HDM peeked out from behind his Internet scanning farm earlier today and posted a tweet about Pupy <https://github.com/n1nj4sec/pupy/tree/master/docs/screenshots>, which is an injectable Python you can use for penetration testing saying that it seemed similar to Meterpreter.
Last I checked Meterpreter was a big blob of C++ and the Ruby portions ran client-side, which is pretty different from both Pupy and INNUENDO. Here, as a small example, is the rabbit hole that the Pupy people are starting to look into: https://github.com/n1nj4sec/pupy/issues/4 Another similar effort that does DNS C2 in Python (although as far as I can tell it goes direct to the DNS server, and not through whatever DNS server the client is supposed to use normally ?!?) is here: http://lockboxx.blogspot.com/2015/01/python-reverse-dns-shell.html Even though there's wildly different engineering efforts and goals for these projects and INNUENDO, if I didn't have access to INNUENDO I would definitely look into them! (But of course, I do, and YOU should! [email protected] for evals. ;) -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
