The PyIris project is a modular, stealthy and flexible remote-access-toolkit. It allows users to dynamically build remote-access-trojan payloads (referred to as scouts) by loading and unloading specific modules (referred to as components), that grant scouts specific features. This allows you to cut down on file size and only use essential features making it less likely for antivirus to detect the scout. It also allows for highly customisable payloads that have low hard drive footprints as the scout never writes anything to the disk.
- Dynamic generation of scouts
- Windows registry persistence
- Sleep, kill and disconnect scouts
- Robust error handling
- Remote Command Execution through CMD
- Remote Command Execution through Powershell
- File transfer and data exfiltration
- Shutdown, restart, lock, logoff user
- Download files through url
- Execute and open files remotely
- Keylogging in memory
- Taking screenshots in memory
- Setting audio
- Displaying system information
- Getting user idle time
- Clear, set, dump clipboard data
- Check to see if scout is running with admin privileges
- See all currently open windows on the target
- Dump saved chrome passwords
- Take pictures from webcam without writing to disk
- Compile payloads into Windows EXE
- Inject keystrokes
- Disbale/ Enable the targets keyboard/mouse
- Bypass UAC through sdclt.exe
- Stackable encryption of scout payload source code, in a theoretically infinite stack in infinite variations
- Dynamic generation of scouts
- Sleep, kill and disconnect scouts
- Robust error handling
- Remote Command Execution through bash shell
- File transfer and data exfiltration
- Download files through url
- Keylogging in memory
- Taking screenshots in memory
- Setting audio
- Displaying system information
- Clear, set, dump clipboard data
- Check to see if scout is running as root
- See all currently open windows on the target
- Take pictures from webcam without writing to disk
- Compile payloads into Linux ELF
- Inject keystrokes
- Stackable encryption of scout payload source code, in a theoretically infinite stack in infinite variations
- Python 2.7
- Git
First, clone this repository, make sure you have git installed.
git clone https://github.com/angus-y/PyIris-backdoor
Next, pip install pycaw, which can't be installed the standard way, so you'll need to install pycaw from this separate github repository
pip install https://github.com/AndreMiras/pycaw/archive/master.zip
Finally, install the rest of the required modules the standard way. Only install modules from the "setup/windows/requirements.txt" file as this section is for running the Windows edition of PyIris.
pip install -r setup/windows/requirements.txt
Upon running it the first time you should be greeted with the option to generate a key, this indicates everything has been installed correctly.
First, clone this repository, make sure you have git installed.
git clone https://github.com/angus-y/PyIris-backdoor
Next install an external dependency, xlib, required by pyperclip.
sudo apt-get install xclip
Then install pyalsaaudio through apt-get
sudo apt-get install python-alsaaudio
Finally, install the rest of the required modules the standard way. Only install modules from the "setup/linux/requirements.txt" file as this section is for running the Linux edition of PyIris.
pip install -r setup/linux/requirements.txt
Upon running it the first time you should be greeted with the option to generate a key, this indicates everything has been installed correctly.
Change into the PyIris-backdoor folder first, then run
git pull
On windows to install any newly added third party modules or update then run
pip install -r setup/windows/requirements.txt
On linux to install any newly added third party modules or update then run
pip install -r setup/linux/requirements.txt
- Windows 10
- Kali Linux Rolling releases
- Ubuntu 16.04 and future releases
- Debian
PyIris.py
If prompted to generate a key, either press enter or enter a key that you want to use.
python2 PyIris.py
If prompted to generate a key, either press enter or enter a key that you want to use.
The help
command is your friend! Simply run help
to get a list of all commands you can use on a specific interface. For more
detail about a specific command, run help <name of command>
to get more in depth help about it. Alternatively you can use the
?
command which is an alias for the help command.
PyIris utilizes Pyinstaller to compile its payloads. It is therefore not possible to cross-compile binaries. That means if you generate and compile a scout in Linux the binary only runs in Linux, it works the same for Windows. If you want to cross-compile Windows scouts for Linux I suggest you use wine and run PyIris from there.
I have already included a PyHook wheel file in the setup/windows folder however that wheel works only for 64 bit versions of Windows. You may have to manually install PyHook yourself. Go to this site and search for the PyHook wheel file that works for your Windows version and download it. Next, pip install using the name of that wheel file.
pip install <name of pyhook wheel file>
If you downloaded the correct pyhook wheel file it should install succesfully.
Well this is due to several reasons. First, is the problem of open source code and mulitple distros. Linux has many distrubutions each linux distro may be different or have a different system structure than each other linux system. Creating components to cover all of them is incredibly difficult. Secondly, is support, simply put some linux systems just dont support some functions out of the box for python. Lastly is the fact that the terminal is much more powerful than cmd, therefore a lot more actions can be accomplished from the terminal than from cmd so there is no need to add extra components, your trusty linux/execute_command_bash will do the job for you
Yes it is I should probably be using HTTP buuuuut I am just lazy. Perhaps in a future update but that requires rewriting a lot of the listener-scout protocol which could take some time.
No lol
- PyCharm IDE
- My brain
Create an issue, but before that please read the "ISSUE_TEMPLATE.md" file first
- Inspired by Powershell Empire and Brain Damage
- Thanks to ev-ev for helping me in the earliest stages of the project and in helping me to create PyIris
- Thanks to Dharshan2004 for helping build a part of the in-memory webcam module and test PyIris on Debian
- Thanks to my brain for formulating this whole project
Licensed under Mozilla Public License Version 2.0 - See the "LICENESE.md" file for more details
I am not held reponsible for anything illegal or unethical that you do with this framework, this framework was developed for ethical hackers, pentesters and for research purposes as a cyber security project. Please do NOT use this without the full consent of the victim. Use this framework to break stuff but legally please :).