Custom, cross-platform Remote Access Terminal (RAT) coded in Python 2.7 built just for fun. The intent is to learn Python, understand the "inner-workings" of RAT's and improve detection of malicious behavior - not to create anything new. Features are added for purely educational learning, NOT for malicious activity! You are responsible for your own actions.
Place these self-signed keys in crispy/crypto
- openssl req -new -x509 -keyout key.pem -out cert.pem -days 365 -nodes -newkey rsa:2048
Run crispyd.py(local) and implant.py(remote) at the root of the project. Use "tail -f crispy.log" to follow the log file on the server.
- ie. "python crispyd.py --config crispy.conf --loglvl=DEBUG (optional)"
Package manager install: python-dev python-pip pip install: rpyc psutil
pyinstaller --onefile --hidden-import uuid --hidden-import psutil --hidden-import logging --hidden-import shlex implant.py
Shoutouts to people who have helped along the way either directly or indirectly.
- Thanks to @jchristman for all the bug fixes and commits!
- Thanks to @bts0 for the AES code.
- Thanks to @WesleyThurner for the help with various modules!
- Thanks to @n1nj4sec for rpyc, cmd.Cmd and a few other examples in his similar and far superior Python RAT. After numerous attempts of mine to avoid using RPC, I came across this code when trying to find good examples on the R PyC library. I ended up modeling a large portion of my code after his. "good artists copy; great artists steal (Pablo Picasso)" https://github.com/n1nj4sec/pupy
- Thanks to RPyC creator @tomerfiliba for the coool library but the documentation on examples needs some serious help. I had nothing to go off of really so it forced me to copy someones code https://github.com/tomerfiliba/rpyc
| Done | Name | Lin | Mac | Win | description |
|---|---|---|---|---|---|
| apps | X | X | list all installed applications | ||
| X | checkav | X | X | X | determine probability of which (if any) AV is installed |
| X | checkvm | X | X | X | determine id client is running on a virtual machine |
| X | download | X | X | X | transfer a file from remote client to server |
| X | drives | X | X | X | enumerate drives on client |
| X | execute | X | X | X | execute binary on client |
| X | kill | X | X | X | kill process on remote client |
| netstat | X | X | perform netstat on remote client | ||
| persistence | create persistence on remote client | ||||
| printers | X | X | enumerate printers | ||
| X | ps | X | X | X | process list of remote client |
| screenshot | take a screenshot of the remote client | ||||
| X | search | X | X | X | search remote client for files |
| X | upload | X | X | X | transfer a file to the remote client |
| X | users | X | X | list all users |
- set up proper packaging
- set up client/server communication
- add logging to server for debuggin purposes
- add upload/download functionality
- modularize code
- central session control
- set up client/server authentication and stream encrytpion
- create implant binaries using pyinstaller
- add shell functionality
- add tab completion
- obfuscate implant binaries
- improve checkav module signatures
- improve checkvm module checks