## https://sploitus.com/exploit?id=79944ACF-BDAC-5E68-8D09-E55D4DB1A83C
# Lightweight-MSF
[](https://opensource.org/licenses/MIT)
[](https://tauri.app/)
[](https://svelte.dev/)
[](https://www.rust-lang.org/)
[](https://github.com/PallabPC/lightweight-msf/actions)
A lightweight, cross-platform post-exploitation framework built with **Tauri 2**, **Svelte 5**, and **Rust**. Designed for security professionals and penetration testers who need a modern, high-performance tool with an intuitive graphical interface.

> โ ๏ธ **Legal Notice**: This tool is for **educational and authorized security testing only**. Unauthorized access to computer systems is illegal. Always obtain explicit, written consent before testing any system you do not own. See [Ethical Use](#ethical-use) for more information.
## โจ Features
### ๐ฏ Core Capabilities
- **Multi-Protocol Listeners** - TCP, HTTP, and HTTPS reverse handlers with TLS support
- **Payload Generation** - Multiple reverse shell formats (Bash, Python, PowerShell, Node.js, Rust)
- **Session Management** - Interactive shell access with real-time monitoring
- **Post-Exploitation** - File operations, screenshots, persistence, credential harvesting
- **Network Scanning** - TCP SYN scan, UDP scan, service detection, DNS enumeration
- **CVE Exploits** - Shellshock, Log4Shell, and other vulnerability exploits
### ๐ ๏ธ Post-Exploitation Modules
| Module | Description |
|--------|-------------|
| **Screenshot** | Capture target desktop and view in-app |
| **File Upload/Download** | Transfer files to/from target |
| **Persistence** | Install backdoors (macOS LaunchAgents, Linux Cronjobs) |
| **Keylogger** | Capture keystrokes on target |
| **Process Migration** | Move to different processes for evasion |
| **Hash Dump** | Extract password hashes |
| **SSH Harvester** | Collect SSH keys and credentials |
| **Browser Harvester** | Extract saved browser credentials |
| **WiFi Harvester** | Dump WiFi passwords |
| **Kerberos Harvester** | Collect Kerberos tickets |
### ๐จ User Interface
- **Modern Design** - Clean, Material Design-inspired interface
- **Dark/Light Themes** - Automatic and manual theme switching
- **Attack Graph** - Visual network topology mapping
- **Evidence Lab** - Organize and manage collected artifacts
- **Report Generation** - Export findings in Markdown, HTML, JSON, or CSV
- **Workspace Management** - Save and restore entire testing sessions
## ๐ Quick Start
### Prerequisites
- **Node.js** 18+ and npm
- **Rust** (latest stable)
- **Tauri system dependencies** (see [INSTALL.md](INSTALL.md))
### Installation
```bash
# Clone the repository
git clone https://github.com/PallabPC/lightweight-msf.git
cd lightweight-msf
# Install dependencies
npm install
# Run in development mode
npm run tauri dev
```
For detailed installation instructions including platform-specific requirements, see [INSTALL.md](INSTALL.md).
### Build for Distribution
```bash
# Create production build
npm run tauri build
# Output locations:
# macOS: src-tauri/target/release/bundle/macos/
# Windows: src-tauri/target/release/bundle/msi/
# Linux: src-tauri/target/release/bundle/deb/
```
## ๐ Usage Guide
### 1. Start a Listener
Navigate to **Listeners** โ Click **New Listener** โ Choose protocol (TCP/HTTP/HTTPS) โ Set port โ Click **Start**
### 2. Generate Payload
Navigate to **Payloads** โ Select payload type โ Configure LHOST/LPORT โ Click **Generate** โ Copy command
### 3. Execute on Target
Run the generated payload on the target system (with proper authorization).
### 4. Interact with Session
Once connected, navigate to **Sessions** โ Select session โ Use interactive terminal or run post-exploitation modules.
### 5. Run Post-Exploitation
From an active session, execute modules like:
- `screenshot` - Capture screen
- `upload` - Transfer files
- `persistence` - Install backdoor
- `hashdump` - Extract credentials
### 6. Generate Report
Navigate to **Reports** โ Select sessions/evidence โ Choose format โ Export
## ๐ Project Structure
```
lightweight-msf/
โโโ src/ # Svelte 5 frontend
โ โโโ routes/ # Page components (file-based routing)
โ โโโ lib/ # Shared utilities and stores
โโโ src-tauri/ # Rust backend
โ โโโ src/
โ โ โโโ commands.rs # Tauri command handlers
โ โ โโโ session.rs # Session management
โ โ โโโ listener.rs # Listener implementations
โ โ โโโ payload.rs # Payload generation
โ โ โโโ post.rs # Post-exploitation modules
โ โ โโโ exploit.rs # Exploit implementations
โ โ โโโ ... # Additional modules
โ โโโ Cargo.toml
โโโ e2e/ # Playwright end-to-end tests
โโโ docs/ # Documentation
โโโ package.json
```
## ๐งช Testing
```bash
# Frontend type checks and accessibility
npm run check
# Rust unit tests
cd src-tauri && cargo test
# End-to-end tests
npm run test:e2e
# Full CI check
npm run test:ci
```
## ๐ Documentation
- **[INSTALL.md](INSTALL.md)** - Detailed installation instructions
- **[CONTRIBUTING.md](CONTRIBUTING.md)** - Contribution guidelines
- **[SECURITY.md](SECURITY.md)** - Security policy and vulnerability reporting
- **[CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)** - Community guidelines
- **[AGENTS.md](AGENTS.md)** - Development agent instructions
## ๐ค Contributing
Contributions are welcome! Here's how you can help:
### Areas for Contribution
- ๐ Bug fixes and performance improvements
- ๐ New payload types and encoders
- ๐ฏ Additional exploit modules
- ๐จ UI/UX enhancements
- ๐ Documentation and examples
- ๐งช Test coverage improvements
### Getting Started
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes
4. Run tests (`npm run test:ci`)
5. Commit with clear messages
6. Submit a Pull Request
See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.
## ๐ Ethical Use
**Lightweight-MSF is designed for legitimate security testing and educational purposes only.**
### You MUST:
- โ Obtain explicit, written authorization before testing any system
- โ Use only in environments you own or have permission to test
- โ Follow all applicable laws and regulations
- โ Respect privacy and data protection requirements
### You MUST NOT:
- โ Use this tool for unauthorized access to computer systems
- โ Deploy against production systems without proper authorization
- โ Use for malicious purposes or illegal activities
- โ Violate any applicable laws or terms of service
**The authors and contributors are not responsible for misuse or damage caused by this software. Users are solely responsible for their actions and compliance with applicable laws.**
## ๐ก๏ธ Security
### Reporting Vulnerabilities
**Do NOT open public issues for security vulnerabilities.** Please use:
- GitHub's [Private Vulnerability Reporting](https://github.com/PallabPC/lightweight-msf/security/advisories/new)
- Direct email to the maintainer
See [SECURITY.md](SECURITY.md) for details.
### Security Features
- Encrypted HTTPS listeners with TLS
- Input validation and sanitization
- Secure credential storage
- Audit logging
- Principle of least privilege
## ๐ License
This project is licensed under the [MIT License](LICENSE).
## ๐ Acknowledgments
- [Tauri](https://tauri.app/) - Desktop application framework
- [Svelte](https://svelte.dev/) - Frontend framework
- [Rust](https://www.rust-lang.org/) - Systems programming language
- [Metasploit](https://www.metasploit.com/) - Inspiration for post-exploitation concepts
- All contributors and supporters of this project
## ๐ฌ Contact
- **GitHub Issues**: [Report bugs or request features](https://github.com/PallabPC/lightweight-msf/issues)
- **Discussions**: [Community discussions](https://github.com/PallabPC/lightweight-msf/discussions)
- **Security**: [Report vulnerabilities privately](SECURITY.md)
---
**Built with โค๏ธ using Tauri, Svelte, and Rust**
[Report Bug](https://github.com/PallabPC/lightweight-msf/issues) ยท [Request Feature](https://github.com/PallabPC/lightweight-msf/issues) ยท [Discussions](https://github.com/PallabPC/lightweight-msf/discussions)