Awesome

所有收集类项目

RAT

250+ 开源远控/C&C工具，1200+ RAT分析报告\C&C相关文章等。
English Version

开源工具
- pupy -> (1)工具 (6)文章
- Covenant -> (3)工具 (18)文章
- Slackor -> (1)工具 (3)文章
- QuasarRAT -> (1)工具 (9)文章
- EvilOSX -> (1)工具 (9)文章
- Merlin -> (1)工具 (3)文章
商业软件
- Team Viewer -> (7)工具 (34)文章
恶意软件(部分)
- Gh0st -> (5)工具 (23)文章
- NanoCore -> (1)工具 (32)文章
- NjRat -> (4)工具 (20)文章
- Revenge RAT -> (1)工具 (9)文章
- PlugX -> (1)工具 (40)文章
- (25) RemcosRAT
- (3) L0rdixRAT
- (1) LodaRAT
- (9) GulfRAT
- (14) NetWireRAT
- (1) JhoneRAT
- (2) Dacls
- (1) BlackRemote
- (17) Orcus
- (1) NukeSped
- (21) DarkComet
- (1) WarZone RAT
- (16) BlackShades
- (1) DenesRAT
- (4) WSH RAT
- (2) Qrypter RAT
- (20) Adwind
- (1) CannibalRAT
- (3) jRAT
- (5) jsRAT
- (4) CrossRat
- (1) ArmaRat
- (6) RokRAT
- (1) CatKARAT
- (5) TheFatRat
- (2) OmniRAT
- (6) LuminosityLink
- (477) 其他
利用公开服务
- Telegram -> (3)工具 (2)文章
- Twitter -> (2)工具 (6)文章
- GMail -> (3)工具 (8)文章
- Github -> (1)工具 (5)文章
- DropBox -> (1)工具 (3)文章
- 区块链 -> (2)工具 (1)文章
- 其他 -> (15)工具 (5)文章
通信协议
- DNS协议
- ICMP -> (5)文章
- WebSocket -> (2)工具 (5)文章
C&C
- Cobalt Strike -> (14)工具 (8)文章
- 工具
  - (64) 新添加
- 文章
  - (258) 新添加
远控
- 工具
- 文章

<a id="39bad1d60c8fbb697fd8701ffafc50a6"></a>开源工具

<a id="98000cf45f63bf295d39e9255d7972ca"></a>pupy

[5265星][1m] [Py] n1nj4sec/pupy Python编写的远控、后渗透工具，跨平台（Windows, Linux, OSX, Android）

<a id="1acc99cd2330bc55f1dffecfa75b9c7d"></a>Covenant

[1147星][6d] [C#] cobbr/covenant Covenant is a collaborative .NET C2 framework for red teamers.
[95星][9d] [C#] cobbr/elite Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
[31星][4m] [C#] cobbr/c2bridge C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.

<a id="cf120400afb57c2af9b8da037b3b7c3b"></a>Slackor

[332星][12d] [Py] coalfire-research/slackor A Golang implant that uses Slack as a command and control server

<a id="05df4f3dd6438b6f6d67f56a8b6e40f3"></a>QuasarRAT

[2932星][10m] [C#] quasar/quasarrat Remote Administration Tool for Windows

<a id="380ea0abfdbf07624ebf45681b773e54"></a>EvilOSX

[1376星][2y] [Py] marten4n6/evilosx An evil RAT (Remote Administration Tool) for macOS / OS X.

<a id="42a4a0bcb02fcb7a30fe7e42b7a9cdb5"></a>Merlin

[2568星][6m] [Go] ne0nd0g/merlin Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

<a id="f1821c037c77e23ca5c2552477708930"></a>商业软件

<a id="db69305116cf91a4e67b4c75465dfe3e"></a>Team Viewer

[405星][2y] [C++] vah13/extracttvpasswords tool to extract passwords from TeamViewer memory using Frida
[277星][2y] [C++] gellin/teamviewer_permissions_hook_v1 A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
[175星][9d] uknowsec/sharpdecryptpwd 对密码已保存在 Windwos 系统上的部分程序进行解析,包括：Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品（Xshell,Xftp)。
[59星][2y] [Py] attackercan/teamviewer-dumper 从内存中转储TeamViewer ID 和密码
[42星][6d] [C#] v1v1/decryptteamviewer Enumerate and decrypt TeamViewer credentials from Windows registry
[36星][5y] [C++] kkar/teamviewer-dumper-in-cpp Dumps TeamViewer ID,Password and account settings from a running TeamViewer instance by enumerating child windows.
[25星][5m] [C++] dydtjr1128/remoteassistance-cpp [WIP]RemoteAssistance like TeamViewer(C++)

<a id="f6f85e2d4f8e5442884f4d9b6e56ca42"></a>恶意软件(部分)

<a id="74d9131b5ad95c569c0afb9ee5a3c9b9"></a>Gh0st

[301星][7d] [C++] yuanyuanxiang/simpleremoter 基于gh0st的远程控制器：实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能
[273星][7y] [C++] sin5678/gh0st a open source remote administrator tool
[91星][6y] [C++] igh0st/gh0st3.6_src
[90星][1m] [C++] zibility/remote 参考Gh0st源码，实现的一款PC远程协助软件，拥有远程Shell、文件管理、桌面管理、消息发送等功能。
[21星][5m] [C++] holmesian/gh0st-light 精简之后的老东西

<a id="81308c6923f66db886efe8ae967c2845"></a>NanoCore

[2星][10m] [Py] jacobpimental/nanocore_extractor Extracts nanocore sample from compile AutoIT script

<a id="31bd9e6c54fdd9a00a45542e53abc13b"></a>NjRat

[143星][2y] [Visual Basic .NET] alibawazeeer/rat-njrat-0.7d-modded-source-code NJR
[128星][8d] [Visual Basic] mwsrc/njrat njRAT SRC Extract
[14星][5m] [C#] nyan-x-cat/njrat-0.7d-stub-csharp njRAT C# Stub - Fixed For PowerShell
[3星][2y] [Py] seep1959/njutils A client and chat program for njrat 0.6.4, 0.7d, and 0.7d golden edition.

<a id="db2bbd5298638952f34060e4f8ee0053"></a>Revenge RAT

[21星][2m] [C#] nyan-x-cat/revengerat-stub-cssharp Revenge-RAT C# Stub - Fixed

<a id="37466b42f2f777fa5a6400d78931995c"></a>PlugX

[28星][7y] [Py] kcreyts/plugxdecoder Decodes PlugX traffic and encrypted/compressed artifacts

<a id="ee2e3505664b3a7d26842b0278ccce23"></a>RemcosRAT

<a id="3f113acb3b6863c4ec5cbe04ce69f841"></a>L0rdixRAT

<a id="07522f33ae58f9d0de0bdc202f6aa1aa"></a>LodaRAT

2020.02 [talosintelligence] Loda RAT Grows Up

<a id="e8fa6ccd3f727add34525951a81fd493"></a>GulfRAT

<a id="57ea699dadcafe202a31772c837f9b7f"></a>NetWireRAT

<a id="20cd83aa4b202931ed4597c506d61257"></a>JhoneRAT

<a id="2da027a7cc244e466f914c996623d114"></a>Dacls

<a id="8bfe869e8aca6fa9e7d2d5b0353c0dc2"></a>BlackRemote

<a id="9ac323d054e6f52e9a92e449b51e75e6"></a>Orcus

<a id="8038672c0b8ef4b0b82afdeae025b38c"></a>NukeSped

<a id="11b35c707990ed436d23cc7495713177"></a>DarkComet

<a id="5af0edca5a51bdd5fd8f8d37b08218c8"></a>WarZone RAT

<a id="84187b0e75ca2a5a844f0367bf6d3c6b"></a>BlackShades

<a id="36531e67f10ecd7114880530e5e46e95"></a>DenesRAT

<a id="660f78a639f351f8404accad8c711ca4"></a>WSH RAT

<a id="319dcbdac181398a9b2ba7f5424a3e04"></a>Qrypter RAT

<a id="eb6a3a9a179678734be43ea1eb26f1c3"></a>Adwind

<a id="eb3c9f8af4ebe91aca4649718ff595c2"></a>CannibalRAT

2018.02 [talosintelligence] CannibalRAT targets Brazil

<a id="5fe739ee0e8778979807558ccd439b07"></a>jRAT

<a id="b62c18c1b4fc6d5b52ca826b36cf0819"></a>jsRAT

<a id="8d0732c4a6cf2393c0ff4e6cfe54f50f"></a>CrossRat

<a id="bb9ad532c3a3c9235157325236380a96"></a>ArmaRat

<a id="504b8511fe74ddb142775e007fa509f8"></a>RokRAT

<a id="ec8fe0e42f60749c29b75ed6708a5323"></a>CatKARAT

<a id="c3abd29c4145412f661b02b37347e70b"></a>TheFatRat

<a id="f1e2e824425e798bf4e410e4496181ed"></a>OmniRAT

<a id="bea46716ccf78713fbb9764999968e72"></a>LuminosityLink

<a id="6e0343d40b9606a34ad2ff311d0d259a"></a>其他

<a id="e80bdc9447f3cdc9416282b598b14cf7"></a>利用公开服务

<a id="17b978a5c371699ccd9a5687ae3f3949"></a>Telegram

[648星][1y] [Py] mehulj94/braindamage 使用Telegram做C&C服务器的远控
[330星][8m] [Py] mvrozanti/rat-via-telegram Windows Remote Administration Tool via Telegram
[160星][4y] [Py] blazeinfosec/bt2 使用Telegram 基础设施做C&C 服务器

<a id="a6303482a58e0d14bb8ce1849817ab5a"></a>Twitter

[658星][4y] [Py] paulsec/twittor A fully featured backdoor that uses Twitter as a C&C server
[186星][3y] [Go] petercunha/goat a trojan created in Go, using Twitter as a the C&C server

<a id="d2041a55efcfc29ca6a257916255b43b"></a>GMail

[1117星][1y] [Py] byt3bl33d3r/gcat A PoC backdoor that uses Gmail as a C&C server
[353星][3y] [Py] maldevel/gdog Python 编写的后门，使用 Gmail 做 C&C
[22星][1y] [Py] pure-l0g1c/keylogger A simple keylogger that uses Gmail as a C&C

<a id="b37bc6073be9a78ed6dbd0d21251fc63"></a>Github

[179星][3y] [Py] maldevel/canisrufus Python 编写的后门，使用 Github 做 C&C

<a id="618ec29a95a1f90a2696490d1f1afb2f"></a>DropBox

[134星][1y] [Py] 0x09al/dropboxc2c DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations.

<a id="2b58c60ed7c7920f03979756f6f72fcc"></a>区块链

[46星][1y] [Go] xpn/blockchainc2 A POC C2 server and agent to explore just if/how the Ethereum blockchain can be used for C2
[35星][3m] [Py] geek-repo/c2-blockchain This is a concept poc of command and control server implemented over blockchain

<a id="1e53961ca8fc592a588e18a5f1519078"></a>其他

[513星][1y] [Go] mthbernardes/gtrs 使用Google翻译器作为代理将任意命令发送到受感染的计算机
[102星][4m] [Py] nccgroup/gitpwnd 网络渗透测试工具，可使攻击者向被攻击机器发送命令，并使用 git repo 作为 C&C 传输层接收结果
[97星][2y] [Py] arno0x/webdavc2 A WebDAV PROPFIND C2 tool
[93星][2y] [PS] bkup/slackshell PowerShell to Slack C2
[84星][2y] [Go] 0x09al/browser-c2 Post Exploitation agent which uses a browser to do C2 operations.
[69星][13d] [Py] itskindred/redviper redViper is a proof of concept Command & Control framework that utilizes Reddit for communications.
[66星][2y] [Py] lukebaggett/google_socks A proof of concept demonstrating the use of Google Drive for command and control.
[29星][2y] [Py] ajinabraham/xenotix-xbot Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C
[26星][3y] [Py] dsnezhkov/octohook Git Web Hook Tunnel for C2
[23星][10d] [PS] netspi/sqlc2 SQLC2 is a PowerShell script for deploying and managing a command and control system that uses SQL Server as both the control server and the agent.
[22星][2y] [Py] woj-ciech/social-media-c2 Script is a proof of concept how to control your machine by using social media sites.
[16星][10d] [Py] securemode/trelloc2 Simple C2 over the Trello API
[14星][1y] [Py] j3ssie/c2s Command and Control server on Slack
[8星][2y] [Py] maldevel/dicerosbicornis A fully featured Windows backdoor that uses email as a C&C server
[7星][3y] [Py] killswitch-gui/flask_appengine_redirector Google App Engine Flask C2 redirector

<a id="9f6f77f1fcf614c9738dfeac9cc5d1d3"></a>通信协议

<a id="7485e724ef5efd1daf9d672bd72fb595"></a>DNS协议

[318星][1m] [Py] baderj/domain_generation_algorithms 域名生成算法
[220星][17d] [Scala] sotera/spark-distributed-louvain-modularity Spark / graphX implementation of the distributed louvain modularity algorithm
[209星][3y] [Py] endgameinc/dga_predict Predicting Domain Generation Algorithms using LSTMs
[132星][2m] [Py] andrewaeva/dga The repository that contains the algorithms for generating domain names, dictionaries of malicious domain names. Developed to research the possibility of applying machine learning and neural networks to detect and classify malicious domains.
[117星][6m] [Py] 360netlab/dga Suspicious DGA from PDNS and Sandbox.
[49星][2y] [java] toufikairane/andromalware Android Malware for educational purpose
[40星][4y] [Py] pchaigno/dga-collection A collection of known Domain Generation Algorithms
[31星][4y] [Py] endgameinc/sans_thir16 SANS Hunting on the Cheap
[31星][3y] [Py] staaldraad/fastfluxanalysis Scripts to detect Fast-Flux and DGA using DNS query responses
[28星][2y] [Py] philarkwright/dga-detection DGA Domain Detection using Bigram Frequency Analysis
[13星][3y] [Py] cisco-talos/goznym
[6星][1y] [Py] matthoffman/degas DGA-generated domain detection using deep learning models
[4星][3m] [PHP] navytitanium/eitest-tools-scripts-iocs
[1星][2m] [Py] bkcs-hust/lstm-mi A LSTM based framework for handling multiclass imbalance in DGA botnet detection

[1855星][8m] [C++] iagox86/dnscat2 在 DNS 协议上创建加密的 C&C channel
[832星][6d] [Go] bishopfox/sliver 一个通用的跨平台植入程序框架，该框架C3支持Mutual-TLS，HTTP（S）和DNS
[386星][4y] [Py] ahhh/reverse_dns_shell 使用DNS作为c2通道的python反向shell
[277星][1y] [Py] trycatchhcf/packetwhisper Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
[276星][4m] [Go] sensepost/godoh A DNS-over-HTTPS Command & Control Proof of Concept
[225星][2y] [PS] lukebaggett/dnscat2-powershell A Powershell client for dnscat2, an encrypted DNS command and control tool.
[176星][2y] [C++] 0x09al/dns-persist DNS-Persist is a post-exploitation agent which uses DNS for command and control.
[41星][2m] [Erlang] homas/ioc2rpz ioc2rpz is a place where threat intelligence meets DNS.
[38星][2m] [JS] inquest/threatkb Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

<a id="867ed7efa4643442ef6859571db8a587"></a>ICMP

<a id="fe3abb0c040999744a648ed68780835c"></a>WebSocket

[245星][2y] [Py] arno0x/wsc2 A WebSocket C2 Tool
[131星][9d] [C++] xorrior/raven CobaltStrike External C2 for Websockets

<a id="1c28538afe533f545b540cbd78637241"></a>C&C

<a id="e8d16b3301a2ab9109b503b89ec6eece"></a>Cobalt Strike

[462星][2y] rsmudge/malleable-c2-profiles Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
[217星][2y] [Py] bluscreenofjeff/malleable-c2-randomizer A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
[195星][1y] [PS] qax-a-team/cobaltstrike-toolset Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
[188星][2y] [C#] ryhanson/externalc2 A library for integrating communication channels with the Cobalt Strike External C2 server
[165星][6m] threatexpress/malleable-c2 Cobalt Strike Malleable C2 Design and Reference Guide
[160星][11d] [Py] threatexpress/cs2modrewrite Convert Cobalt Strike profiles to modrewrite scripts
[146星][2y] [Py] und3rf10w/external_c2_framework Python api for usage with cobalt strike's External C2 specification
[105星][5m] xx0hcd/malleable-c2-profiles Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
[67星][2y] [C] outflanknl/external_c2 POC for Cobalt Strike external C2
[56星][24d] 1135/1135-cobaltstrike-toolkit about CobaltStrike
[55星][1y] [Py] truneski/external_c2_framework Python api for usage with cobalt strike's External C2 specification
[41星][3y] bluscreenofjeff/malleablec2profiles Malleable C2 profiles for Cobalt Strike
[41星][2y] [Go] empty-nest/emptynest 基于插件的 C2 服务器框架。其目标不是取代某些强大的工具（例如 Empire、Metasploit、CobaltStrike），而是创建一个支持框架，以便为自定义 agents 快速创建小型、专用的 handlers
[12星][5m] [TS] hattmo/c2profilejs Web UI for creating C2 profiles for Cobalt Strike

<a id="ec8ac76dec379ff452f681a4504444b8"></a>工具

[1135星][13d] [Boo] byt3bl33d3r/silenttrinity An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR
[614星][12d] [Py] trustedsec/trevorc2 通过正常的可浏览的网站隐藏 C&C 指令的客户端/服务器模型，因为时间间隔不同，检测变得更加困难，并且获取主机数据时不会使用 POST 请求
[575星][3m] [PS] nettitude/poshc2_old Powershell C2 Server and Implants
[478星][5m] [C++] fsecurelabs/c3 一个用于快速定制C2通道原型的框架，同时仍提供与现有攻击性工具包的集成。
[442星][3y] [CSS] graniet/chromebackdoor 一个渗透测试工具PoC，使用MITB技术在启动后生成Windows可执行文件“ .exe”，并在大多数流行的浏览器上运行恶意扩展或脚本，并通过C&C发送所有DOM数据。
[336星][12d] [PS] nettitude/poshc2 Python Server for PoshC2
[325星][1y] [C#] spiderlabs/dohc2 DoHC2 allows the ExternalC2 library from Ryan Hanson (
[273星][4m] [Py] felixweyne/imaginaryc2 辅助对恶意软件进行行为（网络）分析，python
[205星][3y] [Py] countercept/doublepulsar-c2-traffic-decryptor 处理PCAP文件，解密发送到DOUBLEPULSAR implant的C2流量
[186星][2y] [Py] woj-ciech/daily-dose-of-malware Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cybercrime tracker and c2 for Pony.
[155星][7d] [Py] chrispetrou/hrshell HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
[136星][2y] [Py] pjlantz/hale Botnet command & control monitor
[132星][10m] [C] treehacks/botnet-hackpack Build a basic Command & Control botnet in C
[130星][6d] [Py] mhaskar/octopus Open source pre-operation C2 server based on python and powershell
[125星][7d] [JS] p3nt4/nuages A modular C2 framework
[99星][6d] [Py] ziconius/fudgec2 FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.
[83星][5y] [Py] maldroid/maldrolyzer Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)
[79星][9m] [C++] watersalesman/aura-botnet A super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.
[70星][14d] [Py] angus-y/pyiris-backdoor a modular, stealthy and flexible remote-access-toolkit written completely in python used to command and control other systems.
[68星][1m] [C#] maraudershell/marauder A .NET agent for the Faction C2 Framework
[67星][5m] [HTML] project-prismatica/prismatica Responsive Command and Control System
[58星][1y] [C#] mdsecactivebreach/browser-externalc2 External C2 Using IE COM Objects
[56星][2y] [Go] averagesecurityguy/c2 A simple, extensible C&C beaconing system.
[48星][3m] [Shell] professionallyevil/c4 Cyberdelia, a Collection of Command and Control frameworks
[44星][30d] [JS] shadow-workers/shadow-workers C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
[41星][2y] [Py] v1v1/sleight Empire HTTP(S) C2 redirector setup script
[39星][1y] [PS] outflanknl/doh_c2_trigger Code for blogpost:
[38星][12d] [C#] sf197/telegra_csharp_c2 Command and Control for C# Writing
[37星][11m] [Go] prsecurity/golang_c2 Boilerplate C2 written in Go for red teams
[31星][16d] [Py] qsecure-labs/overlord Overlord - Red Teaming Infrastructure Automation
[30星][6y] [PS] enigma0x3/powershell-c2
[24星][1y] prsecurity/neutrino Neutrino C2 Source Code
[23星][25d] [Go] audibleblink/bothan Is this IP a C2 server?
[19星][1y] tevora-threat/rt_redirectors Ansible role to configure redirectors for red team C2
[18星][5y] [PS] et0x/c2 Methods of C2
[18星][1m] [Py] marcorosa/cnc-botnet-in-python C&C Botnet written in Python with fabric
[17星][1y] [C] kiwidoggie/oni-framework Embedded systems C2 software written in C/C#
[17星][3y] [Go] pandipanda69/my-little-honeypot This repository aims to show how easy it is to code a telnet honeypot in order to recovering IOT malwares, and thus, active Command & Control.
[17星][4m] stvemillertime/absolutely-positively-not-hacking-back-with-pcap Streaming Unexpected Network Byte Sequences with High Probability of Blue Screening or Otherwise Crashing Attacker Command-and-Control Nodes
[16星][4y] [Py] hasherezade/bunitu_tests Scripts for communication with Bunitu Trojan C&Cs
[16星][6m] [C] blacchat/xzf EXIF-based command and control PoC
[16星][10m] [Py] daniel-infosec/wikipedia-c2 POC for utilizing wikipedia API for Command and Control
[14星][5y] [Py] nocow4bob/pix-c2 Ping Exfiltration Command and Control (PiX-C2)
[14星][3y] [Py] secarmalabs/indushell PoC C&C for the Industroyer malware
[14星][5m] [C#] immersive-command-system/immersivedroneinterface aerial vehicle command and control platform, designed for immersive interfaces (such as the Oculus Rift).
[11星][4m] [Py] jacobsoo/amtracker Android Malware Tracker
[10星][12m] [Dockerfile] d3vzer0/cnc-relay Docker projects to retain beacon source IPs using C2 relaying infra
[10星][9m] [Py] m8r0wn/transportc2 PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
[10星][3y] [Py] r3mrum/loki-parse A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and security researchers who want to know what data is being exfiltrated to the C2, bot tracking, etc...
[9星][4m] [Py] degenerat3/meteor Cross-platform C2 with modules for TCP, web, and more soon to come
[8星][2m] [Py] jacobsoo/malconfig This is part of a module for the framework that i'm constantly developing. Currently only information of the C2 are disclosed here.
[8星][3y] [Py] killswitch-gui/flask_heroku_redirector flask heroku C2 redirector template
[8星][5m] [Py] r00k5a58/pyc2 simple c2 written in python to demonstrate security concepts
[8星][11m] tothi/kali-rpi-luks-crypt Full disk encryption for Kali on Raspberry using LUKS
[8星][25d] [Go] xorrior/apfell-chrome-extension-c2server Apfell C2 Server for the Google Chrome Extension Payload
[7星][3y] [PS] 0sm0s1z/invoke-selfsignedwebrequest This repo exists as a quick and dirty arsenal of methods and scripts to subvert .NET SSL/TLS certificate validation in PowerShell and press on with the hack!
[6星][2y] [C#] jaydcarlson/c2-printf 通过 Silicon Labs C2 调试器连接打印跟踪消息
[6星][5m] [Py] m507/m-botnet A C2 project that controls a self-propagating MS17-010 worm.
[5星][3y] [Py] killswitch-gui/flask_pythonanywhere_redirector flask pythonanywhere C2 redirector template
[4星][3y] [Py] mellow-hype/c2finder Look for un-sinkholed C&C IPs in your Bro logs (from Bambanek Consulting C&C master list)
[4星][2y] [PHP] nao-sec/ramnit_traffic_parser Parsing Ramnit's traffic
[3星][23d] [C++] lima-x-coding/win32.-d0t-nix.c2 A C/C++ recreation off the original Win32.VB.Illerka.C Virus by Michael [APFX]
[0星][2y] [Py] bizdak/silverboxcc Reverse engineered android malware, and this is a C&C server for it
[0星][2y] boaxboax/ctf-quaorar

<a id="307c055d7414abc9ab9f2fb4e85456e1"></a>文章

<a id="b318465d0d415e35fc0883e9894261d1"></a>远控

<a id="9e3a9beb5ecf36b9624525bc3cfef78a"></a>工具

[1615星][9d] [Py] zerosum0x0/koadic 类似于Meterpreter、Powershell Empire 的post-exploitation rootkit，区别在于其大多数操作都是由 Windows 脚本主机 JScript/VBScript 执行
[1473星][3y] [Py] nathanlopez/stitch 一个跨平台的远控框架，可为Windows，Mac OSX和Linux构建自定义的Payload
[789星][4m] [Py] kevthehermit/ratdecoders Python Decoders for Common Remote Access Trojans
[764星][7d] [C] rdesktop/rdesktop rdesktop is an open source UNIX client for connecting to Windows Remote Desktop Services, capably of natively speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop. rdesktop is known to work with Windows server version ranging from NT 4 terminal server to Windows 2012 R2.
[706星][1y] [PS] arvanaghi/sessiongopher 使用WMI为远程访问工具（如WinSCP，PuTTY，SuperPuTTY，FileZilla和Microsoft远程桌面）提取保存的会话信息。PowerShell编写
[538星][10d] [JS] mr-un1k0d3r/thundershell 通过HTTP请求进行通信的C＃RAT
[392星][5m] [C++] werkamsus/lilith 基于C ++开发的基于控制台的超轻量RAT
[297星][2y] [Py] 0xislamtaha/python-rootkit Python远控，用于获取Meterpreter会话
[238星][6d] [C#] b4rtik/redpeanut RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
[222星][9d] [C++] xdnice/pcshare 远程控制软件，可以监视目标机器屏幕、注册表、文件系统等。
[214星][2y] [C#] them4hd1/vayne-rat 用C＃编码的免费和开源远程管理工具。
[205星][2y] [C++] ahxr/ghost a light RAT that gives the server/attacker full remote access to the user's command-line interprete
[201星][10d] [Py] pure-l0g1c/loki 远程访问工具，使用 RSA-2048 + AES-256 保护通信安全
[195星][3m] [PHP] 0blio/caesar 基于HTTP的RAT，从浏览器远程控制设备
[175星][4y] [C#] alphadelta/secure-desktop Anti-keylogger/anti-rat application for Windows
[172星][3y] [C++] hussein-aitlahcen/blackhole C# RAT (Remote Administration Tool)
[157星][10d] [Visual Basic] mwsrc/plasmarat Remote Access Trojan(RAT), Miner, DDoS
[140星][1m] [Py] anhkgg/pyrat 基于python XmlRPC完成的远控开源项目，包括客户端和服务端（也叫控制端，后统称服务端）
[136星][25d] [C++] earthquake/universaldvc Universal Dynamic Virtual Channel connector for Remote Desktop Services
[129星][2y] [Py] dviros/rat-via-telegram 使用Telegram控制已经攻克的Windows主机
[115星][4y] [C#] leurak/trollrat 远程管理工具（RAT），该工具采用与其他RAT不同的方法，不做数据窃取等，只是为了trolling
[98星][4m] [JS] securityrat/securityrat OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
[95星][7y] [C#] ilikenwf/darkagent DarkAgent Remote Administration Tool RAT by DragonHunter
[95星][2y] [Pascal] senjaxus/allakore_remote Delphi Seattle编写的远控
[80星][4y] [C++] rwhitcroft/dnschan 使用DNS通信的远程访问木马
[77星][4y] [Py] ahhh/reverse_https_bot A python based https remote access trojan for penetration testing
[66星][11d] [Visual Basic] thesph1nx/rt-101 VB.net Remote Administrator Tool (RAT)
[65星][7m] sh1n0g1/shinobot RAT / Botnet Simulator for pentest / education
[61星][28d] [Visual Basic] thesph1nx/slickermaster-rev4 NSA Hacking Tool Recreation UnitedRake
[61星][2m] [C#] nyan-x-cat/mass-rat Basic Multiplatform Remote Administration Tool - Xamarin
[58星][3y] [PS] killswitch-gui/persistence-survivability Powershell Persistence Locator
[57星][3y] [Py] m4sc3r4n0/spyrat Python Remote Access Trojan
[55星][4y] [Py] ahhh/ntp_trojan Reverse NTP remote access trojan in python, for penetration testers
[53星][8d] [Java] blackhacker511/blackrat Java编写的远控
[52星][12d] [Py] technowlogy-pushpender/technowhorse TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.
[50星][11d] [C#] brunull/pace A Remote Access Tool for Windows.
[46星][1m] [Pascal] 0x48piraj/malwarex Collection of killers
[46星][1m] [PHP] davidtavarez/pinky pinky - The PHP mini RAT (Remote Administration Tool)
[46星][20d] [Shell] infosecn1nja/ycsm This is a quick script installation for resilient redirector using nginx reverse proxy and letsencrypt compatible with some popular Post-Ex Tools (Cobalt Strike, Empire, Metasploit, PoshC2).
[46星][18d] [Java] m301/rdroid [Android RAT] Remotely manage your android phone using PHP Interface
[46星][2y] pentestpartners/ptp-rat Exfiltrate data over screen interfaces
[44星][2y] [Shell] taherio/redi Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
[41星][3y] [C] killswitch-gui/hotload-driver C++
[40星][5y] [C++] lingerhk/0net 一个简单的Windows远程控制后门
[40星][3y] [Visual Basic .NET] mwsrc/betterrat Better Remote Access Trojan
[39星][1m] [Shell] samyk/easel-driver Easel driver for Linux (and Mac/Windows) + remote access to CNC controller
[37星][11d] [PS] 5alt/zerorat ZeroRAT是一款windows上的一句话远控
[36星][5m] [C#] blackvikingpro/aresskit Next Generation Remote Administration Tool (RAT)
[35星][3y] ritiek/rat-via-telegram Removed according to regulations
[29星][1m] [Py] the404hacking/windows-python-rat A New Microsoft Windows Remote Administrator Tool [RAT] with Python by Sir.4m1R.
[26星][2y] [Py] thegeekht/loki.rat Loki.Rat is a fork of the Ares RAT, it integrates new modules, like recording , lockscreen , and locate options. Loki.Rat is a Python Remote Access Tool.
[25星][9m] [D] alexa-d/alexa-openwebif alexa skill to control your openwebif device
[24星][2y] [Py] rootm0s/casper 👻 Socket based RAT for Windows with evasion techniques and other features for control
[22星][16d] [C#] rainkin1993/remote-access-trojan-database A database of RAT collected from Internet
[21星][11d] [Py] kaiiyer/backnet Backdoor+Botnet or BackNet is a Python Remote Access Tool.
[19星][7d] [Py] lithium95/controll_remote_access_trojan Created a VERY SIMPLE remote access Trojan that will establish administrative control over any windows machine it compromises.
[18星][10m] [PHP] eddiejibson/limitrr-php Better PHP rate limiting using Redis.
[18星][3y] [Py] landonpowell/orwell-rat-and-botnet Orwell is a RAT and Botnet designed as a trio of programs by Landon Powell.
[17星][17d] [YARA] deadbits/yara-rules Collection of YARA signatures from individual research
[17星][2m] [PHP] rizer0/rat-hunter detect trojans by easy way
[14星][3y] [Java] mhelwig/adwind-decryptor Simple decrypter for Java AdWind, jRAT, jBifrost trojan
[14星][2y] [Py] mitre/caldera-agent
[14星][1y] shifa123/maarc A Python - Remote Administration Tool (RAT)
[12星][2y] [JS] node-rat/noderat NodeRat is remote access tool made with NodeJS and python
[11星][3y] [Pascal] mwsrc/schwarze-sonne-rat SS-RAT (Schwarze-Sonne-Remote-Access-Trojan)
[10星][7m] [Go] alanbaumgartner/aurora Aurora Remote Administration Tool
[10星][12m] [Py] user696/mrrat
[9星][2y] [Py] cisco-talos/remcos-decoder Talos Decryptor POC for Remcos RAT version 2.0.5 and earlier
[9星][8d] [Py] federicochieregato/darkfox Remote access trojan created using WinRar with firefox installer and python Reverse Shell embedded.
[8星][2y] thejollysin/i-wish-i-were-at-defcon-25-hack-a-thon My own "I wish I were at DefCon 25" Hack-a-Thon
[8星][4y] [C++] xyl2k/black-eye-rsa-attacking-toolkit-v0.1f-compiled The great RSA Attacking Toolkit compiled for Windows
[7星][2y] [C#] advancedhacker101/android-c-sharp-rat-server This is a plugin for the c# R.A.T server providing extension to android based phone systems
[7星][6m] [Py] e-rror/hiroo
[7星][2y] [C#] mitre/caldera-crater
[7星][1y] [JS] roccomuso/netrat Damn easy multiplatform Node.js RAT generator.
[7星][2y] [Py] lukebob-zz/c2-pwn Uses Shodan API to pull down C2 servers to run known exploits on them.
[6星][18d] [Py] apacketofsweets/apollo A simple, lightweight Remote Access Tool written in Python
[6星][1y] [Py] z4rk/winshell Python opensource RAT/Botnet
[6星][4y] [Visual Basic .NET] gaiththewolf/d-rat_vb.net_mysql_php D-RAT [VB.NET]+[MySQL]+[PHP]
[6星][7d] [PHP] katsana/remote-control Grant remote access to user account without sharing credentials
[5星][8m] [Go] alepacheco/client Windows, OS X and linux RAT client
[5星][17d] [C++] melardev/xeytanwin32-rat WORK IN PROGRESS. RAT written in C++ using Win32 API
[4星][16d] [C++] izanbf1803/rat-cpp-prototype A simple RAT.
[4星][3m] [C++] melardev/xeytanwxcpp-rat Work in Progress. RAT written in C++ using wxWidgets
[3星][2y] [Py] bedazzlinghex/memory-analysis Contains tools to perform malware and forensic analysis in Memory
[3星][1m] [Kotlin] eskatos/creadur-rat-gradle Apache RAT (Release Audit Tool) Gradle Plugin
[3星][1m] [Py] gbrn1/pirate Python Remote Access Tool
[2星][4y] [Py] dakotanelson/multicat PoC RAT using the sneaky-creeper data exfiltration library
[2星][4y] [Visual Basic .NET] retrobyte/shadowtech-rat An example of a remote administration tool.
[None星]socprime/sobaken-rat-detector

[610星][1y] [PS] fortynorthsecurity/wmimplant This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
[518星][8m] [Visual Basic .NET] nyan-x-cat/lime-rat LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
[493星][6m] [Py] viralmaniar/powershell-rat Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
[360星][8d] [C#] nyan-x-cat/asyncrat-c-sharp Open-Source Remote Administration Tool For Windows C# (RAT)
[340星][3y] [Pascal] malwares/remote-access-trojan Windows Remote-Access-Trojan
[229星][4y] [Py] hood3drob1n/jsrat-py This is my implementation of JSRat.ps1 in Python so you can now run the attack server from any OS instead of being limited to a Windows OS with Powershell enabled.
[149星][4m] [Py] safebreach-labs/sireprat Remote Command Execution as SYSTEM on Windows IoT Core
[119星][11d] [C#] dannythesloth/vanillarat VanillaRat is an advanced remote administration tool completely coded in C# for Windows.
[117星][8d] [Py] thelinuxchoice/pyrat Windows远控
[106星][9m] [C#] r-smith/splice-admin A remote Windows administration tool. You know you want it.
[104星][2y] [Py] syss-research/outis a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).
[70星][3m] [PS] dsccommunity/certificatedsc DSC resources to simplify administration of certificates on a Windows Server.
[67星][4y] [C#] stphivos/rat-shell Windows Remote Access Trojan (RAT)
[39星][2m] [Py] swordf1sh/moderat Experimental Windows Remote Administration and Spy Tool in Python + GUI
[20星][1y] [Visual Basic] nyan-x-cat/asyncrat Remote Administration Tool For Windows
[17星][6m] [Py] operatorequals/smbrat A Windows Remote Administration Tool in Visual Basic with UNC paths
[16星][6m] [PS] yschgroup/skyrat SkyRAT - Powershell Remote Administration Tool

[131星][8m] [C] abhishekkr/n00brat 用于POSiX（Linux / Unix）系统的远程管理工具包（或Trojan），以Web服务方式运行
[68星][10m] [JS] webxscan/linux_rat LINUX集群控制(LINUX反弹式远控)
[51星][15d] [C] thibault-69/rat-hodin-v2.9 Remote Administration Tool for Linux
[20星][2m] [C] lillypad/swamp-rat A Linux RAT in C
[7星][5m] [C] ctsecurity/stealth-kid-rat Stealth Kid RAT (SKR) is an open source Linux remote administration tool written in C. Licensed under MIT. The SKR project is fully developed and tested on Debian GNU-Linux (Deb 9.3 "Stretch") platform. The RAT will soon be available on Windows platform by mid 2018.

[430星][9d] [ObjC] sap/macos-enterprise-privileges For Mac users in an Enterprise environment this app ensures secure environment and yet gives the User control over administration of their machine by elevating their level of access to Administrator privilege on macOS X. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
[75星][4y] [Pascal] xlinshan/coldroot Mac OS Trojan (RAT) made with love <3
[74星][1y] [Py] kdaoudieh/bella Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS.
[21星][2m] [Py] cys3c/evilosx A pure python, post-exploitation, remote administration tool (RAT) for macOS / OS X.

[1815星][8m] [Smali] ahmyth/ahmyth-android-rat Android Remote Administration Tool
[939星][7y] designativedave/androrat Remote Administration Tool for Android devices
[931星][6y] [Java] wszf/androrat Remote Administration Tool for Android
[172星][2y] [Java] the404hacking/androrat AndroRAT | Remote Administrator Tool for Android OS Hacking
[138星][3y] [Java] mwsrc/betterandrorat Android Remote Access Trojan
[66星][7y] [Java] ibrahimbalic/androidrat Android RAT
[64星][16d] [Java] globalpolicy/phonemonitor A Remote Administration Tool for Android devices
[50星][3y] [Py] alessandroz/pupy Python编写的远控、后渗透工具，跨平台（Windows, Linux, OSX, Android）
[6星][2y] rev-code/androidclient Android remote administration client

<a id="39ccec75049c60fa1d5dd46fea812331"></a>文章

贡献

内容为系统自动导出, 有任何问题请提issue

Awesome

所有收集类项目

RAT

目录

<a id="39bad1d60c8fbb697fd8701ffafc50a6"></a>开源工具

<a id="98000cf45f63bf295d39e9255d7972ca"></a>pupy

<a id="ff6ee8128d4f01f80c3f2bb522f0d5e9"></a>工具

<a id="4f5ffa16436730588e8d009febe1bd5c"></a>文章

<a id="1acc99cd2330bc55f1dffecfa75b9c7d"></a>Covenant

<a id="05d2a0aed9499aea447e90668c8d5103"></a>工具

<a id="81af73c48e520a45619cbf7769cc64b5"></a>文章

<a id="cf120400afb57c2af9b8da037b3b7c3b"></a>Slackor

<a id="280aaf2c1b0f44b6f5ec7095d7b35578"></a>工具

<a id="8adba68f714e281a3bb7faa2c3661d1b"></a>文章

<a id="05df4f3dd6438b6f6d67f56a8b6e40f3"></a>QuasarRAT

<a id="c2df559aa60f8bfd5da4d9fc7c0ea0d2"></a>工具

<a id="36c965d7808be2799f70e4d910a17abd"></a>文章

<a id="380ea0abfdbf07624ebf45681b773e54"></a>EvilOSX

<a id="a69f3baa491547ddf6a628cda168b492"></a>工具

<a id="375dc16ed1cf6be4274da55140784610"></a>文章

<a id="42a4a0bcb02fcb7a30fe7e42b7a9cdb5"></a>Merlin

<a id="941bae92e80ca3f9c21a232cc959eb67"></a>工具

<a id="5b3a7a286bac53bf26395ea5ffb6c590"></a>文章

<a id="f1821c037c77e23ca5c2552477708930"></a>商业软件

<a id="db69305116cf91a4e67b4c75465dfe3e"></a>Team Viewer

<a id="d42849969f2b53c898f0b6e710dc3027"></a>工具

<a id="eed97a5a9b2346759fb7bb30c5a98bbe"></a>文章

<a id="f6f85e2d4f8e5442884f4d9b6e56ca42"></a>恶意软件(部分)

<a id="74d9131b5ad95c569c0afb9ee5a3c9b9"></a>Gh0st

<a id="dcb10cc6813a25815201b36bacdef198"></a>工具

<a id="683b7000242336c05ea278c9ad3d7e5e"></a>文章

<a id="81308c6923f66db886efe8ae967c2845"></a>NanoCore

<a id="c84aebee516fbf526701102cfa6d0a98"></a>工具

<a id="6df7f0da7bb260a54405579912678c0d"></a>文章

<a id="31bd9e6c54fdd9a00a45542e53abc13b"></a>NjRat

<a id="ff7bcb6c765cb73cfadda9f06deda668"></a>工具

<a id="de09011e16164e950d653756212219ac"></a>文章

<a id="db2bbd5298638952f34060e4f8ee0053"></a>Revenge RAT

<a id="cef60ee76daa3240e95bbf82f2994848"></a>工具

<a id="2dd3016da115b16c9de264b885105eff"></a>文章

<a id="37466b42f2f777fa5a6400d78931995c"></a>PlugX

<a id="03b501e2e5da59c3c97027775e6a93b7"></a>工具

<a id="17ca6dd6130c10b726039472c20bb093"></a>文章

<a id="ee2e3505664b3a7d26842b0278ccce23"></a>RemcosRAT

<a id="3f113acb3b6863c4ec5cbe04ce69f841"></a>L0rdixRAT

<a id="07522f33ae58f9d0de0bdc202f6aa1aa"></a>LodaRAT

<a id="e8fa6ccd3f727add34525951a81fd493"></a>GulfRAT

<a id="57ea699dadcafe202a31772c837f9b7f"></a>NetWireRAT

<a id="20cd83aa4b202931ed4597c506d61257"></a>JhoneRAT

<a id="2da027a7cc244e466f914c996623d114"></a>Dacls

<a id="8bfe869e8aca6fa9e7d2d5b0353c0dc2"></a>BlackRemote

<a id="9ac323d054e6f52e9a92e449b51e75e6"></a>Orcus

<a id="8038672c0b8ef4b0b82afdeae025b38c"></a>NukeSped

<a id="11b35c707990ed436d23cc7495713177"></a>DarkComet

<a id="5af0edca5a51bdd5fd8f8d37b08218c8"></a>WarZone RAT

<a id="84187b0e75ca2a5a844f0367bf6d3c6b"></a>BlackShades

<a id="36531e67f10ecd7114880530e5e46e95"></a>DenesRAT

<a id="660f78a639f351f8404accad8c711ca4"></a>WSH RAT

<a id="319dcbdac181398a9b2ba7f5424a3e04"></a>Qrypter RAT

<a id="eb6a3a9a179678734be43ea1eb26f1c3"></a>Adwind

<a id="eb3c9f8af4ebe91aca4649718ff595c2"></a>CannibalRAT

<a id="5fe739ee0e8778979807558ccd439b07"></a>jRAT

<a id="b62c18c1b4fc6d5b52ca826b36cf0819"></a>jsRAT

<a id="8d0732c4a6cf2393c0ff4e6cfe54f50f"></a>CrossRat

<a id="bb9ad532c3a3c9235157325236380a96"></a>ArmaRat

<a id="504b8511fe74ddb142775e007fa509f8"></a>RokRAT

<a id="ec8fe0e42f60749c29b75ed6708a5323"></a>CatKARAT

<a id="c3abd29c4145412f661b02b37347e70b"></a>TheFatRat

<a id="f1e2e824425e798bf4e410e4496181ed"></a>OmniRAT

<a id="bea46716ccf78713fbb9764999968e72"></a>LuminosityLink

<a id="6e0343d40b9606a34ad2ff311d0d259a"></a>其他

<a id="e80bdc9447f3cdc9416282b598b14cf7"></a>利用公开服务

<a id="17b978a5c371699ccd9a5687ae3f3949"></a>Telegram

<a id="492b34c27ab06b3696c0464465b74eec"></a>工具

<a id="06365f440cb6fa3e0daf933cb0874c8b"></a>文章

<a id="a6303482a58e0d14bb8ce1849817ab5a"></a>Twitter

<a id="ae91172321950c1296375e9c9059d773"></a>工具

<a id="f6f5e4da48152e5b0bc45608a3f9a656"></a>文章

<a id="d2041a55efcfc29ca6a257916255b43b"></a>GMail

<a id="be2346c808f9813f13da3526576e1839"></a>工具