Skip to main content

Multi-platform persistence toolkit for user-provided payloads.

Project description

App Icon

Nekrosis

A multi-platform persistence toolkit, with the goal of simplifying malware deployment.

Developed as a capstone project for the Southern Alberta Institute of Technology's Information Systems Security program (Winter 2024), to demonstrate the many techniques that can be used to achieve persistence on Windows, macOS, and Linux.

Please use irresponsibly.

  • For contributors, see CONTRIBUTING.md for project architecture and design.

Installation

Standalone Executables

See GitHub Release Tab for latest executables.

Python Library - PyPI

python -m pip install nekrosis

Source Code

Requires Python 3.6 or newer, install from official website when applicable: python.org.

Additional dependencies can be installed with pip:

python -m pip install -r requirements.txt

Usage

Project designed to be used either as a library or as a standalone executable.

Library

from nekrosis import Nekrosis

nekrosis = Nekrosis("/path/to/malware")

nekrosis.supported_persistence_methods()
nekrosis.recommended_persistence_method()
nekrosis.install()

Executable - Help

$ nekrosis (-h | --help)

>>> usage: nekrosis [-h] [-p PAYLOAD] [-m METHOD] [-v] [-l]
>>>
>>> Install a payload for persistence on Windows, macOS, or Linux.
>>>
>>> options:
>>>   -h, --help            show this help message and exit
>>>   -p PAYLOAD, --payload PAYLOAD
>>>                         The payload to install.
>>>   -m METHOD, --method METHOD
>>>                         The custom persistence method to use (optional).
>>>   -v, --version         show program's version number and exit
>>>   -l, --list-supported-methods
>>>                         List the supported persistence methods for the current OS.
>>>   -e {xml,json,plist}, --export {xml,json,plist}
>>>                         Export the supported persistence methods to STDOUT in the specified format.
>>>   -n, --nuke            Remove all traces of Nekrosis and the original payload.
>>>   -s, --silent          Suppress output.

Executable - Install Payload

Best method determined by privilege and other environmental factors if no method is specified.

$ nekrosis (-p | --payload) <malware> (-m | --method) <method>

>>> Creating persistence
>>>   Payload: <malware>
>>>   OS: macOS
>>>   Effective User ID: 501
>>>   Persistence Method: "LaunchAgent - Current User"
>>> Installing launch service (LaunchAgent - Current User)
>>>   Relocated payload: /Users/target/Library/LaunchAgents/713753
>>>   Service file: /Users/target/Library/LaunchAgents/com.80309.plist
>>>   Service started successfully 🎉

Method can also be specified by index starting at 0, example:

  0 - "LaunchAgent - Current User"
  1 - "LaunchAgent - Electron"

Authors

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

nekrosis-1.0.0-py3-none-any.whl (702.5 kB view details)

Uploaded Python 3

File details

Details for the file nekrosis-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: nekrosis-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 702.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.9

File hashes

Hashes for nekrosis-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 52ef06324cbdd744c2efffbeb5692c16de50ee07068ee0b8caf0ab342942e6fa
MD5 33f11b26ca674d509b1129a6f83f8c8f
BLAKE2b-256 4029d15c63897a8588d78eb33c4f97f96ff45a72ee2c110583edaf0895d58c35

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page