Cypyonate 1.3.1

An extendable command-line injector built entirely in Python

Cypyonate

Cypyonate is an extendable command-line injector built entirely in Python. It is named after testosterone cypionate, an injectable form of the hormone.

Features

Cypyonate currently has 5 injection forms which can be selected with the --form argument

• LoadLibrary DLL Injection
• Shellcode Injection
• Manual Map DLL Injection
• Thread Hijack LoadLibrary Injection (Only seems to work ~90% of the time)
• Early Bird APC Shellcode Injection
• Early Bird APC DLL Injection

More methods can be added with relative ease. See Adding Injection Methods.

Installation

Requirements

Latest tested with Python 3.11.0

The following Python packages are required by Cypyonate and can be install with pip install -r requirements.txt

• pefile
• pywin32
• colorama
• setuptools

Installation Process

PS C:\Dev> git clone https://github.com/Scags/Cypyonate.git
PS C:\Dev> pip install .\Cypyonate\
//OR
PS C:\Dev> cd .\Cypyonate\
PS C:\Dev\Cypyonate> py .\setup.py install

Installing Multiple Architectures

Cypyonate cannot execute under a different architecture than what it was installed with. If you want to install Cypyonate for x86, you must download the x86 version of Python, then run pip install from that Python version.

Cypyonate changes its command depending on the architecture of the Python installation that installs it. If running x64, the command is cypy. If running x86, the command is cypy32. Assure that your Python installation's Scripts/ directory is added to your PATH.

Usage

usage: cypy [-h] [-i injection] [-p payload] [-v] [-f form] [-l]    
            [-w duration] [--install module] [--remove module]
            [-V] [-r] [--clear-header clear_header]
            [--clear-unneeded-sections clear_unneeded_sections]     
            [--sehsupport sehsupport]
            [--adjust-protections adjust_protections]
            [--fdwreason fdwReason] [--lpvreserved lpvReserved]     
            [--check-time check_time]

Command-line injector

options:
  -h, --help            show this help message and exit
  -i injection, --inject injection
                        target process (ID or name) (default:       
                        None)
  -p payload, --payload payload
                        payload file path (use '-' for stdin)       
                        (default: None)
  -v, --verbose         verbosely print output (default: False)     
  -f form, --form form  form of injection (see --list) (default:    
                        default)
  -l, --list            list available injection forms (default:    
                        False)
  -w duration, --wait duration
                        duration of time to wait for remote thread  
                        to finish in milliseconds, in applicable    
                        injection techniques (default: 10000)       
  --install module      install a module (default: None)
  --remove module       remove a module (default: None)
  -V, --version         view Cypyonate's current version and        
                        architecture (default: False)
  -r, --reflective      inject reflectively (only applicable to     
                        some injection forms) (default: False)      

manual mapping injection:
  --clear-header clear_header
                        clear the header of the payload after       
                        injection (default: True)
  --clear-unneeded-sections clear_unneeded_sections
                        clear unneeded sections for the target      
                        binary to run after injection (default:     
                        True)
  --sehsupport sehsupport
                        if clearing unneeded sections, clear        
                        .pdata as well (default: True)
  --adjust-protections adjust_protections
                        adjust the protections of target binary     
                        after injection (default: True)
  --fdwreason fdwReason
                        the fdwReason parameter to pass to DllMain  
                        (default: 1)
  --lpvreserved lpvReserved
                        the lpvReserved parameter to pass to        
                        DllMain (default: 0)
  --check-time check_time
                        time to wait between checks for shellcode   
                        to finish execution, if applicable
                        (default: 1.0)

Adding Injection Methods

Create a new .py file, import the main cypyonate module, and create a class that inherits from cypyonate.Module. Overload the inject() function and implement your code.

You must use a relative import like below, as installing the module with place it within the "modules" subfolder in the project.

from .. import cypyonate as cypy

class MyInjection(cypy.Module):
	def __init__(self):
		super().__init__(name="My Injection", frmat="myinjection", desc="My custom injection method")

  def add_to_argparse(self, parser):
    # If you want to add options to the "cypy" command argument handler
    pass

  def inject(self, handler: cypy.Cypyonate, target: str, payload: str, verbose: bool):
    # Run code here
    pass

To finalize adding your module, enter the command cypy --install myfile.py. This will copy the file to the project modules folder.

Reflective Injection

New with V1.3

Cypyonate is capable of performing reflective injections.

This is currently supported by the current forms:

• Shellcode Injection
• Manual Map DLL Injection
• Early Bird APC Shellcode Injection

To perform a reflective injection, simply pass a base64 encoded string as the payload and add the -r argument.