Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mvrozanti/rat-via-telegram
Windows Remote Administration Tool via Telegram
https://github.com/mvrozanti/rat-via-telegram
audio-recording keylogger proxy-server rat remote-admin-tool screen-capture telegram-bot
Last synced: 9 days ago
JSON representation
Windows Remote Administration Tool via Telegram
- Host: GitHub
- URL: https://github.com/mvrozanti/rat-via-telegram
- Owner: mvrozanti
- License: mit
- Archived: true
- Created: 2017-04-17T00:42:19.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2019-06-30T20:50:07.000Z (over 5 years ago)
- Last Synced: 2024-08-01T09:25:27.207Z (3 months ago)
- Topics: audio-recording, keylogger, proxy-server, rat, remote-admin-tool, screen-capture, telegram-bot
- Language: Python
- Homepage:
- Size: 32.3 MB
- Stars: 645
- Watchers: 67
- Forks: 346
- Open Issues: 27
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# RAT-via-Telegram
[![Build Status](https://travis-ci.org/mvrozanti/RAT-via-Telegram.svg?branch=master)](https://travis-ci.org/mvrozanti/RAT-via-Telegram)
[![Made with Python](https://img.shields.io/badge/Made%20with-Python-3572A5.svg)](https://travis-ci.org/mvrozanti/RAT-via-Telegram)Windows Remote Administration Tool via Telegram (now in Python 3.7!) | Originally created by Ritiek
### Why another one?
- The current Remote Administration Tools in the market face 2 major problems:
- Lack of encryption.
- Require port forwarding in order to control from hundreds of miles.- This RAT overcomes both these issues by using the Telegram bot API.
- Fully encrypted. The data being exchanged cannot be spied upon using MITM tools.
- Telegram messenger app provides a simple way to communicate to the target without configuring port forward before hand on the target.## Features:
- Keylogger with window title log included
- Get target PC's Windows version, processor and more
- Get target PC's IP address information and approximate location on map
- Delete, Move files
- Show current directory
- Change current directory
- List current or specified directory
- Download any file from the target
- Upload local files to the target. Send your image, pdf, exe or anything as `file` to the Telegram bot
- Autostart playing a video in fullscreen and no controls for a youtube video on target
- Take Screenshots
- Execute any file
- Access to microphone
- Start HTTP Proxy Server
- Freeze target's keyboard
- Schedule tasks to run at specified datetime
- Encode/Decode all local files
- Ping targets
- Update .exe -- thanks LearnerZone
- Self-Destruct RAT
- Change wallpaper from file or url
- Execute cmd shell
- Take snapshots from the webcam (if attached)
- Execute arbitrary python 3.7 on the go
- Freeze target's mouse
- [TODO] Browser (IE, Firefox, ~~Chrome~~) cookies retrieval
- [TODO] Password retrieval
- [TODO] Monitor web traffic (graphically?)
- [TODO] Bandwidth monitoring (stepping stone to web traffic monitoring) - started 28/10/2018
- [TODO] Fine-tuning scripting (i.e.: if app x is opened y is executed)
- [TODO] Capture clipboard (Text, Image)
- [TODO] Hide desktop icons
- [TODO] Audio compression
- [TODO] Name server lookup (/nslookup - #19)Thanks Dviros:
- Chrome login/password retrieval
- Display ARP table
- Get active processes and services
- Shutdown/Reboot computer
- Display DNS Cache& More coming soon!
## Screenshots:
## Installation & Usage:
- Clone this repository.
- Set up a new Telegram bot talking to the `BotFather`.
- Copy this token and replace it in the beginning of the script.
- Run `compile.py`
- Generates an executable binary
- To run the script: `python RATAttack.py`.
- Find your bot on telegram and send some command to the bot to test it.
- To restrict the bot so that it responds only to you, note down your `chat_id` from the console and replace it in the script and comment out the line `return True`. Don't worry, you'll know when you read the comments in the script.- A folder named `RATAttack` will be created in your working directory containing `keylogs.txt` and any files you upload to the bot.
### Commands:
When using the below commands; use `/` as a prefix. For example: `/pc_info`.
```
arp - display arp table
capture_pc - screenshot PC
cmd_exec - execute shell command
cp - copy files
cd - change current directory
delete - delete a file/folder
download - download file from target
decode_all - decode ALL encoded local files
dns - display DNS Cache
encode_all - encode ALL local files
freeze_keyboard - enable keyboard freeze
unfreeze_keyboard - disable keyboard freeze
get_chrome - Get Google Chrome's login/passwords
hear - record microphone
ip_info - via ipinfo.io
keylogs - get keylogs
ls - list contents of current or specified directory
msg_box - display message box with text
mv - move files
pc_info - PC information
ping - makes sure target is up
play - plays a youtube video
proxy - opens a proxy server
pwd - show current directory
python_exec - interpret python
reboot - reboot computer
run - run a file
schedule - schedule a command to run at specific time
self_destruct - destroy all traces
shutdown - shutdown computer
tasklist - display services and processes running
to - select targets by it's name
update - update executable
wallpaper - change wallpaper
```You can copy the above to update your command list via `BotFather` so you don't have to type them manually.
## Compiling:
### How To Compile:
- Run `compile.py`. You can also pass `--icon=` to use a custom icon. If you want to use UPX for compression, you can add `--upx-dir [upx-3.95-win64 | upx-3.96-win32]`, depending on your architecture. You can skip this last option if you have UPX in your `PATH` environment variable.
- Once it is compiled successfully, find the `.exe` file in `C:/Python37/Scripts/dist/` or the current directory, depending on where you called it from.
- **BEWARE!** If you run the compiled `.exe`, the script will move itself to startup and start with your PC to run at startup. You can return to normal by using the `/self_destruct` option or manually removing `%APPDATA%/Portal` directory and `%APPDATA%/Microsoft/Windows/Start Menu/Programs/Startup/portal.lnk`.### Modifying Settings:
- You can also modify the name of hidden `.exe` file and location and name of the folder where the hidden `.exe` will hide itself. To do this; modify `compiled_name` and `hide_folder` respectively.
- Assign your known chat ids to beginning of RATAttack.py## Contributing:
- This project is still in very early stages, so you can expect some bugs. Please feel free to report them! Even better, send a pull request :)
- Any new features and ideas are most welcome! Please do submit feature requests by creating Issues
- Branch protection is enabled on `master`. You must work in an alternate branch (e.g. `dev`) and make a PR. This is to ensure that master has a working and approved version of RvT.## Credit
A markdown file with credits:
Credit filePeople with PRs:
- Brendan | some stuff
- Dviros | Chrome login/password retrieval | ARP Table | Process/services | shutdown/reboot | dns cache
- LearnerZone | Support on updating the executableDependency owners:
A load of people who turn coffee to codeOriginal creator:
- Ritiek | Original RAT dev## Disclaimer:
**This tool is supposed to be used only on authorized systems. Any unauthorized use of this tool without explicit permission is illegal.**
## License:
`The MIT License`