RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
- Remote Command Execution
- Trafic masking (XORed insted of cleartext); for better results use port 443
- Built-in File/Binary transfer (both ways) over the masked trafic
- Built-in UDP Flooding tool
- Built-in UDP Spoofing tool
- Multiple/All Hosts management; order File/Binary transfer and UDP Flood from Multiple/All connected Hosts
- Modular Code Design to allow easy customization
- Client script is tested and is compatible with PyInstaller (can be made into .exe)
*The idea for XORing as well as the skeleton for the client came from primalsecurity.net so if you like this pack of scripts you'll probably love what they do
*UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privilages. Finally, most of the ISPs have implementations in place that will either drop or re-structure spoofed packets
*See EXPANDING for how you can easily add new functionality and customize RSPET to your needs
*Again check primalsecurity.net's perfect blogpost about producing an .exe
RSPET_server_min.pyis situated at the attacker's machine and running to accept connections
RSPET_client_min.pyis situated in the infected machine(s) and will initiate the connection and wait for input.
python RSPET_server.py (max_connections)
python RSPET_client.py server_ip
As always if you have any suggestion, bug report or complain feel free to contact me.
Fix logic bug where if a dirrect command to Host OS has no output Server displays command not recognised
- Fix logic bug where if a dirrect command's to Host OS execution is perpetual the Server deadlocks
Add client version and type (min or full) as a property when client connects and at
- Add client update mechanism (being worked on)
- Add UDP Reflection functionality (already in the workings)