Gcat – A stealthy Backdoor that uses Gmail as the C&C server

A stealthy Python based backdoor that uses Gmail as a command and control server.

Requirements

• A Gmail account (Use a dedicated account! Do not use your personal one!)
• Turn on “Allow less secure apps” under the security settings of the account

This repo contains two files:

• gcat.py a script that’s used to enumerate and issue commands to available clients
• implant.py the actual backdoor to deploy

In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.

You’re probably going to want to compile implant.py into an executable using Pyinstaller

Usage

• Once you’ve deployed the backdoor on a couple of systems, you can check available clients using the list command:

The output is a UUID string that uniquely identifies the system and the OS the implant is running on

• Let’s issue a command to an implant:

Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command

• Lets get the results!

• That’s the gist of it! But you can do much more as you can see from the usage of the script! 😉