pupy

Pupy is a cross-platform, multi function RAT and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. Pupy can communicate using multiple transports, migrate into processes using reflective injection, and load remote python code, python packages and python C-extensions from memory.

Features:
- Windows payload can load the entire Python interpreter from memory using a reflective DLL.
- Can be packed into a single .py file and run without any dependencies other than the python standard library on all OSes.
- Reflectively migrate into other processes.
- Remotely import pure python packages (.py, .pyc) and compiled python C extensions from memory.
- Easily extensible, modules are simple to write and are sorted by os and category.
- Modules can directly access python objects on the remote client using rpyc.
- Access remote objects interactively from the pupy shell and get auto-completion of remote attributes.
- Communication transports are modular and stackable. Exfiltrate data using HTTP over HTTP over AES over XOR, or any combination of the available transports.
- Communicate using obfsproxy pluggable transports.
- Execute noninteractive commands on multiple hosts at once.
- Commands and scripts running on remote hosts are interruptible.
- Auto-completion for commands and arguments.
- Custom config can be defined: command aliases, modules. automatically run at connection, etc.
- Open interactive python shells with auto-completion on the all-in-memory remote python interpreter.
- Interactive shells can be opened remotely.
- Execute PE executable remotely and from memory.
- Generate payloads in various formats.
- Deploy in memory from a single command line using python or powershell one-liners.
- Embed "scriptlets" in generated payloads to perform some tasks "offline" without needing network connectivity.
- Multiple Target Platforms.