Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated.
To install Nimplant, you'll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.
From the Mythic install root, run the command:
./install_agent_from_github.sh https://github.com/MythicAgents/Nimplant
Once installed, restart Mythic to build a new agent.
- Cross-platform
- Fully asynchronous
- Can generate agents compiled from both C and C++ source code
Command | Syntax | Description |
---|---|---|
cat | cat [file] |
Retrieve the output of a file. |
cd | cd [dir] |
Change working directory. |
cp | cp [source] [destination] |
Copy a file from source to destination. Modal popup. |
curl | curl [url] [method] [headers] [body] |
Execute a single web request. |
download | download [path] |
Download a file off the target system. |
exit | exit |
Exit a callback. |
getenv | getenv |
Get all of the current environment variables. |
jobs | jobs |
List all running jobs. |
kill | kill [pid] |
Attempt to kill the process specified by [pid] . |
ls | ls [path] [recurse] |
List files and folders in [path] with optional param to list recursively. Defaults to current working directory. |
mkdir | mkdir [dir] |
Create a directory. |
mv | mv [source] [destination] |
Move a file from source to destination. Modal popup. |
ps | ps |
List process information. |
pwd | pwd |
Print working directory. |
rm | rm [path] |
Remove a file specified by [path] |
shell | shell [command] |
Run a shell command which will translate to a process being spawned with command line: cmd.exe /r[command] |
unsetenv | setenv [envname] [value] |
Sets an environment variable to your choosing. |
sleep | sleep [seconds] |
Set the callback interval of the agent in seconds. |
unsetenv | unsetenv [envname] |
Unset an environment variable. |
upload | upload |
Upload a file to a remote path on the machine. Modal popup. |
Currently, only one C2 profile is available to use when creating a new Nimplant agent: HTTP.
The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. When selecting options to be stamped into Nimplant at compile time, all options are respected with the exception of those parameters relating to GET requests.
More coming soon!
- [] Ability to compile to Objective-C for macOS capabilities
- [] Integration of Donut to allow user to generate shellcode as output
- [] Communication via WebSockets
- [] Screenshotting capabilities
- [] Remote process injection capabilities