Multi-platform persistence toolkit for user-provided payloads.
Project description
Nekrosis
A multi-platform persistence toolkit, with the goal of simplifying malware deployment.
Developed as a capstone project for the Southern Alberta Institute of Technology's Information Systems Security program (Winter 2024), to demonstrate the many techniques that can be used to achieve persistence on Windows, macOS, and Linux.
Please use irresponsibly.
- For contributors, see CONTRIBUTING.md for project architecture and design.
Installation
Standalone Executables
See GitHub Release Tab for latest executables.
Python Library - PyPI
python -m pip install nekrosis
Source Code
Requires Python 3.6 or newer, install from official website when applicable: python.org.
Additional dependencies can be installed with pip:
python -m pip install -r requirements.txt
Usage
Project designed to be used either as a library or as a standalone executable.
Library
from nekrosis import Nekrosis
nekrosis = Nekrosis("/path/to/malware")
nekrosis.supported_persistence_methods()
nekrosis.recommended_persistence_method()
nekrosis.install()
Executable - Help
$ nekrosis (-h | --help)
>>> usage: nekrosis [-h] [-p PAYLOAD] [-m METHOD] [-v] [-l]
>>>
>>> Install a payload for persistence on Windows, macOS, or Linux.
>>>
>>> options:
>>> -h, --help show this help message and exit
>>> -p PAYLOAD, --payload PAYLOAD
>>> The payload to install.
>>> -m METHOD, --method METHOD
>>> The custom persistence method to use (optional).
>>> -v, --version show program's version number and exit
>>> -l, --list-supported-methods
>>> List the supported persistence methods for the current OS.
>>> -e {xml,json,plist}, --export {xml,json,plist}
>>> Export the supported persistence methods to STDOUT in the specified format.
>>> -n, --nuke Remove all traces of Nekrosis and the original payload.
>>> -s, --silent Suppress output.
Executable - Install Payload
Best method determined by privilege and other environmental factors if no method is specified.
$ nekrosis (-p | --payload) <malware> (-m | --method) <method>
>>> Creating persistence
>>> Payload: <malware>
>>> OS: macOS
>>> Effective User ID: 501
>>> Persistence Method: "LaunchAgent - Current User"
>>> Installing launch service (LaunchAgent - Current User)
>>> Relocated payload: /Users/target/Library/LaunchAgents/713753
>>> Service file: /Users/target/Library/LaunchAgents/com.80309.plist
>>> Service started successfully 🎉
Method can also be specified by index starting at 0, example:
0 - "LaunchAgent - Current User"
1 - "LaunchAgent - Electron"
Authors
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
