{"id":20610873,"url":"https://github.com/psmths/reave","last_synced_at":"2025-04-15T04:32:40.967Z","repository":{"id":38183785,"uuid":"439402540","full_name":"Psmths/reave","owner":"Psmths","description":"WIP Post-exploitation framework tailored for hypervisors.","archived":false,"fork":false,"pushed_at":"2023-11-16T02:41:37.000Z","size":414,"stargazers_count":50,"open_issues_count":3,"forks_count":12,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-28T16:03:33.904Z","etag":null,"topics":["framework","hypervisor","pentesting","post-exploitation","post-exploitation-toolkit","python","rat","red-team"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Psmths.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-17T16:58:08.000Z","updated_at":"2024-08-12T20:18:58.000Z","dependencies_parsed_at":"2024-11-16T10:18:20.691Z","dependency_job_id":"f97ef810-6a2d-4f9e-be74-e892cd256e36","html_url":"https://github.com/Psmths/reave","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psmths%2Freave","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psmths%2Freave/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psmths%2Freave/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Psmths%2Freave/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Psmths","download_url":"https://codeload.github.com/Psmths/reave/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249006617,"owners_count":21197309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["framework","hypervisor","pentesting","post-exploitation","post-exploitation-toolkit","python","rat","red-team"],"created_at":"2024-11-16T10:18:12.849Z","updated_at":"2025-04-15T04:32:40.939Z","avatar_url":"https://github.com/Psmths.png","language":"Python","readme":"\u003cp align=\"center\"\u003e\n  \u003ch2 align=\"center\"\u003eREAVE\u003c/h2\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/github/license/Psmths/reave.svg\"\u003e\n  \u003cimg src=\"https://www.repostatus.org/badges/latest/wip.svg\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Python-3-yellow.svg?logo=python\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/code%20style-black-000000.svg\"\u003e\n  \u003cimg src=\"https://github.com/Psmths/reave/workflows/CodeQL/badge.svg?branch=main\"\u003e\n\u003c/p\u003e\n\u003chr\u003e\n\nReave is a post-exploitation framework tailored for hypervisor endpoints, written in Python. It is currently under development. \n\nReave follows a traditional listener/agent model, where the user may set up multiple listeners that accept any number of agents. The framework currently provides a Python agent and supports the following objectives:\n\n - Interactive terminal sessions with agents\n - Automatic enumeration of hypervisors, including:\n   - What guest systems are installed\n   - What network shares and datastores are mounted\n   - What local users are associated\n   - What domain the hypervisor is a part of\n - Modular payloads supporting capabilities such as:\n   - Exfiltration: of datastores, files, virtual disks.\n   - Persistence: Adding, modifying, deleting local users, installing SSH keys and spawning reverse shells\n   - Enumeration: Further network scanning, etc. \n\nThe goal of Reave is to provide a framework one can leverage to automate and expedite pentesting campaigns in environments that are either heavily virtualized, or where target/critical infrastructure is hosted on hypervisor platforms such as ESXi and Proxmox. \n\n# Screenshots\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"doc/listener_context.PNG\"\u003e\n\u003c/p\u003e\n\u003ch3 align=\"center\"\u003e\u003ci\u003eListener Context\u003c/i\u003e\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"doc/payload_context.PNG\"\u003e\n\u003c/p\u003e\n\u003ch3 align=\"center\"\u003e\u003ci\u003ePayload Context\u003c/i\u003e\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"doc/agent_info.png\"\u003e\n\u003c/p\u003e\n\u003ch3 align=\"center\"\u003e\u003ci\u003eAutomatic Hypervisor Enumeration\u003c/i\u003e\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"doc/agent_list.png\"\u003e\n\u003c/p\u003e\n\u003ch3 align=\"center\"\u003e\u003ci\u003eCentralized C2 Overview\u003c/i\u003e\u003c/h3\u003e\n\n# Usage\n\nOn the server, simply run app.py:\n\n```\npython3 reave/app.py\n```\n\nOn the target endpoint, upload the Python agent, located under `agents/client.py`, and execute it. The following configuration options are available:\n\n - `_LISTENER_HOST` Hostname/IP of the server\n - `_LISTENER_PORTS` List of ports that the agent will attempt to connect to in round-robin fashion\n - `_LISTENER_SECRET` Association key of the listener the agent will bind to\n - `_AGENT_LOGLEVEL` Debug logging level\n - `BEACON_INTERVAL` Interval the agent will beacon on\n - `BEACON_JITTER` Random jitter factor added to beacon interval\n - `START_TIME` What time of day the agent will start beaconing \n - `END_TIME` What time of day the agent will stop beaconing\n - `SOCKET_TIMEOUT` Timeout for the agent's socket\n - `PID_FILE` PID file the agent uses to ensure it isn't already running on the endpoint \n - `TRANSFER_BLOCK_SIZE` Block size the agent will use when transfering files to the server \n\nWhen an agent has successfully associated to a listener, you can view it by entering the `agent` context and issuing the command `list` (or `ls`). To view all of the information that Reave has automatically enumerated from the endpoint issue the command `info \u003cagent uuid\u003e`. For instance, if your agent has a uuid of `18ab`, you would use `info 18ab`. \n\nTo grab an arbitrary file from the agent, you can issue `get 18ab /my/test/file`.\n\nTo spawn an interactive shell on the endpoint, you could issue `interact 18ab`.\n\n# Command Line Interface\n\nThe command line has three distinct contexts from wich you can control separate operations:\n\n - Listener\n - Payload\n - Agent\n\n## Listener Context Commands\n\nTo enter the listener context, use command `listener`. From there, several options are available:\n\n```\nlist                            List all active listeners\nadd \u003chost\u003e \u003cport\u003e \u003csecret\u003e      Add a listener\nremove \u003cuuid\u003e                   Remove a listener\n```\n\nExit this context by using command `back`\n\n## Agent Context Commands\n\nTo enter the agent context, use command `agent`. From there, several options are available:\n\n```\nlist                                List all agents (alias: ls)\ninfo \u003cuuid\u003e                         List agent info, including any auto-enumerated data\ninteract \u003cuuid\u003e                     Interactive terminal session with agent. \n                                    'quit' to exit.\nget \u003cuuid\u003e \u003cfile\u003e                   Transfer file from the agent endpoint to downloads directory\n```\n\nExit this context by using command `back`\n\n## Payload Context Commands\n\nTo enter the `payload` context, use command `payload`. From there, several options are available:\n\n```\nlist                    List all loaded payloads\ninfo \u003cname\u003e             Get information about a payload\nuse \u003cname\u003e              Select payload for use\nset \u003coption\u003e \u003cvalue\u003e    Set payload option to value\nrun agent \u003cuuid\u003e        Run the payload on an individual agent\n```\n\nExit this context by using command `back`\n\n## Formatting Selection\n\nReave also supports defining what format you would like to view enumeration data in. To switch to a particular format:\n\n```\nformat json             Output information in table format.\nformat table            Output information in JSON format.\n```\n\n# Contributors\n\n  - [desultory](https://github.com/desultory)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsmths%2Freave","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsmths%2Freave","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsmths%2Freave/lists"}