Medusa is a cross-platform agent compatible with both Python 3.8 and Python 2.7.

Related tags

NetworkingMedusa
Overview

Medusa Logo

Medusa

Medusa is a cross-platform agent compatible with both Python 3.8 and Python 2.7.

Installation

To install Medusa, you'll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.

From the Mythic install root, run the command:

./mythic-cli payload install github https://github.com/MythicAgents/Medusa.git

Once installed, restart Mythic to build a new agent.

Notable Features

  • File browser compatibility with upload/download
  • Windows injection example using CreateRemoteThread
  • maOS clipboard reader, screenshot grabber and TCC database parsing examples
  • Eval() of dynamic Python code
  • Basic Authentication Proxy compatibility

Commands Manual Quick Reference

The base agent and included commands all use built-in Python libraries, so do not need additional packages to function. Agents will run the commands in threads, so long-running uploads or downloads won't block the main agent.

Command Syntax Description
cat cat path/to/file Read and output file content.
cd cd [.. dir] Change working directory (.. to go up one directory).
clipboard clipboard Output contents of clipboard (uses Objective-C API, as outlined by Cedric Owens here. macOS only, Python 2.7 only).
cp cp src_file_or_dir dst_file_or_dir Copy file or folder to destination.
cwd cwd Print working directory.
download download [path] Download a file from the target system.
exit exit Exit a callback.
env env Print environment variables.
eval eval [commands] Execute python code and return output.
jobs jobs List long-running tasks, such as downloads.
ls ls [. path] List files and folders in [path] or use . for current working directory.
list_tcc list_tcc [path] List entries in macOS TCC database (requires full-disk access and Big Sur only atm).
mv mv src_file_or_dir dst_file_or_dir Move file or folder to destination.
rm rm file_or_dir Delete file or folder.
screenshot screenshot Take a screenshot (uses Objective-C API, macOS only, Python 2.7 only).
shell shell [command] Run a shell command which will spawn using subprocess.Popen(). Note that this will wait for command to complete so be careful not to block your agent.
shinject shinject Inject shellcode into target PID using CreateRemoteThread (Windows only - adapted from here).
sleep sleep [seconds] [jitter percentage] Set the callback interval of the agent in seconds.
upload upload Upload a file to a remote path on the machine.

Python Versions

Both versions of the Medusa agent use an AES256 HMAC implementation written with built-in libraries (adapted from here), removing the need for any additional dependencies beyond a standard Python install. As such the agent should operate across Windows, Linux and macOS hosts. It's worth mentioning that this crypto implementation does introduce some overhead when handling large files (screenshotting, downloads, etc.) but it's workable.

Py2 vs Py3 Commands

Within the Payload_Type/Medusa/agent_code directory, you will see base_agent files with both py2 and py3 suffixes. Likewise, similar file extensions can be seen for individual function files too.

These are read by the builder.py script to firstly select the right base Python version of the Medusa agent. builder.py will then include commands that are specific to the chosen python version. In the case where a command only has a .py extension, this will be used by default, with the assumption being that no alternative code is needed between the Py2 and Py3 versions.

Supported C2 Profiles

Currently, only one C2 profile is available to use when creating a new Medusa agent: http (both with and without AES256 HMAC encryption).

HTTP Profile

The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. GET requests for taskings, POST requests with responses.

Thanks

Owner
Mythic Agents
A centralized area for installable Mythic Agents based on https://github.com/its-a-feature/Mythic_External_Agent
Mythic Agents
GitHub Repository
A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other.

A TCP Chatroom built with python and TCP/IP sockets, consisting of a server and multiple clients which can connect with the server and chat with each other. It also provides an Admin role with featur

3 May 22, 2022
Whoisss is a website information gatharing Tool.

Whoisss Whoisss is a website information gatharing Tool. You can cse it to collect information about website. Usage apt-get update apt-get upgrade pkg

Md. Nur habib 2 Jan 23, 2022
A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

A Python based command line ARP Spoofer utility, which takes input as arguments for the exact target IP and gateway IP for which you wish to Spoof ARP request

Abhinandan Khurana 1 Feb 10, 2022
A Python library to ease the integration with the Beem Africa (SMS, AIRTIME, OTP, 2WAY-SMS, BPAY, USSD)

python-client A Python library to easy the integration with the Beem Africa SMS Gateway Features to be Implemented Airtime OTP SMS Two way SMS USSD Bp

Beem Africa 24 Oct 29, 2022
Simple HTTP Server for CircuitPython

Introduction Simple HTTP Server for CircuitPython Dependencies This driver depen

Adafruit Industries 22 Jan 06, 2023
BaseSpec is a system that performs a comparative analysis of baseband implementation and the specifications of cellular networks.

BaseSpec is a system that performs a comparative analysis of baseband implementation and the specifications of cellular networks. The key intuition of BaseSpec is that a message decoder in baseband s

SysSec Lab 35 Dec 06, 2022
Takes a file of hosts or domains and outputs the IP address of each host/domain in the file.

Takes a file of hosts or domains and outputs the IP address of each host/domain in the file. Installation $ git clone https://github.com/whoamisec75/i

whoami security 2 May 10, 2022
Ipscanner - A simple threaded IP-Scanner written in python3 that can monitor local IP's in your network

IPScanner 🔬 A simple threaded IP-Scanner written in python3 that can monitor lo

4 Dec 12, 2022
Event-driven networking engine written in Python.

Twisted For information on changes in this release, see the NEWS file. What is this? Twisted is an event-based framework for internet applications, su

Twisted Matrix Labs 4.9k Jan 08, 2023
Multiple-requests-poster - A tool to send multiple requests to a particular website written in Python

Multiple-requests-poster - A tool to send multiple requests to a particular website written in Python

RLX 2 Feb 14, 2022
SMS Based Headless Browsing

Browse the internet without a network connection - Submission for ConUHacks VI

Zafir Khalid 2 Feb 07, 2022
Juniper SNMP Migrations For Python

Juniper SNMP Migrations This example will show how to use the PyEZ plugin for Nornir to build a NETCONF connection to a remote device validate that SN

Calvin Remsburg 1 Jan 07, 2022
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface

1.6k Jan 01, 2023
Way find out if DNS is down or your instance

DNS-PING Way to find out if DNS is down or your instance Problem: At times it happens that DNS provider services of a website URL is down and so to re

Giten Mitra 4 Nov 18, 2022
Decentra Network is an open source blockchain that combines speed, security and decentralization.

Decentra Network is an open source blockchain that combines speed, security and decentralization. Decentra Network has very high speeds, scalability, asymptotic security and complete decentralization

Decentra Network 74 Nov 22, 2022
IoT owl is light face detection and recognition system made for small IoT devices like raspberry pi.

IoT Owl IoT owl is light face detection and recognition system made for small IoT devices like raspberry pi. Versions Heavy with mask detection withou

Ret2Me 6 Jun 06, 2022
This tool is for finding more detailed information of an IP Address.

This tool is for finding more detailed information of an IP Address.

3 Oct 08, 2021
Tripwire monitors ports and icmp to send the admin a message if somebody is scanning a machine that shouldn't be touched

Tripwire monitors ports and icmp to send the admin a message if somebody is scanning a machine that shouldn't be touched

3 Apr 05, 2022
Nautobot is a Network Source of Truth and Network Automation Platform.

Nautobot is a Network Source of Truth and Network Automation Platform. Nautobot was initially developed as a fork of NetBox (v2.10.4). Nautobot runs as a web application atop the Django Python framew

Nautobot 549 Dec 31, 2022
Home Assistant integration for MyEnergi devices

myenergi for Home Assistant myenergi custom component for Home Assistant This is a very early release, will add more documentations soon! This compone

Johan Isacsson 70 Dec 18, 2022