hermes is a RAT suite composed of an agent, a C2 server and a client to interact with it. The C2 and the agent communicate encrypted messages via HTTP. The messages are encrypted using a custom protocol.
- Perfect Forward Secrecy: ephemeral shared secrets are renewed after each message sent. This ensures messages can't be decrypted in case of key leak.
- Antivirus evasion: the RAT is undetected by Windows defender, its load is XOR encoded and compressed to avoid detection via static analysis.
Before using hermes, make sure to configure the following settings:
- Signing key: Obtain your signing key using the
clientwith theGenerate identity key pairand place theSigning keyin ac2.idfile at the root of the project (don't paste the double quotes).
To run hermes, follow these steps:
- Clone the repository:
git clone https://github.com/Xobtah/hermes
- Navigate to the project directory:
cd hermes/
- Run the c2 server:
cargo r --release -p c2
- Build the agent dropper:
just build release # or copy the command from the justfile
- Run the client:
cargo r --release -p client
- Telegram as a proxy: Send encrypted messages to a Telegram bot.
- Tor as a proxy: Send the HTTP requests through a SOCKS5 proxy.
- Write tests
- Agent update: Making a guard application that checks the health of the newly updated agent before deleting the previous one, rollback if new agent doesn't work.
Contributions to hermes are welcome! To contribute:
- Fork the repository.
- Create a new branch (
git checkout -b feature/your-feature). - Make your changes.
- Commit your changes (
git commit -am 'Add new feature'). - Push to the branch (
git push origin feature/your-feature). - Create a new Pull Request.
hermes is licensed under the MIT License. See LICENSE for more information.