Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated.
To install Nimplant, you’ll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.
From the Mythic install root, run the command:
Once installed, restart Mythic to build a new agent.
Highlighted Agent Features
- Fully asynchronous
- Can generate agents compiled from both C and C++ source code
Commands Manual Quick Reference
||Retrieve the output of a file.|
||Change working directory.|
||Copy a file from source to destination. Modal popup.|
||Execute a single web request.|
||Download a file off the target system.|
||Exit a callback.|
||Get all of the current environment variables.|
||List all running jobs.|
||Attempt to kill the process specified by
||List files and folders in
||Create a directory.|
||Move a file from source to destination. Modal popup.|
||List process information.|
||Print working directory.|
||Remove a file specified by
||Run a shell command which will translate to a process being spawned with command line:
||Sets an environment variable to your choosing.|
||Set the callback interval of the agent in seconds.|
||Unset an environment variable.|
||Upload a file to a remote path on the machine. Modal popup.|
Supported C2 Profiles
Currently, only one C2 profile is available to use when creating a new Nimplant agent: HTTP.
The HTTP profile calls back to the Mythic server over the basic, non-dynamic profile. When selecting options to be stamped into Nimplant at compile time, all options are respected with the exception of those parameters relating to GET requests.
More coming soon!
-  Ability to compile to Objective-C for macOS capabilities
-  Integration of Donut to allow user to generate shellcode as output
-  Communication via WebSockets
-  Screenshotting capabilities
-  Remote process injection capabilities