{ "id": "b73d6583-4da1-4668-ac31-3841dd32d0af", "created_at": "2026-04-06T00:18:24.037216Z", "updated_at": "2026-04-10T03:19:57.137894Z", "deleted_at": null, "sha1_hash": "50406a34ce0310811438492bb78fedb5d082bd9c", "title": "GitHub - nathanlopez/Stitch: Python Remote Administration Tool (RAT)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 534618, "plain_text": "GitHub - nathanlopez/Stitch: Python Remote Administration Tool\r\n(RAT)\r\nBy nathanlopez\r\nArchived: 2026-04-05 18:24:50 UTC\r\nDISCLAIMER\r\nStitch is for education/research purposes only. The author takes NO responsibility and/or liability for how\r\nyou choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will\r\nnot be liable for any losses and/or damages in connection with use of ANY files provided with Stitch. By\r\nusing Stitch or any files included, you understand that you are AGREEING TO USE AT YOUR OWN\r\nRISK. Once again Stitch and ALL files included are for EDUCATION and/or RESEARCH purposes\r\nONLY. Stitch is ONLY intended to be used on your own pentesting labs, or with explicit consent from the\r\nowner of the property being tested.\r\nAbout Stitch\r\nA Cross Platform Python Remote Administration Tool:\r\nThis is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX\r\nand Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a\r\nconnection on a port, option to send an email of system info when the system boots, and option to start keylogger\r\non boot. Payloads created can only run on the OS that they were created on.\r\nFeatures\r\nCross Platform Support\r\nCommand and file auto-completion\r\nAntivirus detection\r\nAble to turn off/on display monitors\r\nHide/unhide files and directories\r\nView/edit the hosts file\r\nView all the systems environment variables\r\nKeylogger with options to view status, start, stop and dump the logs onto your host system\r\nView the location and other information of the target machine\r\nExecute custom python scripts which return whatever you print to screen\r\nScreenshots\r\nVirtual machine detection\r\nDownload/Upload files to and from the target system\r\nhttps://github.com/nathanlopez/Stitch\r\nPage 1 of 6\n\nAttempt to dump the systems password hashes\r\nPayloads' properties are \"disguised\" as other known programs\r\nWindows Specific\r\nDisplay a user/password dialog box to obtain user password\r\nDump passwords saved via Chrome\r\nClear the System, Security, and Application logs\r\nEnable/Disable services such as RDP,UAC, and Windows Defender\r\nEdit the accessed, created, and modified properties of files\r\nCreate a custom popup box\r\nView connected webcam and take snapshots\r\nView past connected wifi connections along with their passwords\r\nView information about drives connected\r\nView summary of registry values such as DEP\r\nMac OSX Specific\r\nDisplay a user/password dialog box to obtain user password\r\nChange the login text at the user's login screen\r\nWebcam snapshots\r\nMac OSX/Linux Specific\r\nSSH from the target machine into another host\r\nRun sudo commands\r\nAttempt to bruteforce the user's password using the passwords list found in Tools/\r\nWebcam snapshots? (untested on Linux)\r\nImplemented Transports\r\nAll communication between the host and target is AES encrypted. Every Stitch program generates an AES key\r\nwhich is then put into all payloads. To access a payload the AES keys must match. To connect from a different\r\nsystem running Stitch you must add the key by using the showkey command from the original system and the\r\naddkey command on the new system.\r\nImplemented Payload Installers\r\nThe \"stitchgen\" command gives the user the option to create NSIS installers on Windows and Makeself installers\r\non posix machines. For Windows, the installer packages the payload and an elevation exe ,which prevents the\r\nfirewall prompt and adds persistence, and places the payload on the system. For Mac OSX and Linux, the installer\r\nplaces the payload and attempts to add persistence. To create NSIS installers you must download and install NSIS.\r\nWiki\r\nhttps://github.com/nathanlopez/Stitch\r\nPage 2 of 6\n\nCrash Course of Stitch\r\nRequirements\r\nPython 2.7\r\nFor easy installation run the following command that corresponds to your OS:\r\n# for Windows\r\npip install -r win_requirements.txt\r\n# for Mac OSX\r\npip install -r osx_requirements.txt\r\n# for Linux\r\npip install -r lnx_requirements.txt\r\nPycrypto\r\nRequests\r\nColorama\r\nPIL\r\nWindows Specific\r\nPy2exe\r\npywin32\r\nMac OSX Specific\r\nPyObjC\r\nMac OSX/Linux Specific\r\nPyInstaller\r\npexpect\r\nTo Run\r\npython main.py\r\nor\r\n./main.py\r\nMotivation\r\nhttps://github.com/nathanlopez/Stitch\r\nPage 3 of 6\n\nMy motivation behind this was to advance my knowledge of python, hacking, and just to see what I could\r\naccomplish. Was somewhat discouraged and almost abandoned this project when I found the amazing work done\r\nby n1nj4sec, but still decided to put this up since I had already come so far.\r\nOther open-source Python RATs for Reference\r\nvesche/basicRAT\r\nn1nj4sec/pupy\r\nScreenshots\r\nhttps://github.com/nathanlopez/Stitch\r\nPage 4 of 6\n\nhttps://github.com/nathanlopez/Stitch\r\nPage 5 of 6\n\nLicense\r\nSee LICENSE\r\nSource: https://github.com/nathanlopez/Stitch\r\nhttps://github.com/nathanlopez/Stitch\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://github.com/nathanlopez/Stitch" ], "report_names": [ "Stitch" ], "threat_actors": [], "ts_created_at": 1775434704, "ts_updated_at": 1775791197, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/50406a34ce0310811438492bb78fedb5d082bd9c.pdf", "text": "https://archive.orkl.eu/50406a34ce0310811438492bb78fedb5d082bd9c.txt", "img": "https://archive.orkl.eu/50406a34ce0310811438492bb78fedb5d082bd9c.jpg" } }