Medusa is a cross-platform agent compatible with both Python 3.8 and Python 2.7.

Related tags

NetworkingMedusa
Overview

Medusa Logo

Medusa

Medusa is a cross-platform agent compatible with both Python 3.8 and Python 2.7.

Installation

To install Medusa, you'll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.

From the Mythic install root, run the command:

./mythic-cli payload install github https://github.com/MythicAgents/Medusa.git

Once installed, restart Mythic to build a new agent.

Notable Features

  • File browser compatibility with upload/download
  • Windows injection example using CreateRemoteThread
  • maOS clipboard reader, screenshot grabber and TCC database parsing examples
  • Eval() of dynamic Python code
  • Basic Authentication Proxy compatibility

Commands Manual Quick Reference

The base agent and included commands all use built-in Python libraries, so do not need additional packages to function. Agents will run the commands in threads, so long-running uploads or downloads won't block the main agent.

Command Syntax Description
cat cat path/to/file Read and output file content.
cd cd [.. dir] Change working directory (.. to go up one directory).
clipboard clipboard Output contents of clipboard (uses Objective-C API, as outlined by Cedric Owens here. macOS only, Python 2.7 only).
cp cp src_file_or_dir dst_file_or_dir Copy file or folder to destination.
cwd cwd Print working directory.
download download [path] Download a file from the target system.
exit exit Exit a callback.
env env Print environment variables.
eval eval [commands] Execute python code and return output.
jobs jobs List long-running tasks, such as downloads.
ls ls [. path] List files and folders in [path] or use . for current working directory.
list_tcc list_tcc [path] List entries in macOS TCC database (requires full-disk access and Big Sur only atm).
mv mv src_file_or_dir dst_file_or_dir Move file or folder to destination.
rm rm file_or_dir Delete file or folder.
screenshot screenshot Take a screenshot (uses Objective-C API, macOS only, Python 2.7 only).
shell shell [command] Run a shell command which will spawn using subprocess.Popen(). Note that this will wait for command to complete so be careful not to block your agent.
shinject shinject Inject shellcode into target PID using CreateRemoteThread (Windows only - adapted from here).
sleep sleep [seconds] [jitter percentage] Set the callback interval of the agent in seconds.
upload upload Upload a file to a remote path on the machine.

Python Versions

Both versions of the Medusa agent use an AES256 HMAC implementation written with built-in libraries (adapted from here), removing the need for any additional dependencies beyond a standard Python install. As such the agent should operate across Windows, Linux and macOS hosts. It's worth mentioning that this crypto implementation does introduce some overhead when handling large files (screenshotting, downloads, etc.) but it's workable.

Py2 vs Py3 Commands

Within the Payload_Type/Medusa/agent_code directory, you will see base_agent files with both py2 and py3 suffixes. Likewise, similar file extensions can be seen for individual function files too.

These are read by the builder.py script to firstly select the right base Python version of the Medusa agent. builder.py will then include commands that are specific to the chosen python version. In the case where a command only has a .py extension, this will be used by default, with the assumption being that no alternative code is needed between the Py2 and Py3 versions.

Supported C2 Profiles

Currently, only one C2 profile is available to use when creating a new Medusa agent: http (both with and without AES256 HMAC encryption).

HTTP Profile

The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. GET requests for taskings, POST requests with responses.

Thanks

Owner
Mythic Agents
A centralized area for installable Mythic Agents based on https://github.com/its-a-feature/Mythic_External_Agent
Mythic Agents
GitHub Repository
Linux SBC featuring two wifi radios, masquerading as a USB charger.

The WiFiWart is an open source WiFi penetration device masquerading as a regular wall charger. It features a 1.2Ghz Cortex A7 MPU with two WiFi chips onboard.

Walker 151 Dec 26, 2022
A socket script to obtain chinese phones-sequence for any english word

Foreign Pronunciation Generator (English-Chinese) We provide a simple socket script for acquiring Chinese pronunciation of English words (phones in ai

Ephemeroptera 5 Jul 25, 2022
Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies.

roblox-group-scanner Python 3 tool for finding unclaimed groups on Roblox. Supports multi-threading, multi-processing and HTTP proxies. Usage usage: s

h0nda 43 May 11, 2022
TsuserverMoS - A Python-based server for Attorney Online,

tsuserverMoS A Python-based server for Attorney Online, forked from RealKaiser/tsuserverCC Requires Python 3.7+ and PyYAML. Changes/additions from tsu

1 Dec 30, 2021
MS Iot Device Can Platform

Kavo MS IoT Platform Version: 2.0 Author: Luke Garceau Requirements Read CAN messages in real-time Convert the given variables to engineering useful v

Luke Garceau 1 Oct 13, 2021
PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram

PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

Srinivas P G 1.4k Dec 28, 2022
A Python3 discord trojan, utilizing discord webhooks for sending information.

Vape-Lite-RAT A Python3 discord trojan, utilizing discord webhooks for sending information. What you do with this code / project / idea is non of my b

NightTab 12 Oct 15, 2022
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

FullHunt 3.2k Jan 02, 2023
Best discord webhook spammer using proxy (support all proxy type)

Best discord webhook spammer using proxy (support all proxy type)

Iтѕ_Ѵιcнч#1337 25 Nov 01, 2022
A simple, personal chat program that runs on a single computer. No Internet, just you.

MultiChat A simple, personal chat program that runs on a single computer. No Internet, just you. Simple and Local MultiChat was created with ease of u

Owls 2 Aug 19, 2022
wg-exporter is a simple yet effective Prometheus exporter for Wireguard

wg-exporter wg-exporter is a simple yet effective Prometheus exporter for Wireguard. What are the collected metrics ? General: wg_connected_peers: num

men1n2 3 May 20, 2022
Lets you remove all friends, leave GCs, and leave servers, in an instant!

anonymity Lets you remove all friends, leave GCs, and leave servers, in an instant! You can also do each of them by themselves. First, you need to get

1 Dec 07, 2021
Wallc - Calculate the layout on the wall to hang up pictures

wallc Calculate the layout on the wall to hang up pictures. Installation pip install git+https://github.com/trbznk/wallc.git Getting Started Currently

Alex Trbznk 68 Sep 09, 2022
Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing

Using AWS's API Gateway + Lambda + Python to run a simple websocket application. For learning/testing. The AWS Resources seemed overly complex and were missing some critical gotchas in setting up a s

Seth Miller 15 Dec 23, 2022
Very simple and tiny file sharing service written in python

Simple File sharing tool Sharing client usage (You will need to use python3 for linux) main.py --send -f file/path Optionnal flags : pwd : set a passw

2 Jul 26, 2022
Simple python script for automated network scans with random name generator(useful for CTF boxes).

📄 Automated NMAP script Description Simple python script for automated network scans with random name generator(useful for CTF boxes). Requirements 1

Dhmos Funk 2 Oct 29, 2021
Automated network configuration backups using Github actions and git-scraping

Network Config Scraper This repository demonstrates the use of Github Actions and git-scraping to build an automated backup solution for network confi

WWT 19 Dec 14, 2022
Enrich IP addresses with metadata and security IoC

Stratosphere IP enrich Get an IP address and enrich it with metadata and IoC You need API keys for VirusTotal and PassiveTotal (RiskIQ) How to use fro

Stratosphere IPS 10 Sep 25, 2022
Automatically block traffic on Cloudflare's side based on Nginx Log parsing.

AutoRL This is a PoC of automatically block traffic on Cloudflare's side based on Nginx Log parsing. It will evaluate Nginx access.log and find potent

Nova Kwok 62 Dec 28, 2022
ip2domain - get ip to domain, Know the domian corresponding to the local network connection IP

What is Sometimes, we need to know what connections our local machine has, and what are their IP, domain name, program and parameters? get ip to domai

51pwn 4 Sep 30, 2022