ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication.
https://lu4p.github.io/ToRat
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
DISCLAIMER
USE FOR EDUCATIONAL PURPOSES ONLY
Wiki
Preview
Client Commands
| Command | Status | Info |
|---|---|---|
| cd | Working | change the working directory of the client |
| ls | Working | list the content of the working directory of the client |
| shred | Working | delete files/ directories unrecoverable |
| screen | Working | take a Screenshot of the client |
| cat | Working | view Textfiles from the client including .docx, .rtf, .pdf, .odt |
| alias | Working | give the client a custom alias |
| down | Working | download a file from the client |
| up | Working | upload a file to the client |
| speedtest | Working | speedtest a client's internet connection |
| hardware | Working | collects a variety of hardware specs from the client |
| netscan | Working | scans a clients entire network for online devices and open ports |
| gomap | Working | scan a local ip on a clients network for open ports and services |
| escape | Working | escape a command and run it in a native shell on the client |
| reconnect | Not Working | tell the client to reconnect |
| help | Working | lists possible commands with usage info |
| exit | Working | background current session and return to main shell |
Server Commands
| Command | Status | Info |
|---|---|---|
| select | Working | select client to interact with |
| list | Working | list all connected clients |
| alias | Working | select client to give an alias |
| cd | Working | change the working directory of the server |
| help | Working | lists possible commands with usage info |
| exit | Working | exit the server |
Current Features
Architecture
- RPC (Remote procedure Call) based communication for easy addition of new functionality
- Automatic upx leads to client binaries of ~6MB with embedded Tor
- sqlite via gorm for storing information about the clients
- client is obfuscated via garble
Server Shell
Cross Platform reverse shell (Windows, Linux, Mac OS)
Supports multiple connections
Welcome Banner
Colored Output
Tab-Completion of:
- Commands
- Files/ Directories in the working directory of the server
Unique persistent ID for every client
- give a client an Alias
- all Downloads from client get saved to ./$ID/$filename
Persistence
Windows:
- Multiple User Account Control Bypasses (Privilege escalation)
- Multiple Persistence methods (User, Admin)
Linux:
- Multiple Persistence methods (User, Admin)
Tor
Fully embedded Tor within go
the ToRAT_client communicates over TLS encrypted RPC proxied through Tor with the ToRat_server (hidden service)
- anonymity of client and server
- end-to-end encryption
optional transport without Tor e.g. Use Tor2Web, a DNS Hostname or public/ local IP
- smaller binary ~3MB upx'ed
- anonymity of client and server
Upcoming Features
- Bulk Commands
- Persistence and privilege escalation for Linux
- Persistence and privilege escalation for Mac OS
- Support for Android and iOS (needs fix of https://github.com/ipsn/go-libtor/issues/12)
- File-less Persistence on Windows
Contribution
All contributions are welcome you don't need to be an expert in Go to contribute.
Credits
- Tor
- Tor controller library
- Python Uacbypass and Persistence Techniques
- Modern Cli
- Colored Prints
- Screenshot library
- TLS Certificate generator
- Shred library
- Extract Text from Documents
- RPC
- UPX
- Obfuscation
No comments:
Post a Comment