Welcome to covertutils documentation!

This Project is free and open-source, available @ Github

A Blog post about it, explaining motivation and implementation internals can be found in my personal blog: Securosophy

Not a Backdoor!

Well, almost not a backdoor. This project is a Python2 package containing enough modules for implementing custom backdoors. Everything, from file transfer to customized shells is included.

It is not a backdoor ready to be planted (well, most of the Programming Examples are). If you are looking for backdoors, RATs and such stuff in Python there are some awesome projects already:

This package contains most Building Blocks of a backdoor. It covers the common coding tasks when creating anything from a simple reverse TCP shell to a full-blown, feature-rich, extend-able, Agent.

It also uses a simplistic approach of what a backdoor is, breaking it down to its basic components:

  • Agent
  • Handler
  • Communication Channel
  • Protocol

Currently, covertutils package provides API for:

  • Encryption
  • Chunking
  • Separate Streams (almost like meterpreter’s channels)
  • Compression before transmission
  • Packet Steganography
  • Customized Shell
  • Message Handling
  • Custom Shell creation

And most of those features are used under the hood, without writing any additional line of code (e.g. encryption, compression, streams).

No Networking code included

The package provides a generic wrapper for networking, without implementing internally even the simplest of networking possibilities (e.g. bind TCP).

This design decision broadens the possibilities for Communication Channels that differ a lot from just layer 4/5 solutions. This way, there is space for Packet Steganography or even time-based Covert Channels.

And all that with the abstraction of Object Oriented Programming, as this package depends on it heavily.

All modules [citation needed] are documented automatically from comments with Sphinx apidoc. The output is below…

As the covertutils API Toc-Tree is huge (due to the code organizing, see: Package, subpackage and module structure), it is really handy to use the search page of Sphinx if you are looking for a specific class or method.

Note

For flawless backdoor creation don’t forget to fire up some Primus CDs or old blues standards while coding. Maybe light a cigar too.

Note

Creating stealthy backdoors requires intelligence, and intelligence is a terrible thing to waste.