Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated.
From the Mythic install root, run the command:
Once installed, restart Mythic to build a new agent.
Highlighted Agent Features
- Fully asynchronous
- Can generate agents compiled from both C and C++ source code
Commands Manual Quick Reference
|cat|| ||Retrieve the output of a file.|
|cd|| ||Change working directory.|
|cp|| ||Copy a file from source to destination. Modal popup.|
|curl|| ||Execute a single web request.|
|download|| ||Download a file off the target system.|
|exit|| ||Exit a callback.|
|getenv|| ||Get all of the current environment variables.|
|jobs|| ||List all running jobs.|
|kill|| ||Attempt to kill the process specified by |
|ls|| ||List files and folders in |
|mkdir|| ||Create a directory.|
|mv|| ||Move a file from source to destination. Modal popup.|
|ps|| ||List process information.|
|pwd|| ||Print working directory.|
|rm|| ||Remove a file specified by |
|shell|| ||Run a shell command which will translate to a process being spawned with command line: |
|unsetenv|| ||Sets an environment variable to your choosing.|
|sleep|| ||Set the callback interval of the agent in seconds.|
|unsetenv|| ||Unset an environment variable.|
|upload|| ||Upload a file to a remote path on the machine. Modal popup.|
Supported C2 Profiles
Currently, only one C2 profile is available to use when creating a new Nimplant agent: HTTP.
The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. When selecting options to be stamped into Nimplant at compile time, all options are respected with the exception of those parameters relating to GET requests.
More coming soon!
-  Ability to compile to Objective-C for macOS capabilities
-  Integration of Donut to allow user to generate shellcode as output
-  Communication via WebSockets
-  Screenshotting capabilities
-  Remote process injection capabilities