basicRAT - python remote access trojan.

basicRAT – python remote access trojan.

Disclaimer: This RAT is for research purposes only, and should only be used on authorized systems. Accessing a computer system or network without authorization or explicit permission is illegal.

This is a Python RAT (Remote Access Trojan), basicRAT was created to maintain a clean design full-featured Python RAT. Currently a work in progress and still being hacked on.
+ Cross-platform
+ AES CBC encrypted C2 with D-H exchange
+ Reverse shell
+ File upload/download
+ Standard utilities (wget, unzip)
+ System survey


– Client binary generation tool (cross-platform)
-+- Pyinstaller
-+- Switch options for remote IP, port, etc
– Persistance (cross-platform)
-+- Windows: Registry keys, WMIC, Startup Dir
-+- Linux: Cron jobs, services, modprobe
– Common C2 Protocols (HTTP, DNS)
– Privilege Escalation (getsystem-esque, dirty cow)
– Screenshot
– Keylogger
– Expand toolkit (unrar, sysinfo)
– Scanning utility (probe scan / ping sweep, scanning subnet)
– Password dumping (mimikatz / gsecdump)
– Tunneling
– Client periodic connection attempt
– Accept connection from multiple clients