PyIris-backdoor: modular, stealthy and flexible remote-access-toolkit

The PyIris Project

The PyIris project is a modular, stealthy and flexible remote-access-toolkit written completely in python. It allows users to dynamically build, generate, and encode/encrypt remote-access-trojan payloads for remote control of other compromised hosts.

Features (Both Windows and Linux)

  • Tab completion for most commands
  • Dynamically generate scouts
  • Robust error handling to allow scouts to recover from sudden disconnects
  • Upload and download files from and to the target machine
  • Sleep, kill and disconnect scouts
  • Download files from external urls (web downloads)
  • Keylogging in memory
  • Displaying system information
  • Taking screenshots without writing to disk
  • See all currently open visible and nonvisible windows on the target
  • Check to see if a scout is running with admin/root privileges
  • Inject keystrokes
  • Compile payloads into Windows EXEs or Linux ELFs
  • Clear, set, or dump clipboard data
  • Setting audio
  • Take pictures from the webcam without writing to disk
  • Stackable encryption of scout payload source code, in a theoretically infinite stack in infinite variations
  • execute arbitrary python code and read the results even if the python interpreter is not installed on the target machine from compiled scouts
  • request for admin/root
  • sleep for an arbitrary length of time before running (To bypass AV dynamic program analysis)
  • self-delete (only works for scripts)
  • Stream webcam over TCP sockets (pretty laggy will work on a UDP version)

Features (Windows)

  • Archive persistence through the windows registry (HKEY_CURRENT_USER)
  • Archive persistence through the windows startup folder
  • Remote Command Execution through cmd.exe or powershell.exe (provided it is not blocked)
  • Open URLs from a native browser (internet explorer ewww)
  • Shutdown, restart, lock, logoff user gracefully without connection hanging from scout payload
  • Execute or open files remotely
  • Check the user idle time
  • Dump saved chrome passwords (won’t work with the latest Chrome browsers since they changed encryption methods and I’m kinda lazy to update this lol)
  • Disbale/ Enable the targets keyboard/mouse
  • Bypass UAC through sdclt.exe (Has already been patched in recent windows updates)

Features (Linux)

  • Achieve persistence through cron jobs (crontab)
  • Remote Command Execution through the bash shell

Install & Use