Bee Anti Forensics Project

[0x0ptim0us]

hi guys

"Bee" is my new project, this project actually working on anti forensics
bee is an open source and have python core ...
bee actually help us to inject any standard header and footer in our files for :

1 - hide our file from forensics (file carving) tools
2 - you can bypass uploaders with fake headers and footers

ok , for simple i want to inject "gif" header in my php backdoor file, and analysis it in hex mode :

first for help screen u can use from -h switch :

Code Select Expand

python bee.py -h

and wll see :

Code Select Expand

Usage:
 bee.py [options]

Bee Anti Forensics , Header And Footer Injector
Writen By : Fardin Allahverdinazhand (0x0ptim0us)
Email : 0x0ptim0us@Gmail.com

List Of Supported Extensions :
 Images:
gif , bmp , jpg , png , tif , art
 Multimedia:
avi , mov , mpg , ra , wav
 Documents & Others:
doc , pst , ost , dbx , idx , mbx , mail , zip , java



Options:
 -h, --help            show this help message and exit
 -t TYPE, --type=TYPE  Type of extension
 -i INPUT, --input=INPUT
                       Name of input file
 -o OUTPUT, --output=OUTPUT
                       Name of output file


now for inject gif header in my php backdoor file :

Code Select Expand

python bee.py -t gif -i php-backdoor.php -o my-shell.gif

-t => for select extension
-i => for input file
-o => for output file

Code Select Expand

# python bee.py -t gif -i php-backdoor.php -o backdoor.gif
[*]Input File : php-backdoor.php
[*]Type Of Extension : gif
[*]Output File : backdoor.gif

[*]Please Wait .....  [OK]
[*]Done. [backdoor.gif] File Has Been Created.


now u can use backdoor.gif file with gif extension header, if u open backdoor.gif in hex mode (for example hexedit) u will see our fake header in first line ...
this is beta version of bee project and i will try to add new feature as soon

project in github :

Code Select Expand

https://github.com/bee-project/core

sorry for my bad english  :-*
happy hacking ...