An open-source post-exploitation framework for students, researchers and developers.

Overview

Banner

license version build Coverage Status Discord Tweet

Questions? Join the Discord support server

Disclaimer: This project should be used for authorized testing or educational purposes only.

BYOB is an open-source post-exploitation framework for students, researchers and developers. It includes features such as:

  • Command & control server with intuitive user-interface
  • Custom payload generator for multiple platforms
  • 12 post-exploitation modules

It is designed to allow students and developers to easily implement their own code and add cool new features without having to write a C2 server or Remote Administration Tool from scratch.

This project has 2 main parts: the original console-based application (/byob) and the web GUI (/web-gui).

Web GUI

Dashboard

A control panel for your C2 server with a point-and-click interface for executing post-exploitation modules. The control panel includes an interactive map of client machines and a dashboard which allows efficient, intuitive administration of client machines.

dashboard_preview

Payload Generator

The payload generator uses black magic involving Docker containers & Wine servers to compile executable payloads for any platform/architecture you select. These payloads spawn reverse TCP shells with communication over the network encrypted via AES-256 after generating a secure symmetric key using the Diffie-Hellman IKE.

payloads_preview

Terminal Emulator

The web app includes an in-browser terminal emulator so you can still have direct shell access even when using the web GUI.

terminal_preview

Console Application

Client

client

Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules

  1. Remote Imports: remotely import third-party packages from the server without writing them to the disk or downloading/installing them
  2. Nothing Written To The Disk: clients never write anything to the disk - not even temporary files (zero IO system calls are made) because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process
  3. Zero Dependencies (Not Even Python Itself): client runs with just the python standard library, remotely imports any non-standard packages/modules from the server, and can be compiled with a standalone python interpreter into a portable binary executable formatted for any platform/architecture, allowing it to run on anything, even when Python itself is missing on the target host
  4. Add New Features With Just 1 Click: any python script, module, or package you copy to the ./byob/modules/ directory automatically becomes remotely importable & directly usable by every client while your command & control server is running
  5. Write Your Own Modules: a basic module template is provided in ./byob/modules/ directory to make writing your own modules a straight-forward, hassle-free process
  6. Run Unlimited Modules Without Bloating File Size: use remote imports to add unlimited features without adding a single byte to the client's file size
  7. Fully Updatable: each client will periodically check the server for new content available for remote import, and will dynamically update its in-memory resources if anything has been added/removed
  8. Platform Independent: everything is written in Python (a platform-agnostic language) and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application (macOS)
  9. Bypass Firewalls: clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections
  10. Counter-Measure Against Antivirus: avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning
  11. Encrypt Payloads To Prevent Analysis: the main client payload is encrypted with a random 256-bit key which exists solely in the payload stager which is generated along with it
  12. Prevent Reverse-Engineering: by default, clients will abort execution if a virtual machine or sandbox is detected

Modules

modules

Post-exploitation modules that are remotely importable by clients

  1. Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods
  2. Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file
  3. Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges
  4. Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports
  5. Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered
  6. Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop
  7. Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam
  8. Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client
  9. Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host
  10. iCloud (byob.modules.icloud): check for logged in iCloud account on macOS
  11. Miner (byob.core.miner): mine Monero in the background using the built-in miner or XMRig

Server

server

Command & control server with persistent database and console

  1. Console-Based User-Interface: streamlined console interface for controlling client host machines remotely via reverse TCP shells which provide direct terminal access to the client host machines
  2. Persistent SQLite Database: lightweight database that stores identifying information about client host machines, allowing reverse TCP shell sessions to persist through disconnections of arbitrary duration and enabling long-term reconnaissance
  3. Client-Server Architecture: all python packages/modules installed locally are automatically made available for clients to remotely import without writing them to the disk of the target machines, allowing clients to use modules which require packages not installed on the target machines

Core

core

Core framework modules used by the generator and the server

  1. Utilities (byob.core.util): miscellaneous utility functions that are used by many modules
  2. Security (byob.core.security): Diffie-Hellman IKE & 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)
  3. Loaders (byob.core.loaders): remotely import any package/module/scripts from the server
  4. Payloads (byob.core.payloads): reverse TCP shell designed to remotely import dependencies, packages & modules
  5. Stagers (byob.core.stagers): generate unique payload stagers to prevent analysis & detection
  6. Generators (byob.core.generators): functions which all dynamically generate code for the client generator
  7. DAO (byob.core.dao): handles interaction between command & control server and the SQLite database
  8. Handler (byob.core.handler): HTTP POST request handler for remote file uploads to the server

To Do

Contributors welcome! Feel free to issue pull-requests with any new features or improvements you have come up with!

  1. Remote Import Encryption - encryption for data streams of packages/modules being remotely imported (to maintain confidentiality/authenticity/integrity and prevent any remote code execution vulnerabilities arising from deserialization)
  2. Transport Types - add support for more transport types (HTTP/S, DNS, etc.)
  3. Bug Fixes - fix any bugs/issues
Owner
dvm
Computer science student
dvm
This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

1 Nov 15, 2021
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Android Malware Behavior Deleter

Android Malware Behavior Deleter UDcide UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove

27 Sep 23, 2022
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
A simple linux keylogger project.

The project This project is a simple linux keylogger. When activated, it registers all the actions made with the keyboard. The log files are registere

1 Oct 24, 2021
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanžek 1 Jan 14, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
Use scrapli to retrieve security zone information from a Juniper SRX firewall

Get Security Zones with Scrapli Overview This example will show how to retrieve security zone information on Juniper's SRX firewalls. In addition to t

Calvin Remsburg 2 Jun 19, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022
Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex

0x00 3 Nov 21, 2022
Apk Framework Detector

🚀🚀🚀Program helps you to detect the major framework or technology used in writing any android app. Just provide the apk 😇😇

Daniel Agyapong 10 Dec 07, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

Michael Tsai 12 Nov 09, 2022
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
Brute force attack tool for Azure AD Autologon/Seamless SSO

Brute force attack tool for Azure AD Autologon

nyxgeek 89 Jan 02, 2023
A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

whoami security 22 Jul 22, 2022
Some Attacks of Exchange SSRF ProxyLogon&ProxyShell

Some Attacks of Exchange SSRF This project is heavily replicated in ProxyShell, NtlmRelayToEWS https://mp.weixin.qq.com/s/GFcEKA48bPWsezNdVcrWag Get 1

Jumbo 129 Dec 30, 2022
CVE-2021-36798 Exp: Cobalt Strike < 4.4 Dos

A denial of service (DoS) vulnerability (CVE-2021-36798) was found in Cobalt Strike. The vulnerability was fixed in the scope of the 4.4 release. More

104 Nov 09, 2022
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro 9 Sep 27, 2022