/Viper

Intranet pentesting tool with webui 开源图形化内网渗透工具

BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

English | 简体中文

  • Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
  • Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
  • Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
  • Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
  • Viper supports running native msfconsole in browser and multi - person collaboration

image.png


image.png


image.png


image.png


image.png


image.png

Website

Installation manual

Updatelog

✨Click to expand

v1.5.4 20211017

New Features

  • Added MS17-010 Exploit (CSharp) module

Optimization

  • Merged metasploit-framework 6.1.10

Bugfix

  • Fix duplicate add reverse_http(s) handler failed to deal with session online requests.

v1.5.3 20211010

Optimization

  • Optimize msfconsole user experience
  • Merged metasploit-framework 6.1.10

v1.5.2 20211007

Optimization

  • Login page multilingual support
  • Merged metasploit-framework 6.1.9

v1.5.1 20210926

New Features

  • Added Obtain Internet outbound IP module
  • New search filter for session process list

Optimization

  • Antivirus software display supports English version
  • Optimize the output format of the intranet scanning module
  • Optimize the performance and UI of the Run Module function
  • Merged metasploit-framework 6.1.8 version

Bugfix

  • Fix the problem that the name of antivirus software is not displayed

v1.5.0 20210919

New Features

  • VIPER now support English language

Optimization

  • Optimized the format of session online SMS
  • Merged metasploit-framework 6.1.7 version

Bugfix

  • Fixed the issue that ExitOnSession did not take effect
  • Fix the issue that the bind handler of the exploit module does not take effect

v1.4.2 20210822

New Features

  • Added Session online by SCF (Tencent API Gateway) module

Optimization

  • Use Unix socketpair to replace 127.0.0.1 socketpair to improve performance
  • Optimize the handler function, add HttpHostHeader parameter
  • Block ids check of session
  • Merged metasploit-framework 6.1.5 version

Bugfix

  • Fixed the problem that some module tasks could not be deleted
  • Fixed the issue of channel not being released in MSF
  • Fix the issue of Clone Https certificate certificate length, adapt to the new features of SSLVersion
  • Fix the issue that the session does not respond after the use of Linux intranet routing and command execution due to stream hang

FAQ

Issues

Modules

System architecture diagram

viper.png

Development

Source Code

  • viperjs (Frontend)

https://github.com/FunnyWolf/viperjs

  • viperpython (Backend)

https://github.com/FunnyWolf/viperpython

  • vipermsf (MSFRPC)

https://github.com/FunnyWolf/vipermsf

Thanks

Edward_Snowdeng exp Fnzer0 qingyun00 脸谱 NoobFTW Somd5-小宇 timwhitez ViCrack xiaobei97 yumusb

404StarLink 2.0 - Galaxy

Viper has joined 404Team 404StarLink 2.0 - Galaxy

Stargazers

Stargazers over time