GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MythicAgents → venus

MythicAgents / venus

Licence: BSD-3-Clause license
A Visual Studio Code Extension agent for Mythic C2

Programming Languages

python
139335 projects - #7 most used programming language
javascript
184084 projects - #8 most used programming language

Labels

vscodepost-exploitationc2command-and-controlmythic

Projects that are alternatives of or similar to venus

Bifrost
Bifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-21.28%)
Mutual labels:  post-exploitation, c2, command-and-control
Merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Stars: ✭ 3,522 (+7393.62%)
Mutual labels:  post-exploitation, c2, command-and-control
transportc2
PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
Stars: ✭ 22 (-53.19%)
Mutual labels:  c2, command-and-control
ToRat client
This is the ToRat client, a part of the ToRat Project.
Stars: ✭ 29 (-38.3%)
Mutual labels:  post-exploitation, command-and-control
meteor
A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.
Stars: ✭ 31 (-34.04%)
Mutual labels:  c2, command-and-control
dark-lord-obama
AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (+29.79%)
Mutual labels:  c2, command-and-control
AlanFramework
A C2 post-exploitation framework
Stars: ✭ 405 (+761.7%)
Mutual labels:  post-exploitation, c2
disctopia-c2
Windows Remote Administration Tool that uses Discord as C2
Stars: ✭ 216 (+359.57%)
Mutual labels:  c2, command-and-control
chkdfront
Check Domain Fronting (chkdfront) - It checks if your domain fronting is working
Stars: ✭ 42 (-10.64%)
Mutual labels:  c2, command-and-control
link
link is a command and control framework written in rust
Stars: ✭ 345 (+634.04%)
Mutual labels:  c2, command-and-control
Vegile
This tool will setting up your backdoor/rootkits when backdoor already setup it will be hidden your spesisifc process,unlimited your session in metasploit and transparent. Even when it killed, it will re-run again. There always be a procces which while run another process,So we can assume that this procces is unstopable like a Ghost in The Shell
Stars: ✭ 601 (+1178.72%)
Mutual labels:  post-exploitation
c2
A simple, extensible C&C beaconing system.
Stars: ✭ 93 (+97.87%)
Mutual labels:  command-and-control
nekros
NekRos is an Open-Source Ransomeware, with advanced Features, Which Looks Like Wannacry and Has C&C Server which can be Used to Retrive KEY
Stars: ✭ 84 (+78.72%)
Mutual labels:  command-and-control
Ghost
Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.
Stars: ✭ 1,934 (+4014.89%)
Mutual labels:  post-exploitation
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+497.87%)
Mutual labels:  command-and-control
XENA
XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…
Stars: ✭ 127 (+170.21%)
Mutual labels:  post-exploitation
BURN
[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-72.34%)
Mutual labels:  post-exploitation
OrionServer
An open-source, centralized HTTPS botnet
Stars: ✭ 58 (+23.4%)
Mutual labels:  command-and-control
sudo sniff
Steal user's password when running sudo for post-exploitation purposes
Stars: ✭ 26 (-44.68%)
Mutual labels:  post-exploitation
AIX-for-Penetration-Testers
A basic AIX enumeration guide for penetration testers/red teamers
Stars: ✭ 31 (-34.04%)
Mutual labels:  post-exploitation
View All Similar Projects ➔

Venus, Greek goddess

Venus

Venus is a VS Code extension that acts as an agent for Mythic C2. It produces a zipped folder of VS Code extension source code, which currently must be packaged by the operator before delivering to target/test machines manually or via social engineering.

Mythic v2.2+ compatible since v0.2.0
Cross-platform (tested on macOS, Linux, Windows)
⚠️ Doesn't support encrypted payloads yet, always use TLS

Installation

From the top-level directory of Mythic on your C2 server, run the command:

$ sudo ./mythic-cli install github https://github.com/MythicAgents/venus

or to install a specific Git branch of Venus:

$ sudo ./mythic-cli install github https://github.com/MythicAgents/venus branchname

Usage

First, create a Venus Payload in Mythic and download it to your local machine. Make sure you have Node.js installed then get the vsce package and compile your extension like so:

$ npm install -g vsce
$ unzip venus.zip
$ cd venus
$ vsce package

The extension must then be manually installed on target in Visual Studio Code. This can be done from the editor UI or from the CLI with:

$ code --install-extension venus-0.0.1.vsix

Commands

Command Syntax Description
current_user current_user Uses the os Node.js package to get information about the current user.
exit exit Exit a callback.
hostname hostname Uses the os Node.js package to return the target's hostname.
pwd pwd Prints the current working directory for the agent.
shell shell [command] Uses the execSync() Node.js function to execute arbitrary shell commands.

Thank you

Venus icon made by Freepik

Disclaimer

This is an open source project meant to be used with authorization to assess security posture, and for research purposes. The authors of this project are not liable for any damage caused by its misuse.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].