Skip to content

Latest commit

 

History

History
2329 lines (1755 loc) · 242 KB

Readme_en.md

File metadata and controls

2329 lines (1755 loc) · 242 KB

RAT

  • 2500+ open source RAT/C&C tools, 1200+ blogs and video about RAT/C&C analysis.
  • 中文版本

Directory

Popular Tools


pupy

Tools

  • [5265Star][1m] [Py] n1nj4sec/pupy Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Post


Covenant

Tools

  • [1147Star][6d] [C#] cobbr/covenant Covenant is a collaborative .NET C2 framework for red teamers.
  • [95Star][9d] [C#] cobbr/elite Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
  • [31Star][4m] [C#] cobbr/c2bridge C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.

Post


Slackor

Tools

Post


QuasarRAT

Tools

Post


EvilOSX

Tools

  • [1376Star][2y] [Py] marten4n6/evilosx An evil RAT (Remote Administration Tool) for macOS / OS X.

Post


Merlin

Tools

  • [2568Star][6m] [Go] ne0nd0g/merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Post

Commercial Tools


Team Viewer

Tools

  • [405Star][2y] [C++] vah13/extracttvpasswords tool to extract passwords from TeamViewer memory using Frida
  • [277Star][2y] [C++] gellin/teamviewer_permissions_hook_v1 A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
  • [175Star][9d] uknowsec/sharpdecryptpwd 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp)。
  • [59Star][2y] [Py] attackercan/teamviewer-dumper Dump TeamViewer ID and password from memory. Works much better than other tools.
  • [42Star][6d] [C#] v1v1/decryptteamviewer Enumerate and decrypt TeamViewer credentials from Windows registry
  • [36Star][5y] [C++] kkar/teamviewer-dumper-in-cpp Dumps TeamViewer ID,Password and account settings from a running TeamViewer instance by enumerating child windows.
  • [25Star][5m] [C++] dydtjr1128/remoteassistance-cpp [WIP]RemoteAssistance like TeamViewer(C++)

Post

RAT Malware


Gh0st

Tools

Post


NanoCore

Tools

Post


NjRat

Tools

Post


Revenge RAT

Tools

Post


PlugX

Tools

Post


RemcosRAT


L0rdixRAT


LodaRAT


GulfRAT


NetWireRAT


JhoneRAT


Dacls


BlackRemote


Orcus


NukeSped


DarkComet


WarZone RAT


BlackShades


DenesRAT


WSH RAT


Qrypter RAT


Adwind


CannibalRAT


jRAT


jsRAT


CrossRat


ArmaRat


RokRAT


CatKARAT


TheFatRat


OmniRAT


LuminosityLink


Other

Pubic Service For C&C


Telegram

Tools

  • [648Star][1y] [Py] mehulj94/braindamage Remote administration tool which uses Telegram as a C&C server
  • [330Star][8m] [Py] mvrozanti/rat-via-telegram Windows Remote Administration Tool via Telegram
  • [160Star][4y] [Py] blazeinfosec/bt2 Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C

Post


Twitter

Tools

  • [658Star][4y] [Py] paulsec/twittor A fully featured backdoor that uses Twitter as a C&C server
  • [186Star][3y] [Go] petercunha/goat a trojan created in Go, using Twitter as a the C&C server

Post


GMail

Tools

  • [1117Star][1y] [Py] byt3bl33d3r/gcat A PoC backdoor that uses Gmail as a C&C server
  • [353Star][3y] [Py] maldevel/gdog A fully featured Windows backdoor that uses Gmail as a C&C server
  • [22Star][1y] [Py] pure-l0g1c/keylogger A simple keylogger that uses Gmail as a C&C

Post


Github

Tools

  • [179Star][3y] [Py] maldevel/canisrufus A stealthy Python based Windows backdoor that uses Github as a command and control server

Post


DropBox

Tools

  • [134Star][1y] [Py] 0x09al/dropboxc2c DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.

Post


Blockchain

Tools

  • [46Star][1y] [Go] xpn/blockchainc2 A POC C2 server and agent to explore just if/how the Ethereum blockchain can be used for C2
  • [35Star][3m] [Py] geek-repo/c2-blockchain This is a concept poc of command and control server implemented over blockchain

Post


Other

Tools

  • [513Star][1y] [Go] mthbernardes/gtrs uses Google Translator as a proxy to send arbitrary commands to an infected machine
  • [102Star][4m] [Py] nccgroup/gitpwnd GitPwnd is a network penetration tool that lets you use a git repo for command and control of compromised machines
  • [97Star][2y] [Py] arno0x/webdavc2 A WebDAV PROPFIND C2 tool
  • [93Star][2y] [PS] bkup/slackshell PowerShell to Slack C2
  • [84Star][2y] [Go] 0x09al/browser-c2 Post Exploitation agent which uses a browser to do C2 operations.
  • [69Star][13d] [Py] itskindred/redviper redViper is a proof of concept Command & Control framework that utilizes Reddit for communications.
  • [66Star][2y] [Py] lukebaggett/google_socks A proof of concept demonstrating the use of Google Drive for command and control.
  • [29Star][2y] [Py] ajinabraham/xenotix-xbot Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C
  • [26Star][3y] [Py] dsnezhkov/octohook Git Web Hook Tunnel for C2
  • [23Star][10d] [PS] netspi/sqlc2 SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.
  • [22Star][2y] [Py] woj-ciech/social-media-c2 Script is a proof of concept how to control your machine by using social media sites.
  • [16Star][10d] [Py] securemode/trelloc2 Simple C2 over the Trello API
  • [14Star][1y] [Py] j3ssie/c2s Command and Control server on Slack
  • [8Star][2y] [Py] maldevel/dicerosbicornis A fully featured Windows backdoor that uses email as a C&C server
  • [7Star][3y] [Py] killswitch-gui/flask_appengine_redirector Google App Engine Flask C2 redirector

Post

Communication Protocol


DNS

Domain Generation Algorithm(DGA)

Tools

Post

Tools

  • [1855Star][8m] [C++] iagox86/dnscat2 create an encrypted command-and-control (C&C) channel over the DNS protocol, which is an effective tunnel out of almost every network.
  • [832Star][6d] [Go] bishopfox/sliver a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS
  • [386Star][4y] [Py] ahhh/reverse_dns_shell A python reverse shell that uses DNS as the c2 channel
  • [277Star][1y] [Py] trycatchhcf/packetwhisper Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
  • [276Star][4m] [Go] sensepost/godoh A DNS-over-HTTPS Command & Control Proof of Concept
  • [225Star][2y] [PS] lukebaggett/dnscat2-powershell A Powershell client for dnscat2, an encrypted DNS command and control tool.
  • [176Star][2y] [C++] 0x09al/dns-persist DNS-Persist is a post-exploitation agent which uses DNS for command and control.
  • [41Star][2m] [Erlang] homas/ioc2rpz ioc2rpz is a place where threat intelligence meets DNS.
  • [38Star][2m] [JS] inquest/threatkb Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Post


ICMP

Post


WebSocket

Tools

  • [245Star][2y] [Py] arno0x/wsc2 A WebSocket C2 Tool
  • [131Star][9d] [C++] xorrior/raven CobaltStrike External C2 for Websockets

Post

C&C


Cobalt Strike

Tools

Post


Tools

Recent Add


Post

Recent Add

RAT


Tools

Recent Add

Windows

  • [610Star][1y] [PS] fortynorthsecurity/wmimplant This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
  • [518Star][8m] [Visual Basic .NET] nyan-x-cat/lime-rat LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
  • [493Star][6m] [Py] viralmaniar/powershell-rat Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
  • [360Star][8d] [C#] nyan-x-cat/asyncrat-c-sharp Open-Source Remote Administration Tool For Windows C# (RAT)
  • [340Star][3y] [Pascal] malwares/remote-access-trojan Windows Remote-Access-Trojan
  • [229Star][4y] [Py] hood3drob1n/jsrat-py This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.
  • [149Star][4m] [Py] safebreach-labs/sireprat Remote Command Execution as SYSTEM on Windows IoT Core
  • [119Star][11d] [C#] dannythesloth/vanillarat VanillaRat is an advanced remote administration tool completely coded in C# for Windows.
  • [117Star][8d] [Py] thelinuxchoice/pyrat Windows Remote Administration Tool (RAT)
  • [106Star][9m] [C#] r-smith/splice-admin A remote Windows administration tool. You know you want it.
  • [104Star][2y] [Py] syss-research/outis a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
  • [70Star][3m] [PS] dsccommunity/certificatedsc DSC resources to simplify administration of certificates on a Windows Server.
  • [67Star][4y] [C#] stphivos/rat-shell Windows Remote Access Trojan (RAT)
  • [39Star][2m] [Py] swordf1sh/moderat Experimental Windows Remote Administration and Spy Tool in Python + GUI
  • [20Star][1y] [Visual Basic] nyan-x-cat/asyncrat Remote Administration Tool For Windows
  • [17Star][6m] [Py] operatorequals/smbrat A Windows Remote Administration Tool in Visual Basic with UNC paths
  • [16Star][6m] [PS] yschgroup/skyrat SkyRAT - Powershell Remote Administration Tool

Linux

  • [131Star][8m] [C] abhishekkr/n00brat Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service
  • [68Star][10m] [JS] webxscan/linux_rat Linux Reverse Shell RAT
  • [51Star][15d] [C] thibault-69/rat-hodin-v2.9 Remote Administration Tool for Linux
  • [20Star][2m] [C] lillypad/swamp-rat A Linux RAT in C
  • [7Star][5m] [C] ctsecurity/stealth-kid-rat Stealth Kid RAT (SKR) is an open source Linux remote administration tool written in C. Licensed under MIT. The SKR project is fully developed and tested on Debian GNU-Linux (Deb 9.3 "Stretch") platform. The RAT will soon be available on Windows platform by mid 2018.

Apple

  • [430Star][9d] [ObjC] sap/macos-enterprise-privileges For Mac users in an Enterprise environment this app ensures secure environment and yet gives the User control over administration of their machine by elevating their level of access to Administrator privilege on macOS X. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
  • [75Star][4y] [Pascal] xlinshan/coldroot Mac OS Trojan (RAT) made with love <3
  • [74Star][1y] [Py] kdaoudieh/bella Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS.
  • [21Star][2m] [Py] cys3c/evilosx A pure python, post-exploitation, remote administration tool (RAT) for macOS / OS X.

Android


Post

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.