outis is a custom Remote Administration Tool (RAT).

outis is a custom Remote Administration Tool (RAT).

Use at your own risk. Do not use without full consent of everyone involved. For educational purposes only.

outis is a custom Remote Administration Tool (RAT) or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit (there are no exploits) nor persistent management of targets. The focus is to communicate between server and target system and to transfer files, share sockets, spawn shells and so on using various methods and platforms.


Dependencies & following packages:
+ python3 # includes cmd, tempfile, …
+ python-progressbar2
+ python-dnspython
+ python-crypto
+ python-pyopenssl
+ and maybe more…
In other distributions the names may differ, for instance, there is a module named crypto and a module named pycrypto. We need the latter.

* agent: software, that runs on the victim system
* handler: software, that parses your commands and leads the agents (usually it runs on your server)
* stager: short script that downloads the agent (using the transport module) and runs it
* transport: communication channel between stager/agent and handler, e.g. ReverseTCP
* platform: victim architecture to use for stager/agent scripts, e.g. PowerShell

Currently Supported Plattforms
* PowerShell (partial)

Currently Supported Transports
* Reverse TCP
* DNS (types TXT or A for staging, and types TXT, CNAME, MX, AAAA or A for agent connection)

Currently Supported Cryptography
* Agent stages can be encoded (for obfuscation, not for security) using cyclic XOR
* Agent stages can be authenticated using RSA signatures and pinned certificates
* Transport connections can be encrypted / authenticated using TLS and pinned certificates
Usage and install:

Source: https://github.com/SySS-Research