mirror of https://github.com/n1nj4sec/pupy.git
readme update
This commit is contained in:
parent
be57a0f491
commit
b27aa954f0
38
README.md
38
README.md
|
@ -1,9 +1,8 @@
|
||||||
# Pupy
|
# Pupy
|
||||||
Pupy is an opensource, multi-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
|
Pupy is an opensource, multi-platform (Windows, Linux, OSX, Android), multi function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory.
|
||||||
Pupy modules can transparently access remote python objects using rpyc to perform various interactive tasks.
|
Pupy modules can transparently access remote python objects using rpyc to perform various interactive tasks.
|
||||||
Pupy can generate payloads in multiple formats like PE executables, reflective DLLs, pure python files, apk, ...
|
Pupy can generate payloads in multiple formats like PE executables, reflective DLLs, pure python files, powershell, apk, ...
|
||||||
When you package a payload, you can choose to embbed python scriptlets to perform various tasks offline (without requiring a session), like adding persistence, starting a keylogger, detecting a sandbox, ...
|
When you package a payload, you can choose a launcher (connect, bind, ...), a transport (ssl, http, rsa, obfs3, scramblesuit, ...) and a number of "scriptlets". Scriptlets are python scripts meant to be embedded to perform various tasks offline (without requiring a session), like adding persistence, starting a keylogger, detecting a sandbox, ...
|
||||||
|
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
|
- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
|
||||||
|
@ -13,9 +12,10 @@ When you package a payload, you can choose to embbed python scriptlets to perfor
|
||||||
- A lot of awesome modules are already implemented!
|
- A lot of awesome modules are already implemented!
|
||||||
- Pupy uses [rpyc](https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
|
- Pupy uses [rpyc](https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
|
||||||
- We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
|
- We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
|
||||||
- Communication transports are modular and pupy can communicate using obfsproxy [pluggable transports](https://www.torproject.org/docs/pluggable-transports.html.en)
|
- Communication transports are modular, stackable and awesome. You could exfiltrate data using HTTP over HTTP over AES over XOR. Or any combination of the available transports !
|
||||||
|
- Pupy can communicate using obfsproxy [pluggable transports](https://www.torproject.org/docs/pluggable-transports.html.en)
|
||||||
- All the non interactive modules can be dispatched to multiple hosts in one command
|
- All the non interactive modules can be dispatched to multiple hosts in one command
|
||||||
- Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx, android)
|
- Multi-platform (tested on windows xp, 7, 8, 10, kali linux, ubuntu, osx, android)
|
||||||
- Commands and scripts running on remote hosts are interruptible
|
- Commands and scripts running on remote hosts are interruptible
|
||||||
- Auto-completion for commands and arguments
|
- Auto-completion for commands and arguments
|
||||||
- Nice colored output :-)
|
- Nice colored output :-)
|
||||||
|
@ -23,20 +23,34 @@ When you package a payload, you can choose to embbed python scriptlets to perfor
|
||||||
- Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
|
- Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
|
||||||
- Interactive shells (cmd.exe, /bin/bash, ...) can be opened remotely. Remote shells on Unix clients have a real tty with all keyboard signals working fine just like a ssh shell
|
- Interactive shells (cmd.exe, /bin/bash, ...) can be opened remotely. Remote shells on Unix clients have a real tty with all keyboard signals working fine just like a ssh shell
|
||||||
- Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
|
- Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
|
||||||
- Pupy can generate payloads in multiple formats : exe (x86, x64), dll(x86, x64), python, python one-liner, apk, ...
|
- Pupy can generate payloads in multiple formats : exe (x86, x64), dll(x86, x64), python, apk, ...
|
||||||
|
- Pupy can be deployed in memory, from a single command line using pupygen.py's python or powershell one-liners.
|
||||||
- "scriptlets" can be embeded in generated payloads to perform some tasks without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm ...)
|
- "scriptlets" can be embeded in generated payloads to perform some tasks without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm ...)
|
||||||
- tons of other features, check out the implemented modules
|
- tons of other features, check out the implemented modules
|
||||||
|
|
||||||
## Implemented Transports
|
## Implemented Transports
|
||||||
- tcp_cleartext
|
All transports in pupy are stackable. This mean that by creating a custom transport conf (pupy/network/transport/<transport_name>/conf.py), you can make you pupy session looks like anything. For example you could stack HTTP over HTTP over base64 over HTTP over AES over obfs3 :o)
|
||||||
- A good example to look at, it's a protocol that does nothing
|
|
||||||
- tcp_base64
|
- rsa
|
||||||
- Another simple example
|
- A layer with authentication & encryption using RSA and AES256, often stacked with other layers
|
||||||
- tcp_ssl (the default one)
|
- aes
|
||||||
|
- layer using a static AES256 key
|
||||||
|
- ssl (the default one)
|
||||||
|
- TCP transport wrapped with SSL
|
||||||
|
- ssl_rsa
|
||||||
|
- same as ssl but stacked with a rsa layer
|
||||||
|
- http
|
||||||
|
- layer making the traffic look like HTTP traffic. HTTP is stacked with a rsa layer
|
||||||
- obfs3
|
- obfs3
|
||||||
- [A protocol to keep a third party from telling what protocol is in use based on message contents](https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt)
|
- [A protocol to keep a third party from telling what protocol is in use based on message contents](https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt)
|
||||||
|
- obfs3 is stacked with a rsa layer for a better security
|
||||||
- scramblesuit
|
- scramblesuit
|
||||||
- [A Polymorphic Network Protocol to Circumvent Censorship](http://www.cs.kau.se/philwint/scramblesuit/)
|
- [A Polymorphic Network Protocol to Circumvent Censorship](http://www.cs.kau.se/philwint/scramblesuit/)
|
||||||
|
- scramblesuit is stacked with a rsa layer for a better security
|
||||||
|
- udp
|
||||||
|
- rsa layer but over UDP (could be buggy, it doesn't handle packet loss yet)
|
||||||
|
- other
|
||||||
|
- Other layers doesn't really have any interest and are given for code examples : (dummy, base64, XOR, ...)
|
||||||
|
|
||||||
## Implemented Launchers (not up to date, cf. ./pupygen.py -h)
|
## Implemented Launchers (not up to date, cf. ./pupygen.py -h)
|
||||||
Launchers allow pupy to run custom actions before starting the reverse connection
|
Launchers allow pupy to run custom actions before starting the reverse connection
|
||||||
|
|
Loading…
Reference in New Issue