{
	"id": "18bd3328-2cc7-4730-add2-197c067a141e",
	"created_at": "2026-04-06T00:08:27.807007Z",
	"updated_at": "2026-04-10T03:21:54.682686Z",
	"deleted_at": null,
	"sha1_hash": "bcf16dfb849669f38d0bb2d56e91d6b8f4902e7b",
	"title": "GitHub - werkamsus/Lilith: Lilith - Foundational reverse engineering resource for cybersecurity entrepreneurs in C++",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 115892,
	"plain_text": "GitHub - werkamsus/Lilith: Lilith - Foundational reverse\r\nengineering resource for cybersecurity entrepreneurs in C++\r\nBy werkamsus\r\nArchived: 2026-04-05 21:26:30 UTC\r\nbuild passing\r\n lliicceennssee MIT\r\nFree \u0026 Native Open Source C++ Remote Administration Tool for Windows\r\nLilith is a console-based ultra light-weight RAT developed in C++. It features a straight-forward set of commands\r\nthat allows for near complete control of a machine.\r\nDisclaimer\r\nThe use of this software on any device that is not your own is highly discouraged. You need to obtain explicit\r\npermission from the owner if you intend to use Lilith in an alien environment, any illicit installation will likely be\r\nprosecuted by the jurisdiction the (ab)use occurs in.\r\nYoutube\r\nVideo about the new Features\r\nComprehensive Feature Overview\r\nFeatures\r\nRemote Command Execution via\r\nCMD\r\nPowershell\r\nAny other console app\r\nKeylogger (new) [16.09.2017]\r\nExecute predefined Scripts (new) [16.09.2017]\r\nExtreme Modularity (see this)\r\nBroadcast Commands to all Clients (new) [15.09.2017]\r\nMultiple Connections\r\nAuto-Install\r\nStartup Persistence\r\nSelf-Erases\r\nDNS Resolving\r\nLow Latency \u0026 Bandwith use\r\nError-Handler with logs\r\nhttps://github.com/werkamsus/Lilith\r\nPage 1 of 4\n\nModularity\r\nThe modularity and expandability of this RAT are what it's been built on. That's how it manages to stay very\r\ncompact, light-weight and fast. You can download other utilities like password recovery or keylogging tools via\r\nPowershell scripts (link to some useful scripts will follow soon) and then execute them as if they were running on\r\nyour own machine. Afterwards you're able to upload the results (also with a ps script) or evaluate them on the spot\r\n(via the type command) in cmd.\r\nCommands\r\nCommand Syntax Comment\r\nconnect connect \u003cclientID\u003e ( connect 0 ) Connects to a Client\r\nexitSession exitSession Exits current session\r\nswitchSession switchSession \u003cclientID\u003e ( switchSession 2 ) Switches to another Client\r\nbroadcast broadcast\r\nBroadcasts your commands to all\r\nclients\r\nkeydump keydump Dumps Keylog File\r\nscript\r\nscript \u003cscriptname\u003e \u003cscriptparameter\u003e ( script\r\nkeydump keylog.txt )\r\nExecutes a predefined Script\r\nlistClients listClients\r\nDisplays the number of clients\r\nconnected\r\nremoteControl\r\nremoteControl \u003cC:\\program.exe\u003e OR\r\nremoteControl cmd\r\nMore Info\r\nremoteControl remoteControl\r\nExits remoteControl if already in\r\nremoteControl\r\nrestart restart Restarts the Client\r\nkill kill Quits the Client\r\nhttps://github.com/werkamsus/Lilith\r\nPage 2 of 4\n\nGeneral Description\r\nAt the core of this RAT lies it's unique ability to remotely execute commands via CMD, Powershell and almost all\r\nconsole-based applications. It has the capabilities to automatically install on startup and clean up behind itself. It\r\nalso features an error-handler that logs any issues. As of now, it is not 100% stable. Under 'normal' conditions it\r\nruns smoothly and without any disturbances, but severe irregularities in input (i.e. messing around with it a lot)\r\nmay cause crashes. This will be resolved in the near future.\r\nRequirements\r\nNone!\r\nSupported Operating Systems (32/64-bit)\r\nWindows XP SP3\r\nWindows Server 2003\r\nWindows Vista\r\nWindows Server 2008\r\nWindows 7\r\nWindows Server 2012\r\nWindows 8/8.1\r\nWindows 10\r\nTo-Do\r\nhttps://github.com/werkamsus/Lilith\r\nPage 3 of 4\n\nMore Info on Commands\r\nremoteControl\r\nShortcuts are: cmd , pws , pws32 which stand for Command Prompt, Powershell and Powershell 32-Bit\r\nrespectively. You can use these instead of a full path to the executable. Example: remoteControl pws will\r\nremote-control C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe .\r\nSource: https://github.com/werkamsus/Lilith\r\nhttps://github.com/werkamsus/Lilith\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/werkamsus/Lilith"
	],
	"report_names": [
		"Lilith"
	],
	"threat_actors": [],
	"ts_created_at": 1775434107,
	"ts_updated_at": 1775791314,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bcf16dfb849669f38d0bb2d56e91d6b8f4902e7b.pdf",
		"text": "https://archive.orkl.eu/bcf16dfb849669f38d0bb2d56e91d6b8f4902e7b.txt",
		"img": "https://archive.orkl.eu/bcf16dfb849669f38d0bb2d56e91d6b8f4902e7b.jpg"
	}
}