Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Installation instructions are on the wiki, in addition to all other documentation. For maximum compatibility, it is recommended to use Docker Compose.
Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions from memory.
Windows payload can load the entire Python interpreter from memory using a reflective DLL.
Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
Reflectively migrate into other processes.
Remotely import pure python packages (.py, .pyc) and compiled python C extensions (.pyd, .so) from memory.
Easily extensible, modules are simple to write and are sorted by os and category.
Modules can directly access python objects on the remote client using rpyc.
Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
Communication transports are modular and stackable. Exfiltrate data using HTTP over HTTP over AES over XOR, or any combination of the available transports.
Communicate using obfsproxy pluggable transports.
Execute noninteractive commands on multiple hosts at once.
Commands and scripts running on remote hosts are interruptible.
Auto-completion for commands and arguments.
Custom config can be defined: command aliases, modules. automatically run at connection, etc.
Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely.
Execute PE executable remotely and from memory.
Generate payloads in various formats:
| Format | Architecture | Short Name | |---|---|---| Android Package | x86 & ARMv7 | apk Linux Binary | x86 | linx86 Linux Binary | x64 | linx64 Linux Shared Object | x86 | sox86 Linux Shared Object | x64 | sox64 Windows PE Executable | x86 | exex86 Windows PE Executable | x64 | exex64 Windows DLL | x86 | dllx86 Windows DLL | x64 | dllx64 Python Script | x86 & x64 | py PyInstaller | x86 & x64 | pyinst Python Oneliner | x86 & x64 | pyoneliner Powershell | x86 & x64 | ps1 Powershell Oneliner | x86 & x64 | ps1oneliner Ducky Script | N/A | rubber_ducky
Deploy in memory from a single command line using python or powershell one-liners.
Embed "scriptlets" in generated payloads to perform some tasks "offline" without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm, etc.)
Multiple Target Platforms:
| Platform | Support Status | |---|---| Windows XP | Supported Windows 7 | Supported Windows 8 | Supported Windows 10 | Supported Linux | Supported Mac OSX | Limited Support Android | Limited Support
All documentation can be found on the wiki.
Does the server work on windows?
Pupy has not been tested on Windows. Theoretically, it should work on any platform that supports Docker and Docker Compose. However, you will need to adapt the Docker Compose installation instructions for the Windows platform.
I can't install Pupy. The installation fails.
If you do not follow these steps, you issue will be closed.
Android and/or Mac OSX payloads and modules don't work.
Pupy has limited support for Android and OSX. These platforms may not be well maintained and may break intermittently. Some modules (i.e. keylogger) may be missing for these platforms.
If some of you want to participate to pupy development, don't hesitate! All help is greatly appreciated and all pull requests will be reviewed.
| Platform | Contact Info | |---|---| Email | [email protected] Twitter | https://twitter.com/n1nj4sec
This project is a personal development, please respect its philosophy and don't use it for evil purposes!
Special thanks to all contributors that help improve pupy and make it a better tool! :)