Skip to content

Commit 2f3a637

Browse files
doxxdoxx
doxx
authored and
doxx
committed
More examples
1 parent e69c773 commit 2f3a637

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

README.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ I used 8080 with a Cloudflare proxy via HTTP for the firs test. Less overhead.
118118
- **Reverse Proxy Support**: The client now supports SOCKS5 and HTTP(s) proxies.
119119
- **Custom 302**: Server now has defined 302 redirects for non-auth users.
120120
- **stdin:stdout**: stdin:stdout client mode for client to avoid firewall restrictions and binding to local ports.
121+
- **Fileless Execution on Windows**: PowerShell script to execute the client without saving any files to disk.
121122

122123
## 🚀 Quick Start
123124

@@ -298,6 +299,40 @@ Host remote.example.com
298299
ProxyCommand powershell -Command "$script = (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/doxx/darkflare/main/examples/memory-exec.ps1'); powershell -Command $script -t cdn.example.com -d localhost:22"
299300
```
300301

302+
### Linux/Unix Memory Execution
303+
On Linux and Unix-like systems, you can use curl and bash to achieve similar fileless execution:
304+
305+
```bash
306+
# Basic usage with curl
307+
curl -s https://github.com/doxx/darkflare/releases/latest/download/darkflare-client-linux-amd64 | bash -s -- -l stdin:stdout -t cdn.example.com -d localhost:22
308+
309+
# Direct SSH ProxyCommand usage
310+
ssh -o ProxyCommand="curl -s https://github.com/doxx/darkflare/releases/latest/download/darkflare-client-linux-amd64 | bash -s -- -l stdin:stdout -t cdn.example.com -d localhost:22" user@remote
311+
312+
# With a SOCKS5 proxy
313+
curl -s https://github.com/doxx/darkflare/releases/latest/download/darkflare-client-linux-amd64 | bash -s -- -l stdin:stdout -t cdn.example.com -d localhost:22 -p socks5://proxy:1080
314+
```
315+
316+
For macOS, replace `linux-amd64` with `darwin-amd64` (Intel) or `darwin-arm64` (Apple Silicon).
317+
318+
### SSH Configuration for Unix Systems
319+
Add to your `~/.ssh/config`:
320+
```
321+
Host remote.example.com
322+
ProxyCommand curl -s https://github.com/doxx/darkflare/releases/latest/download/darkflare-client-linux-amd64 | bash -s -- -l stdin:stdout -t cdn.example.com -d localhost:22
323+
```
324+
325+
### Security Note for Unix Systems
326+
While this method works, it's important to note:
327+
- The binary is executed with your current user permissions
328+
- Consider using checksum verification for enhanced security:
329+
```bash
330+
# Verify checksum before execution
331+
curl -s https://github.com/doxx/darkflare/releases/latest/download/checksums.txt | grep linux-amd64 | sha256sum -c - && \
332+
curl -s https://github.com/doxx/darkflare/releases/latest/download/darkflare-client-linux-amd64 | bash -s -- [options]
333+
```
334+
335+
301336
## 📖 Command Line Reference
302337

303338
### Client Usage

0 commit comments

Comments
 (0)