Nimplant – A Cross-Platform Implant Written In Nim

Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated.

Installation

To install Nimplant, you’ll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.

From the Mythic install root, run the command:

./install_agent_from_github.sh https://github.com/MythicAgents/Nimplant

Once installed, restart Mythic to build a new agent.

Highlighted Agent Features

  • Cross-platform
  • Fully asynchronous
  • Can generate agents compiled from both C and C++ source code

Commands Manual Quick Reference

Command Syntax Description
cat cat [file] Retrieve the output of a file.
cd cd [dir] Change working directory.
cp cp [source] [destination] Copy a file from source to destination. Modal popup.
curl curl [url] [method] [headers] [body] Execute a single web request.
download download [path] Download a file off the target system.
exit exit Exit a callback.
getenv getenv Get all of the current environment variables.
jobs jobs List all running jobs.
kill kill [pid] Attempt to kill the process specified by [pid].
ls ls [path] [recurse] List files and folders in [path] with optional param to list recursively. Defaults to current working directory.
mkdir mkdir [dir] Create a directory.
mv mv [source] [destination] Move a file from source to destination. Modal popup.
ps ps List process information.
pwd pwd Print working directory.
rm rm [path] Remove a file specified by [path]
shell shell [command] Run a shell command which will translate to a process being spawned with command line: cmd.exe /r[command]
unsetenv setenv [envname] [value] Sets an environment variable to your choosing.
sleep sleep [seconds] Set the callback interval of the agent in seconds.
unsetenv unsetenv [envname] Unset an environment variable.
upload upload Upload a file to a remote path on the machine. Modal popup.

Supported C2 Profiles

Currently, only one C2 profile is available to use when creating a new Nimplant agent: HTTP.

HTTP Profile

The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. When selecting options to be stamped into Nimplant at compile time, all options are respected with the exception of those parameters relating to GET requests.

More coming soon!

Roadmap

  • [] Ability to compile to Objective-C for macOS capabilities
  • [] Integration of Donut to allow user to generate shellcode as output
  • [] Communication via WebSockets
  • [] Screenshotting capabilities
  • [] Remote process injection capabilities

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: