Restless Honey Seeker (RHS) is a Remote Access Toolkit (RAT) developed in .NET for for educational purposes only.
This software is not intended for causing any harm to anything or anyone. I - the original author of this software - is not responsible for any usage or damage caused.
The software has been developed using Visual Studio .NET (C#, JavaScript, HTMl & CSS) and is open source. Anyone is welcome to fork this project or contribute to it. Some things might be broken, features might not be implemented or are buggy, and therefor it might not work as intended/expected.
Version 3: A lot of improvements (refactoring), GUI replaced with a web-based console (terminal). Version 2: ASP.NET server with improved GUI and functionality. Version 1: PHP server and C#.NET client.
I was inspired after a lot of discussion and media coverage regarding the privacy of people and governments spying on people. This was back in 2012/13. I was studying and had some spare time to kill, so why not just create something. The software (RHS) was initially developed in PHP (Server) and C#.NET (Client). Later I decided to develop the server in ASP.NET. Since then I've tried to continuously update/maintain the project whenever I can.
The purpose of this software is to show how easy it is for anyone with a bit of knowledge, time and patience... and a huge amount of coffee, to remotely control a Windows computer with Microsoft .NET Framework 4 Client Profile installed.
NOTE: 'Clever' antivirus & -malware programs and/or firewalls should detect RHS or its HTTP requests (and hence block it or notice the user to take an action), but I've noticed most of them actually allow RHS continue running in the background uninterrupted making HTTP requests waiting for a command from the server. One reason might be (is), that on most (commercial) computers, outgoing traffic isn't filtered or monitored as strictly as ingoing traffic. RHS uses port 80 to "phone home" to a C&C (Command-and-Control) server, which controls the "infected" computer (client) or computers (clients).
System: Windows 7 Home Premium 64-bit EN (6.1, Build 7601)
Product | Version | Blocked RHS | Notes |
---|---|---|---|
Avast Free Antivirus | 11.1.2253 | NO | |
Bitdefender Antivirus Free Edition | 1.0.21.1099 | NO | |
AVG AntiVirus FREE | 16.41.7442 | NO | |
ZoneAlarm Free Antivirus + Firewall | 14.1.011.000 | NO | |
BullGuard Internet Security | 15.02.2016 | (YES) | Required user to click “Allow Access” |
COMODO Internet Security Premium | 8.2.0.4792 | NO |
- Spy Functions
- Capture Webcam
- Capture Desktop
- Keylogger
- Capture Chrome (browser) Data
- Capture Clipboard Data (text or image)
- Capture File Events
- Capture Processes & Kill Process
- Stream Desktop (buggy)
- Network Functions
- Active Ports
- Network Shares
- LAN Computers
- Network Gateways
- Port Scanner
- System Functions
- Shutdown
- Restart
- Logoff
- Lock
- Hibernate
- Sleep
- Execute (run) a program (command)
- Misc
- Download / Get File (from client)
- Upload & Execute File
- Upload, Remove & Execute Plugin
- Execute C#/VB.NET code
- Speech
- Set transmission interval (how often the client communicates with the server)
Restless Honey Seeker 2016.2.4
C# Restless RAT (Remote Access Tool using RESTful services)
- http://haishibai.blogspot.dk/2010/01/tiy-try-out-windows-7-uac-using-c-part_26.html
- http://www.codeproject.com/Articles/19004/A-Simple-C-Global-Low-Level-Keyboard-Hook
- http://support.microsoft.com/kb/318804
- http://www.pinvoke.net/default.aspx/user32.sendinput
- http://support.microsoft.com/kb/304283
- http://system.data.sqlite.org/index.html/doc/trunk/www/downloads.wiki
- https://github.com/chrisdone/jquery-console
##3rd party libraries##
- Json.NET (http://www.newtonsoft.com/json)
- WebCameraControl (http://www.codeproject.com/Articles/125478/Versatile-WebCam-C-library)
- SQLite (https://system.data.sqlite.org/index.html/doc/trunk/www/index.wiki)
- ILMerg (http://research.microsoft.com/en-us/people/mbarnett/ILMerge.aspx)
- RestSharp (http://restsharp.org)
- DotNetZip (https://github.com/haf/DotNetZip.Semverd)