Stegator – A Python based backdoor that uses a Cloud Image Service (Cloudinary) as a command and control server.
A Python based backdoor that uses a Cloud Image Service (Cloudinary) as a command and control server. Use by your own risk!
Using Steganography all the commands are “inserted” in ramdom images downloaded from imgur and uploaded to a Cloud service in this PoC Cloudinary.
This project has been inspired by Gcat and Twittor which does the same but using a Cloud Image Service in this Proof of concept Cloudinary but can be used in any other like Instagram, Flickr or Imgur using their API services.
+ 2.7 < Python < 3.0
+ python cloudinary module
+ Steghide steghide
Ubuntu 14.04/Kali 2.0/Debian:
sudo apt-get install python python-pip python-dev build-essential libsqlite3-dev
sudo apt-get install steghide
git clone https://github.com/1modm/stegator && cd stegator
pip install -r requirements.txt
cloud_name = "your cloud",
api_key = "xxxxxxxxxxxx",
api_secret = "xxxxxxxxxxxx"