Use at your own risk. Do not use without full consent of everyone involved. For educational purposes only.
outis is a custom Remote Administration Tool (RAT) or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit (there are no exploits) nor persistent management of targets. The focus is to communicate between server and target system and to transfer files, share sockets, spawn shells and so on using various methods and platforms.
Dependencies & following packages:
+ python3 # includes cmd, tempfile, …
+ and maybe more…
In other distributions the names may differ, for instance, there is a module named crypto and a module named pycrypto. We need the latter.
* agent: software, that runs on the victim system
* handler: software, that parses your commands and leads the agents (usually it runs on your server)
* stager: short script that downloads the agent (using the transport module) and runs it
* transport: communication channel between stager/agent and handler, e.g. ReverseTCP
* platform: victim architecture to use for stager/agent scripts, e.g. PowerShell
Currently Supported Plattforms
* PowerShell (partial)
Currently Supported Transports
* Reverse TCP
* DNS (types TXT or A for staging, and types TXT, CNAME, MX, AAAA or A for agent connection)
Currently Supported Cryptography
* Agent stages can be encoded (for obfuscation, not for security) using cyclic XOR
* Agent stages can be authenticated using RSA signatures and pinned certificates
* Transport connections can be encrypted / authenticated using TLS and pinned certificates
Usage and install:
$ python3 -c 'import OpenSSL; print(OpenSSL.version.__version__)'
$ virtualenv -p python3 outis-venv
$ source ./outis-venv/bin/activate
(outis-venv) $ pip install progressbar2 dnspython pycrypto pyopenssl
$ pip3 freeze
git clone --recursive https://github.com/SySS-Research/outis && cd outis