This repository contains the following static standalone binaries of Python offensive tools:
| Tool | Operating System(s) | Binary output(s) |
|---|---|---|
| Certipy | Linux / Windows x64 | certipy_linux certipy_windows.exe |
| CrackMapExec | Linux / Windows x64 | crackmapexec_linux crackmapexec_windows.exe |
| dirkjanm's CVE-2020-1472 (ZeroLogon) | Linux / Windows x64 | cve-2020-1472-exploit_linux restorepassword_linux cve-2020-1472-exploit_windows.exe restorepassword_windows.exe |
| cube0x0's CVE-2021-1675 (PrintNightmare) | Linux / Windows x64 | CVE-2021-1675_linux CVE-2021-1675_windows.exe |
| Ridter's noPac (CVE-2021-42278 and CVE-2021-42287) | Linux / Windows x64 | noPac_scanner_linux noPac_linux noPac_scanner_windows.exe noPac_windows.exe |
| enum4linux-ng | Linux x64 (with the samba tools installed) |
enum4linuxng_linux |
| gMSADumper | Linux / Windows x64 | gMSADumper_linux gMSADumper_windows.exe |
| impacket | Linux / Windows x64 | Current (as of 2021-07-11) impacket's examples scripts |
| ItWasAllADream | Linux / Windows x64 | ItWasAllADream_linux ItWasAllADream_windows.exe |
| LaZagne | Linux / Windows x64 | lazagne_linux lazagne_windows.exe |
| lsassy | Linux / Windows x64 | lsassy_linux lsassy_windows.exe |
| Pachine (CVE-2021-42278) | Linux / Windows x64 | pachine_linux pachine_windows.exe |
| pypykatz | Linux / Windows x64 | pypykatz_linux pypykatz_windows.exe |
| pywhisker | Linux / Windows x64 | pywhisker_linux pywhisker_windows.exe |
| Responder | Linux x64 (experimental) | Responder_linux MultiRelay_linux |
| smartbrute | Linux / Windows x64 | smartbrute_linux smartbrute_windows.exe |
| SMBMap | Linux x64 | smbmap_linux |
Credits to maaaaz and ropnop for the original idea and inspiration.
The Windows and Linux standalone binaries are built with PyInstaller, executed in Docker containers from Windows.
The Linux build process is heavily based on work from ropnop's impacket_static_binaries and uses cdrx's PyInstaller Linux docker image. The Linux binaries are built in Ubuntu 12.04 running Glibc 2.15 and should thus be compatible with any version of Glibc newer than 2.15.
The Windows build process relies on a Windows Docker image provided by
Microsoft. Python 3.8.9
and PyInstaller are installed at runtime in the container.
In order to limit overhead for successive builds:
- a persistent container named
OffensivePythonPipelineWindowsis created whenever calling thewindowstarget. The container is used for the consecutive builds and deleted upon completion of the process. - a temporary image is created whenever calling the
linuxtarget. The image is used for the consecutive builds, with each new container's changes applied to the image. The image is deleted upon completion of the build process.
The binaries can be build directly from sources using the provided Makefile
after retrieving the mcr.microsoft.com/dotnet/framework/sdk and / or
cdrx/pyinstaller-linux Docker images. The Makefile targets must be executed
in a Linux distribution using Windows Subsystem for Linux (WSL) 2.
The newly compiled binaries will be placed in the binaries folder.
The PROJECT_PATH_LINUX and PROJECT_PATH_WINDOWS variables must be set
accordingly in the Makefile. For example:
PROJECT_PATH_LINUX=/mnt/c/no_scan/OffensivePythonPipeline
PROJECT_PATH_WINDOWS=C:\no_scan\OffensivePythonPipeline
Makefile usage:
# Retrieves the required Docker images.
& "C:\Program Files\Docker\Docker\DockerCli.exe" -SwitchLinuxEngine
docker pull cdrx/pyinstaller-linux
& "C:\Program Files\Docker\Docker\DockerCli.exe" -SwitchWindowsEngine
docker pull mcr.microsoft.com/dotnet/framework/sdk
# Help message listing the supported Makefile targets.
make help
all: Compiles all binaries for both Windows and Linux.
windows: Compiles all Windows binaries.
windows_certipy: Compiles Windows binary for ly4k's Certipy.
windows_crackmapexec: Compiles Windows binary for byt3bl33d3r's CrackMapExec.
windows_gmsadumper: Compiles Windows binary for micahvandeusen's gMSADumper.
windows_impacket: Compiles Windows binaries for SecureAuthCorp's impacket examples.
windows_itwasalladream: Compiles Windows binary for byt3bl33d3r's ItWasAllADream.
windows_lazagne: Compiles Windows binary for AlessandroZ's LaZagne.
windows_lsassy: Compiles Windows binary for Hackndo's lsassy.
windows_nopac: Compiles Windows binary for Ridter's noPac.
windows_pachine: Compiles Windows binary for ly4k's Pachine.
windows_printnightmare: Compiles Windows binary for cube0x0's CVE-2021-1675.
windows_pypykatz: Compiles Windows binary for skelsec's pypykatz.
windows_pywhisker: Compiles Windows binary for ShutdownRepo's pywhisker.
windows_smartbrute: Compiles Windows binaries for ShutdownRepo's smartbrute.
windows_zerologon: Compiles Windows binaries for dirkjanm's CVE-2020-1472.
linux: Compiles all Linux binaries.
linux_certipy: Compiles Linux binary for ly4k's Certipy.
linux_crackmapexec: Compiles Linux binary for byt3bl33d3r's CrackMapExec.
linux_gmsadumper: Compiles Linux binary for micahvandeusen's gMSADumper.
linux_enum4linuxng: !! Still depends on nmblookup / net / rpcclient / smbclient !! Compiles Linux binary for cddmp's enum4linux-ng.
linux_impacket: Compiles Linux binaries for SecureAuthCorp's impacket examples.
linux_itwasalladream: Compiles Linux binary for byt3bl33d3r's ItWasAllADream.
linux_lazagne: Compiles Linux binary for AlessandroZ's LaZagne.
linux_lsassy: Compiles Linux binary for Hackndo's lsassy.
linux_nopac: Compiles Linux binary for Ridter's noPac.
linux_pachine: Compiles Linux binary for ly4k's Pachine.
linux_printnightmare: Compiles Linux binary for cube0x0's CVE-2021-1675.
linux_pypykatz: Compiles Linux binary for skelsec's pypykatz.
linux_pywhisker: Compiles Linux binary for ShutdownRepo's pywhisker.
linux_responder: Compiles Linux binaries for Responder.
linux_smartbrute: Compiles Linux binaries for ShutdownRepo's smartbrute.
linux_smbmap: Compiles Linux binary for ShawnDEvans' smbmap.
linux_zerologon: Compiles Linux binaries for dirkjanm's CVE-2020-1472.
test: Executes all the Windows / Linux binaries
(for a manual review of errors use make test 1>/dev/null).
clean: Clean build artefacts by deleting the build folder.
-
Pressing the Enter key may sometimes be necessary to finish the execution of the
CrackMapExecWindows binary ¯\(ツ)/¯. -
enum4linux-ngstill requires thesamba tools(nmblookup/net/rpcclient/smbclient) to be installed on the host. This is likely due to thePyInstallerextract folder (_MEIxxxxxx) not being inPATHfor the subprocess calls made byenum4linux-ng. -
SMBMapis non-functional as a Windows standalone binary (endless printing of the usage helper). -
impacket'snmapAnswerMachineis missing theuncrc32module (Linux / Windows) andimpacket'ssniff/splitare missing thepcapymodule (Linux / Windows). -
impacket'sntlmrelayx/smbrelayx/snifferstandalone binaries fail with errorWinError 10013on Windows andNotImplementedError: Can't perform this operation for unregistered loader typeon Linux.
More comprehensive tests of the binaries are underway, if you find a bug please feel free to open an issue.
-
The
PyInstallerspec file in theCrackMapExecrepository is missing an hidden import forimpacket.ldap. The spec file is automatically modified in the build scripts to add the hidden import.
Issue openedCrackMapExec-side. -
CrackMapExecrequires the unmaintainedpycryptomodule as it is required bypywerview.pycryptocauses issues for standalone build on Windows due to incompatibility with recentBuild Tools for Visual Studio). The requirement is automatically removed frompywerviewandCrackMapExecin the build scripts.
Issue openedpywerview-side. -
CrackMapExec'slsassymodule is non functional on Linux / Windows x64 (error messageThe 'lsassy' distribution was not found and is required by the application) using the repository spec file. A customPyInstallerhook forlsassyis added through the build scripts and the spec file is automatically modified accordingly.
Issue previously openedCrackMapExec-side.