GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Viralmaniar → Powershell Rat

Viralmaniar / Powershell Rat

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Programming Languages

python
139335 projects - #7 most used programming language
powershell
5483 projects

Labels

hackingpentestingpenetration-testinghacking-tooltrojanbackdoorrat

Projects that are alternatives of or similar to Powershell Rat

Networm
Python network worm that spreads on the local network and gives the attacker control of these machines.
Stars: ✭ 135 (-78.77%)
Mutual labels:  hacking, pentesting, trojan, backdoor, rat
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-81.76%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Paradoxiarat
ParadoxiaRat : Native Windows Remote access Tool.
Stars: ✭ 395 (-37.89%)
Mutual labels:  hacking, hacking-tool, backdoor, rat
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+453.62%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+118.87%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Ghost
👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware
Stars: ✭ 312 (-50.94%)
Mutual labels:  hacking, trojan, backdoor, rat
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-32.86%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+6.45%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-71.38%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-25.47%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-70.44%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+36.79%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+20.13%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (-39.15%)
Mutual labels:  hacking, hacking-tool, backdoor, rat
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+13.99%)
Mutual labels:  hacking, pentesting, hacking-tool, backdoor
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-94.5%)
Mutual labels:  backdoor, penetration-testing, rat, pentesting
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+1039.31%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-77.67%)
Mutual labels:  hacking, hacking-tool, backdoor, rat
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+336.32%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool
Thefatrat
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
Stars: ✭ 5,944 (+834.59%)
Mutual labels:  hacking, trojan, backdoor, rat
View All Similar Projects ➔

Powershell-RAT

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment.

This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

Note: This piece of code is Fully UnDetectable (FUD) by Anti-Virus (AV) software.

This project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes and for people to experiment with.

Any suggestions or ideas for this tool are welcome - just tweet me on @ManiarViral

RAT Architecture Diagram

image

Screenshot

On the first run of the Powershell-RAT user will get options as below:

image

Using Hail Mary option to backdoor a Windows machine:

image

Successfully taking screenshots of the user activity:

image

Data exfiltrated as an email attachment using Gmail:

image

My Windows machine do not have Python installed, what should I do?

  • Compile PowershellRAT.py into an executable using Pyinstaller

  • PyInstaller is available on PyPI. You can install it through pip:

pip install pyinstaller

Setup

  • Throwaway Gmail address
  • Enable "Allow less secure apps" by going to https://myaccount.google.com/lesssecureapps
  • Modify the $username & $password variables for your account in the Mail.ps1 Powershell file
  • Modify $msg.From & $msg.To.Add with throwaway gmail address

How do I use this?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine

  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script

  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore

  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send screenshot as attachment to exfiltrate data

  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA

  • Press 6: This option deletes the screenshots from user machine to remain stealthy

  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF

  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. Attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes

  • Press 9: Exit gracefully from the program or press Control+C

Questions?

Twitter: https://twitter.com/maniarviral LinkedIn: https://au.linkedin.com/in/viralmaniar

Contribution & License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License. Want to contribute? Please fork it and hit up with a pull request.

Any suggestions or ideas for this tool are welcome - just tweet me on @ManiarViral

To Do

  • Encrypted exfil over Gmail to defeat SSL inspection
  • Get photos from front camera
  • Record mic
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].