Evilgrade is a modular framework that exploits poor software update mechanisms by injecting fake updates to compromise target systems.
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
This tool is primarily used by penetration testers and red teamers to exploit vulnerabilities in software update processes by redirecting victim DNS traffic and delivering malicious fake updates. It is effective in scenarios where attackers can manipulate DNS or network traffic internally or externally to hijack update requests.
Evilgrade requires the attacker to have the capability to manipulate victim DNS traffic or perform network-level attacks such as ARP spoofing or DNS cache poisoning. Proper legal authorization is essential before use, as it exploits vulnerabilities in software update mechanisms and can lead to severe security breaches.
evilgrade>help
Displays help information and lists available commands.
evilgrade>show modules
Lists all available modules that can be used to inject fake updates.
evilgrade>conf <module-name>
Configures a specified module for exploitation.
evilgrade>start
Starts the internal webserver to serve fake update payloads.
evilgrade>stop
Stops the internal webserver.
evilgrade>status
Displays the current status of the webserver.
evilgrade>reload
Reloads all modules to update configurations.
evilgrade>set
Sets configuration variables for modules or the framework.
evilgrade>show options
Displays options of the current module.
evilgrade>show active
Shows currently active modules.
evilgrade>version
Displays the framework version.
evilgrade>exit
Exits the Evilgrade framework.