RSPET
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Current Version: v0.3.1
Follow: @TheRSPET on Twitter for updates.
Documentation : rspet.readthedocs.io
Inspiration
- Years of involvement in the Computer/Network Security Scene as a hobbyist PenTester
- Chance to give back to the community
- Excuse to spend hours searching Python Docs for esoteric features
What it does
- Provide Reverse Shell
- TLS encrypted communication
- Server plugin system
- RESTful Web-API
- Command line interaction
Distros
A list of Distros that contain RSPET
- BlackArch Linux (as of version 2016.04.28)
- ArchStrike
As Featured in
Todo
- [x]
Fix logic bug where if a direct command to Host OS has no output Server displays command not recognized - [ ] Fix logic bug where if a direct command's to Host OS execution is perpetual the Server deadlocks
- [ ] Investigate weather the issue resides in the Server logic or the linearity of the CLI.
- [x]
Add client version and type (min or full) as a property when client connects and atList_Hosts - [x] Add TLS encryption in order to:
- [x] Replace XORing (and subsequently obfuscation with encryption)
- [ ] Verify the "authenticity" of clients
- [ ] A mechanism to issue and verify client certificates
- [ ] A mechanism to recognize compromised client certs
- [ ] Add client update mechanism (initial thought was the use of execv but it acts up)
- [x] Add a Plug-in system to client (a more compact one)
- [ ] Add remote installation of Plug-ins to client
- [ ] Add installed Plug-ins report from client to server
- [ ] Add UDP Reflection functionality
- [ ] Provide more settings via config file
- [ ] Re-introduce multythreading when handling multiple hosts.
- [ ] Make commands available with 'Tab' automatically generated based on loaded Plug-ins.
- [x]
Fix logical bug when deleting a client. (Client still shows up on List_Hosts) - [x]
Create comprehensive Plug-in creation guide. - [ ] Add support for command overridding in server plugins
- [ ] Add dependency support for server plugins
Styleguide
This project is following Google's Python Styleguide with a minor variation on the use of whitespaces to align ":" tokens.
Contribution Opportunities
This project is open for contributors. If you have implemented a new feature, or maybe an improvement to the current code feel free to open a pull request. If you want to suggest a new feature open an issue. Additionally Testers are needed to run a few standard scenarios (and a few of their own maybe) to decrease the chance a bug slips into a new version. Should there be any interest about testing a beta branch will be created (where code to be tested will be uploaded) along with a list of scenarios. For a full guide on contribution opportunities and guides check out the "Contributing" chapter on RSPET's Online Documentation
Author - Project Owner/Manager
Co-Author
dzervas -- Code (Server OO-redesign, Server Plug-in system implementation, bug reports, bug fixes)
Contributors
- b3mb4m -- Code (tab.py and bug fixes)
- junzy -- Docstings (udp_spoof & udp_spoof_send)
- gxskar -- Documentation (ASCIICAST of RSPET's basic execution)
- n1zzo -- Bug Report & Fix (PR #31)
License
MIT
Free Cake
i.
.7.
.. :v
c: .x
i.::
:
..i..
#MMMMM
QM AM
9M zM
6M AM
2M 2MX#MM@1.
0M tMMMMMMMMMM;
.X#MMMM ;MMMMMMMMMMMMv
cEMMMMMMMMMU7@MMMMMMMMMMMMM@
.n@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMM@@#$BWWB#@@#$WWWQQQWWWWB#@MM.
MM ;M.
$M EM
WMO$@@@@@@@@@@@@@@@@@@@@@@@@@@@@#OMM
#M cM
QM tM
MM CMO
.MMMM oMMMt
1MO 6MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM iMM
.M1 BM VM ,Mt
1M @M .............................. WM M6
MM .A8OQWWWWWWWWWWWWWWWWWWWWWWWWWWW0Az2 #M
MM MM.
@MMY vMME
UMMMbi i8MMMt
C@MMMMMbt;;i.......i;XQMMMMMMt
;ZMMMMMMMMMMMMMMM@A;.
The Cake is a Lie. But it has been a Year :)
Log in or sign up for Devpost to join the conversation.