project useful, please leave a stars. It will motivate me to update more frequently.
2026.2.2 0.6 re-released, VT scan all green
2026.1.15 0.5 No resources have been added. Feel free to modify it yourself if needed
2026.1.8 0.4 remove unnecessary environment dependencies to optimize the user experience
2025.12.30 0.3 Changed the legitimate program, modified patch method, replaced call chain, achieved full green on VT
2025.12.26 0.2 Modified resources, bypass 360qvm
2025.12.24 0.1
Use the donut tool with command donut.exe -i mimikatz.exe -o 123.bin to convert post-exploitation tools to shellcode,
Then use the sgn tool with command sgn.exe -i 123.bin -o work.bin for encryption, naming it work.bin.
Then place work.bin in the same directory as the binary program from the release, and run the binary program.
The original exe cannot be encrypted or packed, such as the release version of fscan, which cannot be converted to shellcode for use.
This tool is limited to legal penetration testing only. Do not use it for illegal activities. Any damages caused by this tool shall be borne by the user.
360:
Huorong:
Defender:
Kaspersky:
VT Scan:
References:
https://xz.aliyun.com/news/14518
https://www.52pojie.cn/thread-1900852-1-1.html
https://github.com/yinsel/BypassAV