Gcat – A stealthy Backdoor that uses Gmail as the C&C server

A stealthy Python based backdoor that uses Gmail as a command and control server.


  • A Gmail account (Use a dedicated account! Do not use your personal one!)
  • Turn on “Allow less secure apps” under the security settings of the account

This repo contains two files:

  • gcat.py a script that’s used to enumerate and issue commands to available clients
  • implant.py the actual backdoor to deploy

In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.

You’re probably going to want to compile implant.py into an executable using Pyinstaller



gcat 1

  • Once you’ve deployed the backdoor on a couple of systems, you can check available clients using the list command:

gcat 2

The output is a UUID string that uniquely identifies the system and the OS the implant is running on

  • Let’s issue a command to an implant:

gcat 3

Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command

  • Lets get the results!

gcat 4

  • That’s the gist of it! But you can do much more as you can see from the usage of the script! 😉



download now

%d bloggers like this: