Skip to content

skelsec/aardwolf

3 Branches7 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
SkelSec
Update Discord notification messages in GitHub Actions workflow for c…
Mar 15, 2025
fa06dc4 · Mar 15, 2025

History

132 Commits
.github/workflows
.github/workflows
Mar 15, 2025
aardwolf
aardwolf
Mar 15, 2025
builder
builder
Sep 5, 2024
.gitignore
.gitignore
Feb 22, 2023
LICENSE
LICENSE
Oct 9, 2022
MANIFEST.in
MANIFEST.in
Sep 6, 2024
Makefile
Makefile
Sep 6, 2024
README.md
README.md
Sep 5, 2024
pyproject.toml
pyproject.toml
Feb 21, 2023
setup.py
setup.py
Sep 6, 2024

Repository files navigation

Supported Python versions Twitter

🚩 Sponsors

If you like this project, consider purchasing licenses of OctoPwn, our full pentesting suite that runs in your browser!
For notifications on new builds/releases and other info, hop on to our Discord

AARDWOLF - Asynchronous RDP/VNC client in Python (headless)

This project is aimed to play around the RDP and VNC protocols.
Project contains no GUI, for a GUI client please check out aardwolfgui

🚩 Runs in the browser

This project, alongside with many other pentester tools runs in the browser with the power of OctoPwn!
Check out the community version at OctoPwn - Live

Important

This is a headless client, for GUI functionality use the aardwolfgui package.

Features

  • Supports credssp auth via NTLM/Kerberos.
  • Built-in proxy client allows SOCKS/HTTP proxy tunneling without 3rd part software
  • PtH via CredSSP+Restricted admin mode
  • Scriptable Keyboard, Mouse input and Clipboard input/output
  • Can run in headless mode, no GUI required (read: no need for Qt)
  • Support for Duckyscript files to emulate keystrokes

Example scripts

  • ardpscan Multi-purpose scanner for RDP and VNC protocols. (screenshot/capabilities/login scanner)

URL format

As usual the scripts take the target/scredentials in URL format. Below some examples

  • rdp+kerberos-password://TEST\Administrator:Passw0rd!1@win2016ad.test.corp/?dc=10.10.10.2&proxytype=socks5&proxyhost=127.0.0.1&proxyport=1080
    CredSSP (aka HYBRID) auth using Kerberos auth + password via socks5 to win2016ad.test.corp, the domain controller (kerberos service) is at 10.10.10.2. The socks proxy is on 127.0.0.1:1080
  • rdp+ntlm-password://TEST\Administrator:Passw0rd!1@10.10.10.103
    CredSSP (aka HYBRID) auth using NTLM auth + password connecting to RDP server 10.10.10.103
  • rdp+ntlm-password://TEST\Administrator:<NThash>@10.10.10.103
    CredSSP (aka HYBRID) auth using Pass-the-Hash (NTLM) auth connecting to RDP server 10.10.10.103
  • rdp+plain://Administrator:Passw0rd!1@10.10.10.103
    Plain authentication (No SSL, encryption is RC4) using password connecting to RDP server 10.10.10.103
  • vnc+plain://Passw0rd!1@10.10.10.103
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain://Passw0rd!1@10.10.10.103
    VNC client with VNC authentication using password connecting to RDP server 10.10.10.103
  • vnc+plain://:admin:aaa@10.10.10.103
    VNC client with VNC authentication using password admin:aaa connecting to RDP server 10.10.10.103. Note that if the password contains : char you will have to prepend the password with :

Kudos

  • Sylvain Peyrefitte (@citronneur) rdpy. The decompression code and the QT image magic was really valuable.
  • Marc-André Moreau (@awakecoding) for providing suggestions on fixes

About

Asynchronous RDP client for Python (headless)

Resources

Readme

License

MIT license
Activity

Stars

166 stars

Watchers

5 watching

Forks

24 forks
Report repository

Releases 7

0.2.9 Latest
Sep 5, 2024
+ 6 releases

Packages

No packages published

Used by 795

  • @AJ-KNIGHT
  • @CamhackByDitzzXploit
  • @Oshall95
  • @lyubeka99
  • @Kaizzzo1
  • @RoduyGo
  • @evrenavci
  • @Lewisochieng
+ 787

Contributors 5

Languages