{"id":13815336,"url":"https://github.com/Hadi999/NXcrypt","last_synced_at":"2025-05-15T07:32:47.799Z","repository":{"id":201881689,"uuid":"60411209","full_name":"Hadi999/NXcrypt","owner":"Hadi999","description":"NXcrypt - 'python backdoor' framework ","archived":false,"fork":false,"pushed_at":"2017-06-26T19:31:04.000Z","size":51,"stargazers_count":365,"open_issues_count":10,"forks_count":128,"subscribers_count":31,"default_branch":"master","last_synced_at":"2024-11-19T10:49:44.997Z","etag":null,"topics":["antivirus-evasion","backdoors","encryption","metasploit","python","undetected"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Hadi999.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-06-04T13:15:28.000Z","updated_at":"2024-11-18T10:28:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"ed034b4a-1301-494f-a27f-21e233b695c7","html_url":"https://github.com/Hadi999/NXcrypt","commit_stats":null,"previous_names":["hadi999/nxcrypt"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hadi999%2FNXcrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hadi999%2FNXcrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hadi999%2FNXcrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hadi999%2FNXcrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Hadi999","download_url":"https://codeload.github.com/Hadi999/NXcrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254296323,"owners_count":22047244,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus-evasion","backdoors","encryption","metasploit","python","undetected"],"created_at":"2024-08-04T04:03:21.212Z","updated_at":"2025-05-15T07:32:47.484Z","avatar_url":"https://github.com/Hadi999.png","language":"Python","readme":"# NXcrypt\n\n- NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene (h4d3s) .\nThe output  is fully undetectable .\n\n- NXcrypt can inject malicious python file into  a normal file with multi-threading system .\n\n- Run it with superuser's permissions .\n- NXcrypt output is Fully undetectable  .\n\n Backdooring Module :\n \n![Alt text](https://i.imgur.com/paJzgHT.png \"Backdooring module\")\n\nEncryption Module\n\n![Alt text](https://i.imgur.com/advuJ0H.png \"Encryption Module \")\n\n\n# Usage :\n\n- sudo  ./NXcrypt.py --file=backdoor.py --output=output_backdoor.py # encrypt backdoor.py and output file is output_backdoor.py\n- sudo ./NXcrypt.py --file=shell.py # encrypt shell.py and default output file  is backdoor.py but you can edit it in source code\n - sudo ./NXcrypt.py --help # NXcrypt help\n - sudo ./NXcrypt.py --backdoor-file=payload.py --file=test.py --output=hacked.py # inject payload.py with  test.py into hacked.py with multi-threading system\n \n # How it work ? \n \n * Encryption module :\n \n - NXcrypt add some junkcode .\n - NXcrypt use a python internal module 'py_compile' who compile the code into bytecode to a .pyc file .\n - NXcrypt convert .pyc file into normal .py file .\n - And in this way we can obfuscate the code\n - The md5sum will change too\n \n* Injection  module :\n\n- it inject a malicious python file  into a normal file with multi-threading system .\n\n # Test with Virustotal\n \nBefore :\n \nSHA256:\te2acceb6158cf406669ab828d338982411a0e5c5876c2f2783e247b3e01c2163\nFile name:\tfacebook.py\nDetection ratio:\t2 / 54\n\nAfter  :\n\nSHA256:\t362a4b19d53d1a8f2b91491b47dba28923dfec2d90784961c46213bdadc80add\nFile name:\tfacebook_encrypted.py\nDetection ratio:\t0 / 55\n\n\n# Credits\n\nAll Credits go to Suspicious Shell Activity team\n\n# Video Tutorial\n\nhttps://www.youtube.com/watch?v=s8Krngv2z9Q\n\n\n \n \n\n\n \n","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHadi999%2FNXcrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHadi999%2FNXcrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHadi999%2FNXcrypt/lists"}