Howto Install the Pupy Post Exploitation Kit on Kali Linux


Pupy is a Remote Access/Post Exploitation tool.

Here are some of my favorite features:

  • All-in-memory execution
  • A windows payload that can load the entire Python interpreter from memory using a reflective DLL
  • Execute non-interactive commands on multiple hosts at once.
  • Reflectively migrate into other processes.
  • Interactive shells (cmd.exe, /bin/bash, etc) can be opened remotely and have a real tty (with all keyboard signals working just like an SSH shell).
  • Remote Desktop session via your local browser
  • Customizable command line aliases

Full project details and source code can be found here:

Installation Instructions

I found the install instructions on Pupy’s github page confusing. Once I figured out how to install it I though I’d share what I learned with folks. These instruction are for Kali 2020 Rolling.

Docker Setup

curl -fsSL | sudo apt-key add -
echo 'deb [arch=amd64] buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get remove docker docker-engine
sudo apt-get install docker-ce
docker run hello-world
systemctl start docker
systemctl enable docker
sudo usermod -aG docker kali
# you must open a new terminal window for the user kali to be part of the group docker

Grub Setup

Please take a backup of your grub before modifying it

cp /etc/default/grub /root/grub_backup

## Replace GRUB_CMDLINE_LINUX_DEFAULT with the line below

## now run update-grup

Install Prerequisites

apt-get install git libssl1.0-dev libffi-dev python-dev \
	python-pip build-essential python-openssl swig tcpdump

pip install virtualenv==16.7.10
pip install flake8==3.6.0

Download pupy and install

git clone --recursive
cd pupy
./ -E virtualenv pupyws

Modify Config to Listen on Correct IP

You will need to modify pupy.conf to ensure it listens on the right IP address. If you are using a vpn this would be the IP of tun0.

In the [pupyd] section of pupy.conf, Modify "external=IP"

transport = ec4
port = 8080
ipv6 = false
igd = false
httpd = false
webserver = true
dnscnc = localhost:5454
use_gnome_keyring = false
external = YOUR_IP_GOES_HERE
allow_requests_to_external_services = false

2 comments to Howto Install the Pupy Post Exploitation Kit on Kali Linux

  • offsec

    Did everything as advised but still encountered an error at the final stage of installation related to docker. Can you assist please.

    docker: Error response from daemon: Get Get dial tcp: lookup on read udp> i/o timeout.
    See ‘docker run –help’.
    Traceback (most recent call last):
    File “”, line 657, in
    File “”, line 563, in main
    templates, args.image_tag, args.persistent
    File “”, line 256, in build_templates
    subprocess.check_call(args, stderr=subprocess.STDOUT)
    File “/usr/lib/python2.7/”, line 190, in check_call
    raise CalledProcessError(retcode, cmd)
    subprocess.CalledProcessError: Command ‘[u’docker’, u’run’, u’–rm’, u’–name=build-pupy-linux64-a9c8′, u’–ulimit’, u’nofile=65535:65535′, u’–security-opt’, u’label=disable’, u’–mount’, u’type=bind,src=/home/cybersec/Offensive/tools/pupy,target=/build/workspace/project’, u’alxchk/tc-linux64:latest’, u’client/sources-linux/’]’ returned non-zero exit status 125

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.