# LeekShell
项目地址：https://github.com/littleleeks/LeekShell
[](https://github.com/littleleeks/LeekShell#leekshell)

> 轻量化、全自研C2——红队的新选择 | 实测卡巴斯基优选版+EDR双双失明

[![Platform](https://camo.githubusercontent.com/efe3945d2838edca92ea27067da58f8260e22484da4a9a4fc0309406e07a1949/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f706c6174666f726d2d57696e646f77732532302537432532304c696e75782d626c7565)](https://img.shields.io/badge/platform-Windows%20%7C%20Linux-blue) [![Python](https://camo.githubusercontent.com/fd4ca6efc337ad5f391ab989ebaeb6a628cc3f24e3b3f39ef1a0beca9d22f441/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f507974686f6e2d332e382532422d626c7565)](https://img.shields.io/badge/Python-3.8%2B-blue) [![C++](https://camo.githubusercontent.com/8f5c48c736a4f2e5527296e15127fded59286d3e6deaa63e2f8b928c23d6614b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f432532422532422d31372d6f72616e6765)](https://img.shields.io/badge/C%2B%2B-17-orange) [![License](https://camo.githubusercontent.com/a51bc86c6913ff52d87e673cabb56948e55c59ea53458caff734f876e121bf00/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d52657365617263682532304f6e6c792d726564)](https://img.shields.io/badge/License-Research%20Only-red)

**LeekShell** 是一款完全自研的轻量级C2框架，采用 **Python + C++** 架构，舍弃部分冗余功能，以换取更高隐蔽性与可控性。

市面上的Cobalt Strike、Sliver、Havoc，特征库已被安全厂商翻了个底朝天。即使魔改profile、二次开发beacon，面对杀软以及EDR也比较乏力。于是，这款完全自研的C2框架——**LeekShell（第一版）** 应运而生。

> **源码不公开的原因**：作者个人在国内，本工具仅供学习研究及合法授权使用。不公开源码是为了避免被恶意利用，保护作者及使用者的安全。

### Kaspersky Premium：

[](https://github.com/littleleeks/LeekShell#kaspersky-premium)

[![685dcf87c5b1500adab5562360a6fee7](/media/202606/23bfba8664e54ebaab72bd121c3e80cf6020.png)](https://private-user-images.githubusercontent.com/101034956/602728929-fcc81702-67dd-4148-a5a6-53629b88ad1b.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI4OTI5LWZjYzgxNzAyLTY3ZGQtNDE0OC1hNWE2LTUzNjI5Yjg4YWQxYi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1mN2ViMDcwMjBkZjIxYTU3OGNlOGJkNGMwM2EzY2M0YjhhMGEzMzdlOWIxNDAxMWI0OTE3MTJhYTc4YjRiOWEzJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.A1bhRrfsTO4TtRX_okwrTbyD3li_Rg4Hmnu0G2M3NP4) [![68f7b7478ec5e56997106f8b54a6995c](/media/202606/b82d74562c52476f9105b4a0229a7bbb4924.png)](https://private-user-images.githubusercontent.com/101034956/602729109-b6ce0559-1a9a-4b43-82e0-9ef369eed655.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI5MTA5LWI2Y2UwNTU5LTFhOWEtNGI0My04MmUwLTllZjM2OWVlZDY1NS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04ZGFjNjg5OTVjNGE3Zjc5NWQ0YWJkZDhmZmQ1NTE3OTQwMTIxNWI2ZDRkNmMzNWE4OTQwYTcwOWVkMWI1MmU4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.L6JHS1MCnnVey4vjkuiRak8-lH8bEo1LYbwH3TkbbR4) [![faa35c805c5de2bb197c677b2e0f5879](/media/202606/6419a3c83eb945c2a07278a151f5bb2a2172.png)](https://private-user-images.githubusercontent.com/101034956/602729202-cb1da435-3cf4-46a7-a1c3-4d6d19779f11.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI5MjAyLWNiMWRhNDM1LTNjZjQtNDZhNy1hMWMzLTRkNmQxOTc3OWYxMS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1kYzYxNjAzMGU3ZmNkMzQ1NjFhMzdkMDc3NjBiNmVkYTZiYTM0MWQ4N2FkMzMyOTA4NDljODNlYzAyNThiNzAwJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.QGy6KRXzDBdTQClP2cqEi7Kw8nsx3iHt2y9WCt8-1a0)

### Kaspersky EDR：

[](https://github.com/littleleeks/LeekShell#kaspersky-edr)

[![cd6c9a2c1af8bccb52b423ff72e3f9e3](/media/202606/47a638b8d58c404a9691fdf7e55954ea1927.png)](https://private-user-images.githubusercontent.com/101034956/602729574-8fcfd9f9-23c9-459d-bcdd-d29ee0c45d29.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI5NTc0LThmY2ZkOWY5LTIzYzktNDU5ZC1iY2RkLWQyOWVlMGM0NWQyOS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0wNmI0MDgwMWNhYTcyZTc0NzRiM2Q3NzIwZTYyOTg0OWUwYzdkOTZlMjgwYzE5ZDNmNDRjODRjZmIyMmEzNzQ2JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ._hmRroOPplP5XCZJqmexFR2kVIGAZxwNu8I9pcLqcx4) [![1fc2d9fd40f87a0c053d907b3dadc03a](/media/202606/b78fae1f77ea426192d5a0e5dcca36636954.png)](https://private-user-images.githubusercontent.com/101034956/602729600-79c485c6-aec2-4027-a4a6-467a8470deda.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI5NjAwLTc5YzQ4NWM2LWFlYzItNDAyNy1hNGE2LTQ2N2E4NDcwZGVkYS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1iM2U5ZDk2ZmVjNWY3ZmQxNDhhZGQ2ZjBlZjRmZWI2NjYwODQzYjZjNDU0ZmI1ZjIxNDk0NjE0NTMwODE0ZGRkJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.yFo2IhHkf6yJg5L64hD2nZnY0QJE5EpjHP3yXKocQcU) [![413a43c3df8bea4d6b42d58f16a4ddec](/media/202606/4abe82daf4184ab7b9da3ed0bf18fe673708.png)](https://private-user-images.githubusercontent.com/101034956/602729614-223122fb-8f89-4cf8-a61c-691dfba42c82.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjAyNzI5NjE0LTIyMzEyMmZiLThmODktNGNmOC1hNjFjLTY5MWRmYmE0MmM4Mi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0xMzMxYTVjNWI5YWRiNzIxZjcwYjNhM2JkOTUzZGU1YTIzODc0YmEwMjRjZWVmNmYwNDM1NTAxOTg1NDk2NjQ5JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.zcowBPrTECsNk2H6H-MSslLkLMrmCM7HxqlS5YMHOts)

### Symantec：

[](https://github.com/littleleeks/LeekShell#symantec)

[![597c993f9a1591b2bee00383ee184d71](/media/202606/d18dcf1b31dd4742989a74fc29b42f392071.png)](https://private-user-images.githubusercontent.com/101034956/606923077-c80a9905-e167-4611-8f65-40d8b66cb44a.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjA2OTIzMDc3LWM4MGE5OTA1LWUxNjctNDYxMS04ZjY1LTQwZDhiNjZjYjQ0YS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1jOGJjZDdlMDYzZjJjNWU2YjhhODFiYzQ4Zjg4NWUzNTRjYmIyNjcwNTQ2OWE5N2UwNmE5MmQxZWIwNWI0MGJjJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.-WinE09w7zaju-3AcFWCGqPOUbpJlu1NYNsZ7dMv73Q) [![56d390381df219f2f451053967f539ad](/media/202606/80acae95b67c47658f086eec6d1eb7869118.png)](https://private-user-images.githubusercontent.com/101034956/606923160-fc659266-2408-48ca-a049-e80cb11bc21e.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODE2OTM2NDIsIm5iZiI6MTc4MTY5MzM0MiwicGF0aCI6Ii8xMDEwMzQ5NTYvNjA2OTIzMTYwLWZjNjU5MjY2LTI0MDgtNDhjYS1hMDQ5LWU4MGNiMTFiYzIxZS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNjE3JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDYxN1QxMDQ5MDJaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1mMWE5ZGMwY2UzYzRkZTVmZmY0MmY1MjVlODU5OWZjZDdhMWU5Y2E0OGU5ODQxYjljYjBjNzBhYmEyMjE5NDVhJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.-KUBzgjJ1Uk0XBqOwZTDEadNDDmth46JriAU5aEQmXs)

## 📖 使用指南

[](https://github.com/littleleeks/LeekShell#-%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97)

### ⚠️ 强烈建议

[](https://github.com/littleleeks/LeekShell#%EF%B8%8F-%E5%BC%BA%E7%83%88%E5%BB%BA%E8%AE%AE)

将生成的 **exe** 转为 **Shellcode**，并使用**自定义加载器**加载执行。

**为什么？**  
因为工具使用人数增多后，`exe` 的静态特征可能会被安全软件标记。转为 Shellcode 并配合自己的加载器，可以大幅提升免杀效果。

**不用担心**  
作者会**每周重构并发布新版本**，持续更新，对抗特征库升级。

自研新型C2(LeekShell)