Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge github.com:/n1nj4sec/pupy into unstable

This commit is contained in:
Oleksii Shevchuk 2019-03-06 14:48:07 +02:00
parent f8e41bac21 1c68f7c9a1
commit 22aa27816e
2 changed files with 96 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
README.md
View File

@ -1,104 +1,129 @@
[![Build Status](https://api.travis-ci.org/n1nj4sec/pupy.svg?branch=unstable)](https://travis-ci.org/n1nj4sec/pupy)
# Pupy
## Quick install and configure
You have multiple ways for installing pupy including docker. cf. the wiki
If you want a simple installation in a virtualenv with pre-built binaries, please use :
```
apt-get install git libssl1.0-dev libffi-dev python-dev python-pip tcpdump python-virtualenv
git clone --recursive https://github.com/n1nj4sec/pupy
cd pupy
python create-workspace.py -DG pupyw
export PATH=$PATH:~/.local/bin
```
Once installed, it will add 3 commands to your ~/.local/bin : pupysh, pupygen and pupysh-update
## Description
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
Pupy modules can transparently access remote python objects using rpyc to perform various interactive tasks.
Pupy can generate payloads in multiple formats like PE executables, reflective
DLLs, pure python files, powershell, apk, ... When you package a payload, you
can choose a launcher (connect, bind, ...), a transport (ssl, http, rsa, obfs3,
scramblesuit, ...) and a number of "scriptlets". Scriptlets are python scripts
meant to be embedded to perform various tasks offline (without requiring a
session), like starting a background script, adding persistence, starting a
keylogger, detecting a sandbox, ...
[![Build Status](https://api.travis-ci.org/n1nj4sec/pupy.svg?branch=unstable)](https://travis-ci.org/n1nj4sec/pupy)
## Installation
Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to use Docker Compose.
[Refer to the wiki](https://github.com/n1nj4sec/pupy/wiki/Installation)
## Description
Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions from memory.
## Features
- Multi-platform (tested on windows xp, 7, 8, 10, kali linux, ubuntu, osx, android)
- On windows, the Pupy payload can be compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
- pupy can also be packed into a single .py file and run without any dependencies other that the python standard library on all OS
- pycrypto gets replaced by pure python aes && rsa implementations when unavailable
- Pupy can reflectively migrate into other processes
- Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so). The imported python modules do not touch the disk.
- Pupy is easily extensible, modules are quite simple to write, sorted by os and category.
- A lot of awesome modules are already implemented!
- Pupy uses [rpyc](https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
- We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
- Communication transports are modular, stackable and awesome. You could exfiltrate data using HTTP over HTTP over AES over XOR. Or any combination of the available transports !
- Pupy can communicate using obfsproxy [pluggable transports](https://www.torproject.org/docs/pluggable-transports.html.en)
- All the non interactive modules can be dispatched to multiple hosts in one command
- Commands and scripts running on remote hosts are interruptible
- Auto-completion for commands and arguments
- Custom config can be defined: command aliases, modules automatically run at connection, ...
- Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
- Interactive shells (cmd.exe, /bin/bash, ...) can be opened remotely. Remote shells on Unix & windows clients have a real tty with all keyboard signals working fine just like a ssh shell
- Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
- Pupy can generate payloads in various formats : apk,lin_x86,lin_x64,so_x86,so_x64,exe_x86,exe_x64,dll_x86,dll_x64,py,pyinst,py_oneliner,ps1,ps1_oneliner,rubber_ducky
- Pupy can be deployed in memory, from a single command line using pupygen.py's python or powershell one-liners.
- "scriptlets" can be embeded in generated payloads to perform some tasks "offline" without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm ...)
- tons of other features, check out the implemented modules
- Windows payload can load the entire Python interpreter from memory using a reflective DLL.
- Pupy does not touch the disk.
- Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
- PyCrypto gets replaced by pure Python AES & RSA implementations when unavailable.
- Reflectively migrate into other processes.
- Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
- Imported python modules do not touch the disk.
- Easily extensible, modules are simple to write and are sorted by os and category.
- Modules can directly access python objects on the remote client using [rpyc](https://github.com/tomerfiliba/rpyc).
- Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
- Communication transports are modular and stackable. Exfiltrate data using HTTP over HTTP over AES over XOR, or any combination of the available transports.
- Communicate using obfsproxy [pluggable transports.](https://www.torproject.org/docs/pluggable-transports.html.en)
- Execute noninteractive commands on multiple hosts at once.
- Commands and scripts running on remote hosts are interruptible.
- Auto-completion for commands and arguments.
- Custom config can be defined: command aliases, modules. automatically run at connection, etc.
- Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
- Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
- Remote shells on Unix & Windows clients have a real tty with all keyboard signals working just like an SSH shell.
- Execute PE executable remotely and from memory.
- Generate payloads in various formats:
| Format | Architecture | Short Name |
|---|---|---|
Android Package | x86 & ARMv7 | apk
Linux Binary | x86 | lin_x86
Linux Binary | x64 | lin_x64
Linux Shared Object | x86 | so_x86
Linux Shared Object | x64 | so_x64
Windows PE Executable | x86 | exe_x86
Windows PE Executable | x64 | exe_x64
Windows DLL | x86 | dll_x86
Windows DLL | x64 | dll_x64
Python Script | x86 & x64 | py
PyInstaller | x86 & x64 | pyinst
Python Oneliner | x86 & x64 | py_oneliner
Powershell | x86 & x64 | ps1
Powershell Oneliner | x86 & x64 | ps1_oneliner
Ducky Script | N/A | rubber_ducky
- Deploy in memory from a single command line using python or powershell one-liners.
- Embed "scriptlets" in generated payloads to perform some tasks "offline" without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm, etc.)
- Multiple Target Platforms:
| Platform | Support Status |
|---|---|
Windows XP | Supported
Windows 7 | Supported
Windows 8 | Supported
Windows 10 | Supported
Linux | Supported
Mac OSX | Limited Support
Android | Limited Support
## Documentation
There is no documentation. Sorry. But you can help us to write one.
All documentation can be found on the wiki.
[Refer to the wiki](https://github.com/n1nj4sec/pupy/wiki)
### Some screenshots (not up to date)
[Screenshot section on the wiki](https://github.com/n1nj4sec/pupy/wiki)
## FAQ
> Does the server work on windows?
No. (Or maybe, but you shouldn't)
Pupy has not been tested on Windows. Theoretically, it should work on any platform that supports Docker and Docker Compose. However, you will need to adapt the Docker Compose installation instructions for the Windows platform.
> I can't install it, how does it work?
> I can't install Pupy. The installation fails.
First try to have a look at the Installation section in the wiki.
There are not so many things which can go wrong. Check:
1. Please refer to the wiki. It is possible that your answer is there.
2. Search the Github issues and see if your issue was already solved.
3. If you issue was not solved, open a new issue following the [issue guidelines](https://github.com/n1nj4sec/pupy/wiki/Issue-Guidelines).
1. Git checkout was successful. From time to time submodules may be rebased and checkout may fail in between.
2. You do have python 2.7, toolchains docker etc.
3. You have enough space to checkout and build all the things. At least 5-6 GB for docker images and 500 MB for pupy.
4. From time to time some python deps may become broken. In such case try to use version from repo.
If you do not follow these steps, you issue will be closed.
> Android and/or Mac OSX payloads and modules don't work.
Pupy has _limited_ support for Android and OSX. These platforms may not be well maintained and may break intermittently. Some modules (i.e. keylogger) may be missing for these platforms.
## Development
If some of you want to participate to pupy development, don't hesitate ! All help is greatly appreciated and I will review every pull request.
If some of you want to participate to pupy development, don't hesitate! All help is greatly appreciated and all pull requests will be reviewed.
Also there is small [note](https://github.com/n1nj4sec/pupy/wiki/Development) about development. Please run flake8 before doing any commits.
File with config is [here](pupy/tox.ini).
Also there is small [note](https://github.com/n1nj4sec/pupy/wiki/Development) about development. Please run flake8 before doing any commits. File with config is [here](pupy/tox.ini).
## Contact
by mail: contact@n1nj4.eu
on Twitter: [Follow me on twitter](https://twitter.com/n1nj4sec)
| Platform | Contact Info |
|---|---|
Email | contact@n1nj4.eu
Twitter | https://twitter.com/n1nj4sec
This project is a [personal development](https://en.wikipedia.org/wiki/Personal_development), please respect its philosophy and don't use it for evil purposes!
## Special thanks
Special thanks to all contributors that helps me improve pupy and make it an even better tool ! :)
Special thanks to all contributors that help improve pupy and make it a better tool! :)

2
pupy/network/transports/udp_secure/conf.py
View File

@ -7,7 +7,7 @@ from network.lib import PupyUDPServer, PupyUDPClient, PupyUDPSocketStream
from network.lib import RSA_AESClient, RSA_AESServer, DummyPupyTransport
class TransportConf(Transport):
info = "Simple UDP transport transmitting in cleartext"
info = "Simple UDP transport transmitting with RSA"
name="udp_secure"
server=PupyUDPServer
client=PupyUDPClient