Pupy – Open-Source Remote Administration Tool AKA RAT

Keep on Guard!


Pupy is an open-source remote administration tool (RAT), that is cross platform and has an embedded Python interpreter, allowing its modules to load Python packages from memory and transparently access remote Python objects. Pupy can communicate using different transports and have a bunch of cool features & modules. On Windows, Pupy uses reflective dll injection and leaves no traces on disk.

Pupy - Open-Source Remote Administration Tool AKA RAT

This is absolutely killer for the Python crowd and gives the possibility of a pure Python worm, with in-memory ONLY execution of Python modules on the target. That means no detection by malware scanners as it doesn’t touch the disk like the meterpreter reverse_shell.

Features

Pupy has a fairly complete feature set and covers the following:

  • On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
  • Pupy can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd).
  • Modules are quite simple to write and pupy is easily extensible.
  • A lot of awesome modules are already implemented !
  • Pupy uses rpyc and a module can directly access python objects on the remote client
  • Communication transports are modular and pupy can communicate using obfsproxy pluggable transports
  • All the non interactive modules can be dispatched on multiple hosts in one command
  • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx)
  • Modules can be executed as background jobs and their output be retrieved later
  • Commands and scripts running on remote hosts are interruptible
  • Auto-completion for commands and arguments
  • Nice colored output :-)
  • Commands aliases can be defined in the config

The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented). And rpyc can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works.


Implemented Modules

  • migrate
  • command execution
  • interactive shell (cmd.exe, /bin/sh, /bin/bash, …)
  • interactive python shell
  • download
  • upload
  • persistence
  • screenshot
  • webcam snapshot
  • in memory execution of PE exe both x86 and x64 (works very well with mimikatz)
  • socks5 proxy
  • local port forwarding
  • shellcode exec (thanks to @byt3bl33d3r)
  • keylogger
  • mouselogger:

You can download Pupy here:

pupy-master.zip

Or read more here.

Posted in: Hacking Tools

,


Latest Posts:


SQLiv - SQL Injection Dork Scanning Tool SQLiv – SQL Injection Dork Scanning Tool
SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted, multiple-domain or reverse domain scans.
OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.


Comments are closed.