Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones

2021-10-20T11:30:00

Description

[![](https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=w640-h284)](<https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=s935>) A tool which creates a spoof code signing [certificates](<https://www.kitploit.com/search/label/Certificates> "certificates" ) and [sign](<https://www.kitploit.com/search/label/Sign> "sign" ) binaries and [DLL](<https://www.kitploit.com/search/label/DLL> "DLL" ) files to help evade [EDR](<https://www.kitploit.com/search/label/EDR> "EDR" ) products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as `acme.com`. **Contributing** LimeLighter was developed in golang. Make sure that the following are installed on your OS openssl osslsigncode The first step as always is to clone the repo. Before you compile LimeLighter you'll need to install the dependencies. To install them, run following commands: go get github.com/fatih/color Then build it go build Limelighter.go **Usage** ./LimeLighter -h .____ .__ .____ .__ .__ __ | | |__| _____ ____ | | |__| ____ | |___/ |_ ___________ | | | |/ \_/ __ \| | | |/ ___\| | \ __\/ __ \_ __ \ | |___| | Y Y \ ___/| |___| / /_/ > Y \ | \ ___/| | \/ |_______ \__|__|_| /\___ >_______ \__\___ /|___| /__| \___ >__| \/ \/ \/ \/ /_____/ \/ \/ @Tyl0us [*] A Tool for Code Signing... Real and fake Usage of ./LimeLighter: -Domain string Domain you want to create a fake code sign for -I string Unsiged file name to be signed -O string Signed file name -Password string Password for real certificate -Real string Path to a valid .pfx certificate file -Verify string Verifies a file's code sign certificate -debug Print debug statements To sign a file you can use the command option `Domain` to generate a fake code signing certificate. [![](https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=w640-h284)](<https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=s935>) to sign a file with a valid code signing certificate use the `Real` and `Password` to sign a file with a valid code signing certificate. To verify a signed file use the `verify` command. [![](https://blogger.googleusercontent.com/img/a/AVvXsEh0HJyn7Z_AX48HYyMfR-0tudMiW2Cw1EGRgYH8GSOKtEB68nBjgxPDIttgHaTtNDUHOTIpvXWfo2FZsHl9lpMzqfvefZbvltn3ayYISFDeGnblIeEOgyT0h4qRd2KWXJjiMFVw759X96cE2b4Fqt5gnLJaw6Dahs9RGfgViS_UAB1Zd6CHfwA3YGOR5A=w640-h604)](<https://blogger.googleusercontent.com/img/a/AVvXsEh0HJyn7Z_AX48HYyMfR-0tudMiW2Cw1EGRgYH8GSOKtEB68nBjgxPDIttgHaTtNDUHOTIpvXWfo2FZsHl9lpMzqfvefZbvltn3ayYISFDeGnblIeEOgyT0h4qRd2KWXJjiMFVw759X96cE2b4Fqt5gnLJaw6Dahs9RGfgViS_UAB1Zd6CHfwA3YGOR5A=s973>) [![](https://blogger.googleusercontent.com/img/a/AVvXsEhYlVHZrvL7TfxT1GLOxuRqsd-t5oHiRgtvQtdjw3XFMK1E-r3N8jtltsAByZ64NDxH_7A-Q0lqIwI8hP3uP4c6S7yTEqOYvnGhh_fUi-vwuRyTkLnL5D9nG8BqUxwEwnFfE6nYxZe-AD_bStdcmnAHa-szyaT4T8Xs--5qPSNj9Wc-Vm3Y7FIOpdpiVg=w510-h640)](<https://blogger.googleusercontent.com/img/a/AVvXsEhYlVHZrvL7TfxT1GLOxuRqsd-t5oHiRgtvQtdjw3XFMK1E-r3N8jtltsAByZ64NDxH_7A-Q0lqIwI8hP3uP4c6S7yTEqOYvnGhh_fUi-vwuRyTkLnL5D9nG8BqUxwEwnFfE6nYxZe-AD_bStdcmnAHa-szyaT4T8Xs--5qPSNj9Wc-Vm3Y7FIOpdpiVg=s504>) **[Download Limelighter](<https://github.com/Tylous/Limelighter> "Download Limelighter" )**

{"id": "KITPLOIT:7181345368383729329", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones", "description": "[![](https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=w640-h284)](<https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=s935>)\n\n \n\n\nA tool which creates a spoof code signing [certificates](<https://www.kitploit.com/search/label/Certificates> \"certificates\" ) and [sign](<https://www.kitploit.com/search/label/Sign> \"sign\" ) binaries and [DLL](<https://www.kitploit.com/search/label/DLL> \"DLL\" ) files to help evade [EDR](<https://www.kitploit.com/search/label/EDR> \"EDR\" ) products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as `acme.com`.\n\n \n\n\n**Contributing** \n\n\nLimeLighter was developed in golang.\n\nMake sure that the following are installed on your OS\n \n \n openssl \n osslsigncode \n \n\nThe first step as always is to clone the repo. Before you compile LimeLighter you'll need to install the dependencies. To install them, run following commands:\n \n \n go get github.com/fatih/color \n \n\nThen build it\n \n \n go build Limelighter.go \n \n\n \n**Usage** \n\n \n \n ./LimeLighter -h \n \n .____ .__ .____ .__ .__ __ \n | | |__| _____ ____ | | |__| ____ | |___/ |_ ___________ \n | | | |/ \\_/ __ \\| | | |/ ___\\| | \\ __\\/ __ \\_ __ \\ \n | |___| | Y Y \\ ___/| |___| / /_/ > Y \\ | \\ ___/| | \\/ \n |_______ \\__|__|_| /\\___ >_______ \\__\\___ /|___| /__| \\___ >__| \n \\/ \\/ \\/ \\/ /_____/ \\/ \\/ \n @Tyl0us \n \n \n [*] A Tool for Code Signing... Real and fake \n Usage of ./LimeLighter: \n -Domain string \n Domain you want to create a fake code sign for \n -I string \n Unsiged file name to be signed \n -O string \n Signed file name \n -Password string \n Password for real certificate \n -Real string \n Path to a valid .pfx certificate file \n -Verify string \n Verifies a file's code sign certificate \n -debug \n Print debug statements \n \n \n\nTo sign a file you can use the command option `Domain` to generate a fake code signing certificate.\n\n \n\n\n[![](https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=w640-h284)](<https://blogger.googleusercontent.com/img/a/AVvXsEjZj9xeUnx46TGfKrmMQjeqc1CsFDbPT7g9XnhXw5NdUAtj3kk3-0Yz8mWOxpzmQXcbyp4Y7jUPCQXdhb4a82Gc7DJbhHgnj8c9Dp8p5y-f-7BdJuoEq4pJuroraGwD89f9xdb8PxTPRipw7XfnpD4Gvt6nXokj06FfxU3gg-5mGZHV96COi0VQ_ORV2Q=s935>)\n\nto sign a file with a valid code signing certificate use the `Real` and `Password` to sign a file with a valid code signing certificate.\n\nTo verify a signed file use the `verify` command.\n\n \n\n\n[![](https://blogger.googleusercontent.com/img/a/AVvXsEh0HJyn7Z_AX48HYyMfR-0tudMiW2Cw1EGRgYH8GSOKtEB68nBjgxPDIttgHaTtNDUHOTIpvXWfo2FZsHl9lpMzqfvefZbvltn3ayYISFDeGnblIeEOgyT0h4qRd2KWXJjiMFVw759X96cE2b4Fqt5gnLJaw6Dahs9RGfgViS_UAB1Zd6CHfwA3YGOR5A=w640-h604)](<https://blogger.googleusercontent.com/img/a/AVvXsEh0HJyn7Z_AX48HYyMfR-0tudMiW2Cw1EGRgYH8GSOKtEB68nBjgxPDIttgHaTtNDUHOTIpvXWfo2FZsHl9lpMzqfvefZbvltn3ayYISFDeGnblIeEOgyT0h4qRd2KWXJjiMFVw759X96cE2b4Fqt5gnLJaw6Dahs9RGfgViS_UAB1Zd6CHfwA3YGOR5A=s973>)\n\n \n\n\n[![](https://blogger.googleusercontent.com/img/a/AVvXsEhYlVHZrvL7TfxT1GLOxuRqsd-t5oHiRgtvQtdjw3XFMK1E-r3N8jtltsAByZ64NDxH_7A-Q0lqIwI8hP3uP4c6S7yTEqOYvnGhh_fUi-vwuRyTkLnL5D9nG8BqUxwEwnFfE6nYxZe-AD_bStdcmnAHa-szyaT4T8Xs--5qPSNj9Wc-Vm3Y7FIOpdpiVg=w510-h640)](<https://blogger.googleusercontent.com/img/a/AVvXsEhYlVHZrvL7TfxT1GLOxuRqsd-t5oHiRgtvQtdjw3XFMK1E-r3N8jtltsAByZ64NDxH_7A-Q0lqIwI8hP3uP4c6S7yTEqOYvnGhh_fUi-vwuRyTkLnL5D9nG8BqUxwEwnFfE6nYxZe-AD_bStdcmnAHa-szyaT4T8Xs--5qPSNj9Wc-Vm3Y7FIOpdpiVg=s504>)\n\n \n\n\n \n\n\n**[Download Limelighter](<https://github.com/Tylous/Limelighter> \"Download Limelighter\" )**\n", "published": "2021-10-20T11:30:00", "modified": "2021-10-20T11:30:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/10/limelighter-tool-for-generating-fake.html", "reporter": "KitPloit", "references": ["https://github.com/Tylous/Limelighter"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:01:34", "viewCount": 76, "enchantments": {"dependencies": {}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.6}, "_state": {"dependencies": 1659914120, "score": 1659848886}, "_internal": {"score_hash": "9b4a6745a124a62933275b943fccad43"}, "toolHref": "https://github.com/Tylous/Limelighter"}