Python-Rootkit
Python Remote Administration Tool (RAT) to gain meterpreter session (by 0xIslamTaha)
macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research. (by sevagas)
| Python-Rootkit | macro_pack | |
|---|---|---|
| 2 | 4 | |
| 637 | 2,183 | |
| 0.0% | - | |
| 0.8 | 0.0 | |
| over 1 year ago | almost 2 years ago | |
| Python | Python | |
| - | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Python-Rootkit
Posts with mentions or reviews of Python-Rootkit.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-07-19.
- What programming languages should I learn to become a successful pentester?
-
My first python project; a keylogger
As far as hiding it, you could try this to hide the window. You can also use Python-rootkit to hide the python process.
macro_pack
Posts with mentions or reviews of macro_pack.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-21.
- Docx, doc macro rev shell generator?
- hey guys which would be easier to make, a malicious docx or pdf?
- MacroPack - will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other maldoc payload type. This tool can be used for red teaming, pentests, demos, and social engineering assessments.
-
Trying to bypass Antivirus with a malicious Word document (VBA macro attack) stomped with EvilClippy
If you are new to macros and obfuscation in general I recommend you to not use meterpreter as your C2 because there are too many signatures for it. You need an AMSI bypass here + shellcode changes / in memory scanner evasion. Try some of the „newer“ C2 open source tools. If you are using a powershell stager you will most likely only need an AMSI bypass. Build the macro itself manually. You can obfuscate it afterwards using https://github.com/sevagas/macro_pack for example to change the signature. This should work for most AV vendors.
What are some alternatives?
When comparing Python-Rootkit and macro_pack you can also consider the following projects:
Pieta - A Remote Administration Tool (RAT)
VBA-Macro-Reverse-Shell - Fully functioning reverse shell written entirely in VBA.
warehouse - The Python Package Index
ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
impfuzzy - Fuzzy Hash calculated from import API of PE files
Poiana - Meterpreter Reverse shell over TOR network using hidden services