Pupy is an open-source remote administration tool (RAT), that is cross platform and has an embedded Python interpreter, allowing its modules to load Python packages from memory and transparently access remote Python objects. Pupy can communicate using different transports and have a bunch of cool features & modules. On Windows, Pupy uses reflective dll injection and leaves no traces on disk.
This is absolutely killer for the Python crowd and gives the possibility of a pure Python worm, with in-memory ONLY execution of Python modules on the target. That means no detection by malware scanners as it doesn’t touch the disk like the meterpreter reverse_shell.
Pupy has a fairly complete feature set and covers the following:
- On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
- Pupy can reflectively migrate into other processes
- Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd).
- Modules are quite simple to write and pupy is easily extensible.
- A lot of awesome modules are already implemented !
- Pupy uses rpyc and a module can directly access python objects on the remote client
- Communication transports are modular and pupy can communicate using obfsproxy pluggable transports
- All the non interactive modules can be dispatched on multiple hosts in one command
- Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx)
- Modules can be executed as background jobs and their output be retrieved later
- Commands and scripts running on remote hosts are interruptible
- Auto-completion for commands and arguments
- Nice colored output :-)
- Commands aliases can be defined in the config
The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented). And rpyc can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works.
- command execution
- interactive shell (cmd.exe, /bin/sh, /bin/bash, …)
- interactive python shell
- webcam snapshot
- in memory execution of PE exe both x86 and x64 (works very well with mimikatz)
- socks5 proxy
- local port forwarding
- shellcode exec (thanks to @byt3bl33d3r)
You can download Pupy here:
Or read more here.