🐀 Description: RAT-8000 is a Remote Access Trojan. Features include: keys logging, capture screenshot(s), send email(s), and remote control. See To-do List for upgrades (WIP)
- Persistence
- Send screenshots via email
- Reverse Shell
- Communication Module:
- DNS Smuggling
-
key_capture.py
-
storage.py
-
context.py
-
config.py
-
screenshot.py
-
smtp.py
-
agent.py
Start
open file
└─> Initialize hook / listener
└─> On key event:
├─> Capture keystroke + timestamp
├─> get active window
└─> Append to log
└─> local and remote grab screen
└─> send email (f10)
└─> clear log file
└─> * DNS smuggling (WIP)
└─> HTTP/HTTPS port 8000: Plain-text JSON ATM (bypasses Windows Defender)
└─> remote screen grab
└─> send to email
└─> On flush interval (5MB):
└─> Write log file
Stop
└─> Unhook listener
└─> Close log file
| Component | Library |
|---|---|
| Key capture | pynput or keyboard |
| Active window | pygetwindow (Windows) |
| File I/O | Built-in open() |
| Timestamps | datetime module |
| Threading | threading module |
| Screenshot | pyscreenshot module |
| Smtp | smtplib module |
| HTTP | http.server module |
[2026-04-02 10:15:32] [Chrome] H
[2026-04-02 10:15:32] [Chrome] e
[2026-04-02 10:15:33] [Chrome] l
[2026-04-02 10:15:33] [Chrome] l
[2026-04-02 10:15:33] [Chrome] o
[2026-04-02 10:15:34] [Chrome] key.ENTER