Our project consists of a complete system simulating realistic user and attacker behaviors using cross-platform agents and droppers. It also includes a backend API and frontend admin panel for visualization and control.
- Build the Linux agent using
build_script.shprovided by the agent team. - Compile the agent using either:
Nuitka --onefile --standalone(generates a standalone ELF)- or convert it to shellcode using donut
- Use the Linux dropper to inject the agent:
sudo ./dropper bash agent.bin- The dropper searches for the specified process, allocates memory using
mmap, and injects the agent.
- Compile the Windows agent using Nuitka or PyInstaller.
- Run the dropper:
dropper.exe explorer.exe agent.exe- Uses Windows APIs to locate process, allocate memory, and inject agent.
- Logs system commands.
- Simulates developer/admin/user activity.
- Sends activity logs to backend or stores locally.
We use a GitHub Project Kanban board: 👉 Kanban Board Link
- To Do: Issue is defined with description and template.
- In Progress: Developer assigned and branch created.
- In Review: PR created and linked to issue.
- Ready to Deploy: PR reviewed and approved.
- User Testing: Ready for testing on staging.
- Done: Confirmed working in production.
We use GitHub Flow:
- Branches:
feature/xyz,bugfix/abc - Commits follow
[#[issue-number]] <summary> - PRs include description, screenshots if needed, and issue references
- All PRs require review & approval
gitGraph
commit id: "main"
branch feature/dropper-linux
commit id: "inject Linux ELF"
checkout main
merge feature/dropper-linux
Components:
- Backend (FastAPI): manages agent configs, user roles, logs
- Frontend (React): control panel and visualization
- Agents:
- Linux agent (Python, compiled via Nuitka or PyInstaller)
- Windows agent (Python, compiled)
- Droppers:
- Inject ELF or EXE into processes
- Use ptrace (Linux) or VirtualAllocEx + CreateRemoteThread (Windows)
🖼 UML Component Diagram: docs/architecture/static-view/component-diagram.png
Scenario:
- Agent is compiled and uploaded.
- Dropper selects target process.
- Dropper injects agent payload into memory.
- Agent runs in background.
- Logs are sent to backend.
🖼 UML Sequence Diagram: docs/architecture/dynamic-view/sequence-diagram.png
- Backend hosted on cloud server
- CI/CD via GitHub Actions
- Agents dropped via local droppers
- Frontend deployed via GitHub Pages or Docker
🖼 UML Deployment Diagram: docs/architecture/deployment-view/deployment-diagram.png
- Agents are injected directly into memory
- No files left on disk (optional mode)
- Masquerade as GUI/background processes
- Injected agents do not crash host processes
- Graceful failure handling in droppers
- Process PID verification and fallback
- Modular structure for droppers/agents/backend
- Documented API routes and injection mechanisms
- CI pipeline with automated checks
| Tool | Type | Purpose |
|---|---|---|
| pytest | Testing Framework | Unit & integration testing |
| flake8 | Linter | Code quality enforcement |
| GitHub Actions | CI Tool | Automates tests and linting on PR |
| Postman | API Testing Tool | Backend API validation |
| Nuitka | Build Tool | Converts Python agents into executable binaries |
This documentation is ready to be published via GitHub Pages using mdBook:
- Sidebar navigation
- Table of contents
/docs/or/book/output available aftermdbook build
For setup instructions, see docs/setup/ghpages_instructions.md.