Evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set. Evilgrade works with modules, in each module there's an implemented structure which is needed to emulate a fake update for an specific application/system.

Features

It works similar to an IOS console
VirtualHost field contains the domains that our webserver is going to emulate for us
Start services (DNS Server and WebServer)
Module development is very simple
Don't forget to run evilgrade with an user that has privileges to create listening sockets, otherwise you won't be able to use evilgrade's Services
Everytime you modify a module with evilgrade running don't forget to 'reload' them

Project Samples

Project Activity

See All Activity >

License

MIT License

Follow Evilgrade

Evilgrade Web Site

Other Useful Business Software

$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.

Start Free Trial

Rate This Project

User Reviews

Be the first to post a review of Evilgrade!

Additional Project Details

Programming Language

Perl

Related Categories

Perl MiTM (Man-in-The-Middle) Attack Tool

Registered

2023-08-14

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Carbide

Carbide is a tech-enabled service that strengthens your company’s information security and privacy management capabilities. Our platform and expert services are tailored for companies aiming for a sophisticated security posture, particularly valuable for organizations that must meet rigorous...

See Software
Phishing Club

Phishing Club is an open source phishing simulation and red team phishing framework for authorized security testing. Self host it on your own server via a one line installer or Docker. Plan, launch, and measure realistic campaigns from a single Go binary with an embedded web UI, HTTP/HTTPS...

See Software
Saint Security Suite

This single, fully integrated solution conducts active, passive and agent-based assessments while its extensive flexibility evaluates risk according to each business. SAINT’s impressive, flexible and scalable scanning capabilities set it apart from many others in this space. SAINT has partnered...

See Software
ZeroThreat.ai

ZeroThreat.ai is an AI-powered web application and API pentesting platform designed to identify real, exploitable vulnerabilities—not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10×...

See Software