This is my side project that exploits the permissions and vulnerabilities of pip packages, which is capable of sneaking in sensitive information, source code, or any malware into a local machine.
- This functions like a standard Python package, but it uses methods that trigger stealthy operations.
- It has features specifically designed for integrating source into secured environments without getting caught.
- This repository contains the codebase, but feel free to fork and change the codebase as needed.
pip install matplotlib-visual
Note: The
matplotlib-visual
package has been implemented by me. You can install it, but the package holds information specific to me, so it may not be useful for new users. I recommend forking the repository, making changes, and uploading your own package.
- Create a Python file and enter any of the code snippets below.
- Or, open a terminal and run Python interactively:
python
So far, I've added features that allow you to sneak source code into a machine using the following methods:
- Displaying source code in the console output.
from matplotlib_visual.models import display
display("<filename-without-extension>")
models
method displays source code in the console.
- Stealth Copy to Clipboard for a more secure method.
from matplotlib_visual.graph import display
display("<filename-without-extension>")
graph
method copies the source code to the system's clipboard.
- Writing the source code into the program's root directory.
from matplotlib_visual.piechart import display
display("<filename-without-extension>")
We welcome all contributions! Whether you're improving features, fixing bugs, or enhancing documentation, your help is valuable to us. Here's how to get started:
Before contributing, familiarize yourself with the project. It’s beginner-friendly, and most features are implemented with minimal lines of code. The key is to research thoroughly to understand how to implement stealthy features.
- You can either request to be assigned an existing issue or raise a new issue if you have ideas for new features or documentation improvements.
- If the contribution guidelines or any part of the documentation are unclear, feel free to suggest changes or improvements.
To work on an issue:
- Comment:
"I would like to work on this issue under GSSoC'24 Extended Edition."
- If you've raised your own issue, comment:
"I want to work on this issue under GSSoC'24 Extended Edition."
We appreciate all contributions, whether code, documentation, or suggestions. Keep the code clean, simple, and efficient.
If you find this project useful or interesting, please star the repository on GitHub to show your support. It really helps the project grow!
- This package integrates source files into a target machine using the
stash/
directory. - A test file is provided—run it to ensure that the contents of the files inside the stash appear on the target machine.
- Filenames like
graph.py
,models.py
, andpiechart.py
are aliases to avoid detection of sensitive operations.
- The codebase is simple and easy to contribute to, but implementing stealthy features requires proper research. Although some features are written with just a few lines of code, each has undergone extensive research and development.
- Since the package exploits security permissions in
pip
, maintaining pip standards is advised. - Every feature in this package supports major OS:
- Windows
- Linux
- MacOS
- If you find any vulnerabilities, please raise an issue.
The purpose of this package is educational, aiming to highlight and improve security by demonstrating potential vulnerabilities in systems.
This package is licensed under the GPL 3.0, allowing you to sneakily use and modify it as needed.
Happy sneaking! 🤫