Athena is a fully-featured cross-platform agent designed using the crossplatform version of .NET (not to be confused with .Net Framework). Athena is designed for Mythic 3.0 and newer.
- Crossplatform
- Windows
- Linux
- OSX
- Potentially More!
- SOCKS5 Support
- Reverse Port Forwarding
- P2P Agent support
- SMB
- More coming soon
- Reflective loading of Assemblies
- Modular loading of commands
- Easy plugin development
- Easy development of new communication methods
- BOF Support
1.) Install Mythic from here
2.) From the Mythic install directory run the following command:
./mythic-cli install github https://github.com/MythicAgents/Athena
Athena can act as an egress channel over the default http Profile in use by Mythic.
Note: All taskings and Responses are done via POST requests. So the GET URI parameter is unnecessary at this time.
Athena can act as an egress channel over the websocket profile. This is the recommended profile to use when making use of the SOCKS5 functionality.
Athena can communicate over discord channels.
Note: Due to Discords API rate limiting, the number of agents that can be executed at once using a specific workspace/token combination is limited. A lower sleeptime supports more agents.
Athena supports SMB communications for internal comms over named pipes.
There are multiple ways Athena can be built which have a large effect on the final size of the payload
- Standard
- The smallest option. This contains just the base agent code, and requires you to package all of the DLLs with the agent. Not great for phishing, but the option is there if you want it.
- File Size: 114KB
- Self Contained
- The largest option. This contains the base agent code, and the entire .NET framework. This file will be very large, but will allow for the most flexibility when operating. Compression shrinks this size down dramatically
- File Size: 63MB
- Compressed Size: 33.8MB
- Self-Contained Trimmed
- Medium option. This contains the base agent code, and only the required libraries. This file is smaller than the regular self contained option, however you may encounter some difficulties with custom
execute-assemblyassemblies. You will need to load their dependencies manually usingload-assemblyeven if they're usually built into the framework - File Size: 18.5MB
- Compressed Size: 12.8MB
- Medium option. This contains the base agent code, and only the required libraries. This file is smaller than the regular self contained option, however you may encounter some difficulties with custom
@its_a_feature_ - Creator of the Mythic framework
@0okamiseishin - For creating the Athena logo
@djhohnstein - For crypto code, and advice regarding development
@tr41nwr3ck - For plugin development & testing
- Athena cannot be converted to shellcode
- Due to the nature of self-contained .NET executables, Athena is currently unable to be converted to shellcode with tool such as donut
- Large Binary Sizes
- Athena binaries default to being "self-contained", this essentially means the entire .NET runtime is included in the binary leading to larger sizes. If you need smaller binaries, experiment with the
trimmed, andcompressedoptions.
- Athena binaries default to being "self-contained", this essentially means the entire .NET runtime is included in the binary leading to larger sizes. If you need smaller binaries, experiment with the
- Athena doesn't work with <insert common .NET executable here>
- Athena is built using the latest version of .NET which is fundamentally different from the .NET Framework, which a majority of offensive security tools use. Any .NET Framework binaries will need to be converted to .NET 7 before they can be used with
execute-assemblyalternatively, you can useinject-assemblyto usedonutto convert it to shellcode and inject into a sacrificial process.
- Athena is built using the latest version of .NET which is fundamentally different from the .NET Framework, which a majority of offensive security tools use. Any .NET Framework binaries will need to be converted to .NET 7 before they can be used with