Basically Pupy is an opensource, RAT an most of all, this baby is a multi-platform RAT whose main modules are coded in python..
What actually made me like this RAT is that It features an all-in-memory execution guideline and leaves very low footprint.
Essentially it can do the following:
Can communicate using various transports
Migrate into processes (reflective injection)
load remote python code, python packages and python C-extensions from memory(Mostly ctype Libs)
On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk
Pupy can reflectively migrate into other processes
Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented)
Pupy is easily extensible, modules are quite simple to write, sorted by os and category.
A lot of awesome modules are already implemented!
Pupy uses rpyc and a module can directly access python objects on the remote client
We can also access remote objects interactively from the pupy shell and you even get auto-completion of remote attributes!
Communication transports are modular and pupy can communicate using obfsproxy pluggable transports
All the non interactive modules can be dispatched to multiple hosts in one command
Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu, osx, android)
Commands and scripts running on remote hosts are interruptible
Auto-completion for commands and arguments
Nice colored output
Custom config can be defined: command aliases, modules automatically run at connection, ...
Interactive python shells with auto-completion on the all in memory remote python interpreter can be opened
Interactive shells (cmd.exe, /bin/bash, ...) can be opened remotely. Remote shells on Unix clients have a real tty with all keyboard signals working fine just like a ssh shell
Pupy can execute PE exe remotely and from memory (cf. ex with mimikatz)
Pupy can generate payloads in multiple formats : exe (x86, x64), dll(x86, x64), python, python one-liner, apk, ...
"scriptlets" can be embeded in generated payloads to perform some tasks without needing network connectivity (ex: start keylogger, add persistence, execute custom python script, check_vm ...)
migrate (windows only)
inter process architecture injection also works (x86->x64 and x64->x86)