Share
## https://sploitus.com/exploit?id=79944ACF-BDAC-5E68-8D09-E55D4DB1A83C
# Lightweight-MSF

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Tauri](https://img.shields.io/badge/Tauri-2.0-24C8DB?logo=tauri)](https://tauri.app/)
[![Svelte](https://img.shields.io/badge/Svelte-5-FF3E00?logo=svelte)](https://svelte.dev/)
[![Rust](https://img.shields.io/badge/Rust-Stable-DEA584?logo=rust)](https://www.rust-lang.org/)
[![CI/CD](https://github.com/PallabPC/lightweight-msf/actions/workflows/build.yml/badge.svg)](https://github.com/PallabPC/lightweight-msf/actions)

A lightweight, cross-platform post-exploitation framework built with **Tauri 2**, **Svelte 5**, and **Rust**. Designed for security professionals and penetration testers who need a modern, high-performance tool with an intuitive graphical interface.

![Lightweight-MSF Dashboard](docs/screenshots/dashboard.png)

> โš ๏ธ **Legal Notice**: This tool is for **educational and authorized security testing only**. Unauthorized access to computer systems is illegal. Always obtain explicit, written consent before testing any system you do not own. See [Ethical Use](#ethical-use) for more information.

## โœจ Features

### ๐ŸŽฏ Core Capabilities

- **Multi-Protocol Listeners** - TCP, HTTP, and HTTPS reverse handlers with TLS support
- **Payload Generation** - Multiple reverse shell formats (Bash, Python, PowerShell, Node.js, Rust)
- **Session Management** - Interactive shell access with real-time monitoring
- **Post-Exploitation** - File operations, screenshots, persistence, credential harvesting
- **Network Scanning** - TCP SYN scan, UDP scan, service detection, DNS enumeration
- **CVE Exploits** - Shellshock, Log4Shell, and other vulnerability exploits

### ๐Ÿ› ๏ธ Post-Exploitation Modules

| Module | Description |
|--------|-------------|
| **Screenshot** | Capture target desktop and view in-app |
| **File Upload/Download** | Transfer files to/from target |
| **Persistence** | Install backdoors (macOS LaunchAgents, Linux Cronjobs) |
| **Keylogger** | Capture keystrokes on target |
| **Process Migration** | Move to different processes for evasion |
| **Hash Dump** | Extract password hashes |
| **SSH Harvester** | Collect SSH keys and credentials |
| **Browser Harvester** | Extract saved browser credentials |
| **WiFi Harvester** | Dump WiFi passwords |
| **Kerberos Harvester** | Collect Kerberos tickets |

### ๐ŸŽจ User Interface

- **Modern Design** - Clean, Material Design-inspired interface
- **Dark/Light Themes** - Automatic and manual theme switching
- **Attack Graph** - Visual network topology mapping
- **Evidence Lab** - Organize and manage collected artifacts
- **Report Generation** - Export findings in Markdown, HTML, JSON, or CSV
- **Workspace Management** - Save and restore entire testing sessions

## ๐Ÿš€ Quick Start

### Prerequisites

- **Node.js** 18+ and npm
- **Rust** (latest stable)
- **Tauri system dependencies** (see [INSTALL.md](INSTALL.md))

### Installation

```bash
# Clone the repository
git clone https://github.com/PallabPC/lightweight-msf.git
cd lightweight-msf

# Install dependencies
npm install

# Run in development mode
npm run tauri dev
```

For detailed installation instructions including platform-specific requirements, see [INSTALL.md](INSTALL.md).

### Build for Distribution

```bash
# Create production build
npm run tauri build

# Output locations:
# macOS: src-tauri/target/release/bundle/macos/
# Windows: src-tauri/target/release/bundle/msi/
# Linux: src-tauri/target/release/bundle/deb/
```

## ๐Ÿ“– Usage Guide

### 1. Start a Listener

Navigate to **Listeners** โ†’ Click **New Listener** โ†’ Choose protocol (TCP/HTTP/HTTPS) โ†’ Set port โ†’ Click **Start**

### 2. Generate Payload

Navigate to **Payloads** โ†’ Select payload type โ†’ Configure LHOST/LPORT โ†’ Click **Generate** โ†’ Copy command

### 3. Execute on Target

Run the generated payload on the target system (with proper authorization).

### 4. Interact with Session

Once connected, navigate to **Sessions** โ†’ Select session โ†’ Use interactive terminal or run post-exploitation modules.

### 5. Run Post-Exploitation

From an active session, execute modules like:
- `screenshot` - Capture screen
- `upload` - Transfer files
- `persistence` - Install backdoor
- `hashdump` - Extract credentials

### 6. Generate Report

Navigate to **Reports** โ†’ Select sessions/evidence โ†’ Choose format โ†’ Export

## ๐Ÿ“ Project Structure

```
lightweight-msf/
โ”œโ”€โ”€ src/                      # Svelte 5 frontend
โ”‚   โ”œโ”€โ”€ routes/               # Page components (file-based routing)
โ”‚   โ””โ”€โ”€ lib/                  # Shared utilities and stores
โ”œโ”€โ”€ src-tauri/                # Rust backend
โ”‚   โ”œโ”€โ”€ src/
โ”‚   โ”‚   โ”œโ”€โ”€ commands.rs       # Tauri command handlers
โ”‚   โ”‚   โ”œโ”€โ”€ session.rs        # Session management
โ”‚   โ”‚   โ”œโ”€โ”€ listener.rs       # Listener implementations
โ”‚   โ”‚   โ”œโ”€โ”€ payload.rs        # Payload generation
โ”‚   โ”‚   โ”œโ”€โ”€ post.rs           # Post-exploitation modules
โ”‚   โ”‚   โ”œโ”€โ”€ exploit.rs        # Exploit implementations
โ”‚   โ”‚   โ””โ”€โ”€ ...               # Additional modules
โ”‚   โ””โ”€โ”€ Cargo.toml
โ”œโ”€โ”€ e2e/                      # Playwright end-to-end tests
โ”œโ”€โ”€ docs/                     # Documentation
โ””โ”€โ”€ package.json
```

## ๐Ÿงช Testing

```bash
# Frontend type checks and accessibility
npm run check

# Rust unit tests
cd src-tauri && cargo test

# End-to-end tests
npm run test:e2e

# Full CI check
npm run test:ci
```

## ๐Ÿ“š Documentation

- **[INSTALL.md](INSTALL.md)** - Detailed installation instructions
- **[CONTRIBUTING.md](CONTRIBUTING.md)** - Contribution guidelines
- **[SECURITY.md](SECURITY.md)** - Security policy and vulnerability reporting
- **[CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)** - Community guidelines
- **[AGENTS.md](AGENTS.md)** - Development agent instructions

## ๐Ÿค Contributing

Contributions are welcome! Here's how you can help:

### Areas for Contribution

- ๐Ÿ› Bug fixes and performance improvements
- ๐Ÿ”Œ New payload types and encoders
- ๐ŸŽฏ Additional exploit modules
- ๐ŸŽจ UI/UX enhancements
- ๐Ÿ“– Documentation and examples
- ๐Ÿงช Test coverage improvements

### Getting Started

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes
4. Run tests (`npm run test:ci`)
5. Commit with clear messages
6. Submit a Pull Request

See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.

## ๐Ÿ”’ Ethical Use

**Lightweight-MSF is designed for legitimate security testing and educational purposes only.**

### You MUST:

- โœ… Obtain explicit, written authorization before testing any system
- โœ… Use only in environments you own or have permission to test
- โœ… Follow all applicable laws and regulations
- โœ… Respect privacy and data protection requirements

### You MUST NOT:

- โŒ Use this tool for unauthorized access to computer systems
- โŒ Deploy against production systems without proper authorization
- โŒ Use for malicious purposes or illegal activities
- โŒ Violate any applicable laws or terms of service

**The authors and contributors are not responsible for misuse or damage caused by this software. Users are solely responsible for their actions and compliance with applicable laws.**

## ๐Ÿ›ก๏ธ Security

### Reporting Vulnerabilities

**Do NOT open public issues for security vulnerabilities.** Please use:

- GitHub's [Private Vulnerability Reporting](https://github.com/PallabPC/lightweight-msf/security/advisories/new)
- Direct email to the maintainer

See [SECURITY.md](SECURITY.md) for details.

### Security Features

- Encrypted HTTPS listeners with TLS
- Input validation and sanitization
- Secure credential storage
- Audit logging
- Principle of least privilege

## ๐Ÿ“„ License

This project is licensed under the [MIT License](LICENSE).

## ๐Ÿ™ Acknowledgments

- [Tauri](https://tauri.app/) - Desktop application framework
- [Svelte](https://svelte.dev/) - Frontend framework
- [Rust](https://www.rust-lang.org/) - Systems programming language
- [Metasploit](https://www.metasploit.com/) - Inspiration for post-exploitation concepts
- All contributors and supporters of this project

## ๐Ÿ“ฌ Contact

- **GitHub Issues**: [Report bugs or request features](https://github.com/PallabPC/lightweight-msf/issues)
- **Discussions**: [Community discussions](https://github.com/PallabPC/lightweight-msf/discussions)
- **Security**: [Report vulnerabilities privately](SECURITY.md)

---



**Built with โค๏ธ using Tauri, Svelte, and Rust**

[Report Bug](https://github.com/PallabPC/lightweight-msf/issues) ยท [Request Feature](https://github.com/PallabPC/lightweight-msf/issues) ยท [Discussions](https://github.com/PallabPC/lightweight-msf/discussions)