Evilgrade is a modular framework that allows the user to leverage poor update implementations by injecting fake updates. It comes with predefined binaries (agents), a functional default configuration for quick penetration testing and has its own WebServer and DNSServer modules. It is easy to configure new settings and has an automatic configuration when new binary agents are configured.
When should I use evilgrade?
This framework comes into play when the attacker can perform hostname redirects (manipulation of the victim's DNS traffic), and this can be done in two scenarios:
Interior landscape:
- Internal DNS access
- ARP spoofing
- DNS cache poisoning
- DHCP spoofing
- TCP hijacking
- Wi-Fi access point spoofing
External landscape:
- Internal DNS access
- DNS cache poisoning
How does it work?
Evilgrade works with modules, in each module there is an implemented structure that is necessary to emulate a fake update for a specific application/system.
https://github.com/infobyte/evilgrade