MCPcopy Index your code
hub / github.com/t3l3machus/Villain

github.com/t3l3machus/Villain @V2.2.1 sqlite

repository ↗ · DeepWiki ↗ · release V2.2.1 ↗
212 symbols 547 edges 30 files 1 documented · 0%
README

Villain

Python License

Purpose

Villain is a high-level Stage 0/1 C2 framework that can handle multiple reverse TCP and HoaxShell-based shells, enhance their functionality with additional features (commands, utilities), and share them among connected sibling servers (Villain instances running on different machines).

The framework's main features include: - Payload generation based on default, customizable and/or user defined payload templates (Windows & Linux), - A dynamically engaged pseudo-shell prompt that can quickly swift between shell sessions, - File uploads (via http), - Fileless execution of scripts against active sessions, - Auto-invoke ConPtyShell against a powershell r-shell session as a new process to gain a fully interactive Windows shell, - Multiplayer mode, - Session Defender (a feature that inspects user issued commands for mistakes / unintentional input that may cause a shell to hang).

Video Presentations

There’s no up-to-date presentation of Villain with its latest features, but these videos give a good overview of its functionality.
[2022-11-30] John Hammond showcased the tool in this incredible video -> youtube.com/watch?v=pTUggbSCqA0
[2023-03-30] Version 2.0.0 release demo, made by me -> youtube.com/watch?v=NqZEmBsLCvQ

:exclamation: Disclaimer
This project is in active development. Expect breaking changes with releases.
Using this tool against hosts that you do not have explicit permission to test is illegal. You are responsible for any trouble you may cause by using this tool.

Preview

https://github.com/t3l3machus/Villain/assets/75489922/20bf0ad5-d06f-4658-bb43-1bb0359fe3f7

image

Installation

Villain has been explicitly developed and tested on kali linux. You can install it with apt:

apt install villain

❗New releases may take time to be incorporated into kali's repositories.

For the latest version or if you prefer to install it manually:

git clone https://github.com/t3l3machus/Villain
cd ./Villain
pip3 install -r requirements.txt

You must also install gnome-terminal (required for one of the framework's commands):

sudo apt update&&sudo apt install gnome-terminal

Usage

You should run as root:

villain [-h] [-p PORT] [-x HOAX_PORT] [-n NETCAT_PORT] [-f FILE_SMUGGLER_PORT] [-i] [-c CERTFILE] [-k KEYFILE] [-u] [-q] 

Check out the Usage Guide for more.

:warning: Create your own obfuscated reverse shell templates and replace the default ones in your instance of Villain to better handle AV evasion. Here's how 📽️ -> youtube.com/watch?v=grSBdZdUya0

Contributions

Pull requests are generally welcome. Please, keep in mind: I am constantly working on new tools as well as maintaining several existing ones. I may be slow to respond. If you have an idea for a new feature that comes with a significant chunk of code, I suggest you first contact me to discuss if there's something similar already in the making, before making a PR.

Core symbols most depended-on inside this repo

send_receive_one_encrypted
called by 23
Core/villain_core.py
send_msg
called by 22
Core/villain_core.py
print_to_prompt
called by 17
Core/villain_core.py
do_nothing
called by 14
Core/common.py
set_shell_prompt_ready
called by 12
Core/villain_core.py
response_ack
called by 12
Core/villain_core.py
set_main_prompt_ready
called by 12
Core/common.py
clone_dict_keys
called by 12
Core/common.py

Shape

Method 123
Class 49
Function 40

Languages

Python100%

Modules by API surface

Core/villain_core.py119 symbols
Core/common.py34 symbols
Villain.py18 symbols
Core/settings.py12 symbols
Core/logging.py4 symbols
Core/payload_templates/windows/reverse_tcp/python3.py1 symbols
Core/payload_templates/windows/reverse_tcp/powershell_v2.py1 symbols
Core/payload_templates/windows/reverse_tcp/powershell.py1 symbols
Core/payload_templates/windows/hoaxshell/powershell_outfile_https.py1 symbols
Core/payload_templates/windows/hoaxshell/powershell_outfile_constr_lang_https.py1 symbols
Core/payload_templates/windows/hoaxshell/powershell_outfile_constr_lang.py1 symbols
Core/payload_templates/windows/hoaxshell/powershell_outfile.py1 symbols

For agents

$ claude mcp add Villain \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact