https://github.com/BeetleChunks/redsails

RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: https://www.youtube.com/watch?v=Ul8uPvlOsug
https://github.com/BeetleChunks/redsails

event-logging firewall kernel-driver pydivert python windivert windows

Last synced: 3 months ago
JSON representation

RedSails is a Python based post-exploitation project aimed at bypassing host based security monitoring and logging. DerbyCon 2017 Talk: https://www.youtube.com/watch?v=Ul8uPvlOsug

• Host: GitHub
• URL: https://github.com/BeetleChunks/redsails
• Owner: BeetleChunks
• License: gpl-3.0
• Created: 2017-09-23T17:54:16.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2017-10-18T00:49:51.000Z (about 7 years ago)
• Last Synced: 2024-04-27T23:55:24.606Z (6 months ago)
• Topics: event-logging, firewall, kernel-driver, pydivert, python, windivert, windows
• Language: Python
• Homepage:
• Size: 108 KB
• Stars: 307
• Watchers: 18
• Forks: 72
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Redsails

## About

A post-exploitation tool capable of:

-	maintaining persistence on a compromised machine

-	subverting many common host event logs (both network and account logon)

-	generating false logs / network traffic

Based on [PyDivert] (https://github.com/ffalcinelli/pydivert), a Python binding for [WinDivert](https://www.reqrypt.org/windivert.html), a Windows driver that allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack.

Built for Windows operating systems newer than Vista and Windows 2008 (including Windows 7, Windows 8 and Windows 10).

## Dependencies

  Redsails has dependencies PyDivert and WinDivert. You can resolve those dependencies by running:

  #### `pip install pydivert`

  #### `pip install pbkdf2`

 

 Pycrypto is also needed.

  #### `easy_install pycrypto`

  Pycrypto may have a dependency on [Microsoft Visual C++ Compiler for Python 2.7] (http://aka.ms/vcpython27)

  

## Usage

- Server (victim host you are attacking)

  #### `redSails.py`

  

  Or if the victim does not have python installed, you can run provided exe (or compile your own! instructions below)

  #### `redSails.exe

- Client (attacker)

  #### `redSailsClient.py  `

## Creating an executable

  To compile an exe (for deployment) inlieu of the python script, you will need pyinstaller:

  #### `pip install pyinstaller`

  

  Then you can create the exe:

  #### `pyinstaller-script.py -F --clean redSails.spec`

  

## License

Copyright (C) 2017 Robert J. McDown, Joshua Theimer

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program.  If not, see .