Veil-Pillage is a post-exploitation framework that integrates with Veil-Evasion.
Veil-Pillage is a post-exploitation framework and a part of the Veil framework.
Start everything up with ./Veil-Pillage.py. All the modules in ./modules/* will automatically be loaded up with their path reflected in the menu (i.e. enumeration/host/credential_validation).
First, you need to specify a target or target(s), and a set of credentials:
Targets can be set with "set targets 192.168.1.1 192.168.1.2" or "set targets 192.168.1.1,192.168.1.2" or "set targets hostlist.txt" or "set targets" or cli with "-t target" or cli with "-tL target_list.txt"
Credentials can be set with "set creds (domain/)username:password" or "set creds (domain/)username:LM:NTLM" or "set creds" or cli with "-U user -P password" or clie with "-cF credential_file" (hashdump or tab-separated)
Then you can launch a given module with "use path/name" or "use [module #]". All modules can be listed with "list modules", and the paths for 'use' are tab-completable.
Once in a module menu, you can modify given paramters for the module with 'set X'. After everything is set, type run, Y to confirm, and the module will execute.
Status updates will display during execution, and any output will be stored in an output file that is named on the completion screen. Output is stored in the veil-output folder/pillage/modulename/timestamp.out. If there is a cleanup file, it will be stored in the same location with a *.pc extension.
To cleanup, type "cleanup /path to *.pc file" and Veil-Pillage will try to restore all targets to their original state.
the current program state, including set credentials, targets, and all module options, is saved off to a state file on exit or rage-quit user is prompted for restore on user start - can turn this off with arguments or settings.py value -manual restore file name can be specified with "-s pillage.state" "--norestore" skips the state restore prompt
should parse connection information for the MSF database automatically, and auto-connect to the database
can list hosts or creds from the MSF database with "db listtargets/listcreds"
can add hosts/creds from the MSF database with "db addtargets/addcreds 1,2,3" where 1,2,3 is the selection displayed from listtargets/listcreds
Module options like 'lhost' can be set globally from the main menu, i.e. "set lhost 192.168.1.100"
Complete command line options are availabe, run ./Veil-Pillage.py for a list.
Almost everything that can be tab-completable has been bilt to be. Commands, options, files paths, etc.
Variables can be reset with "reset varname"
can set options globally for every module with "set lhost 192.168.1.100" on the main menu, or cli with "-o lhost=192.168.1.100"
'clean' or "--clean" cleans out the output folders
the module to jump to can be set cli with "-m module/name OPTION=value..."
ties into Veil-Evasion for most payload_delivery/* modules
Currently, only Kali linux x86 is officially supported.
Veil-Evasion is required for payload generation.
Install the Veil superproject and run the top level Veil/update.sh script to install all necessary dependencies and build a common configuration file at /etc/veil/settings.py
If you install this separately, run the ./update.py script on each major pull update to ensure all dependencies and configurations are correct.
Please just install the Veil superproject. All the pieces of the Veil-Framework were built to work together. Installing them separately is a recipe for grief and support requests.
A quick overview of the structure of everything:
./update.py - the setup and update logic for the framework
./modules/* - usable modules organized roughly by function
./modules/template.py - example module template
./lib/* - reusable library methods
./lib/pillage.py - the main control logic for the framework, including menu interfaces
./lib/helpers.py - various misc helper methods
./lib/command_methods.py - methods to execute specific commands on hosts, use executeResult() and executeCommand()
./lib/delivery_methods.py - methods to delivery payloads to hosts (upload, host, powershell, etc.)
./lib/impacket_* - impacket libraries adapted for our use
./lib/http.py - http related methods (i.e. temp http server)
./lib/msfdatabase.py - abtracts out interaction for the local msfdatabase
./lib/smb.py - smb related methods, including upload/delete/tempserver/etc.
./data/* - various data elements needed by modules (i.e. PowerSploit scripts)
./tools/* - misc tools for use with the framework