python-rdpy Package Description

RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).

Source: https://github.com/citronneur/rdpy
RDPY Homepage | Kali python-rdpy Repo

  • Author: Sylvain Peyrefitte
  • License: GPL-3+

Tools included in the python-rdpy package

rdpy-rdpclient – a simple RDP Qt4 client
root@kali:~# rdpy-rdpclient -h

    Usage: rdpy-rdpclient [options] ip[:port]"
        -u: user name
        -p: password
        -d: domain
        -w: width of screen [default : 1024]
        -l: height of screen [default : 800]
        -f: enable full screen mode [default : False]
        -k: keyboard layout [en|fr] [default : en]
        -o: optimized session (disable costly effect) [default : False]
        -r: rss_filepath Recorded Session Scenario [default : None]
rdpy-rdphoneypot – an RDP honeypot
root@kali:~# rdpy-rdphoneypot -h

    Usage:  rdpy-rdphoneypot.py rss_filepath(1..n)
            [-l listen_port default 3389]
            [-k private_key_file_path (mandatory for SSL)]
            [-c certificate_file_path (mandatory for SSL)]
rdpy-rdpmitm – an RDP proxy that allows you to do a Man In The Middle attack on the RDP protocol
root@kali:~# rdpy-rdpmitm -h

    Usage:  rdpy-rdpmitm.py -o output_directory target
            [-l listen_port default 3389]
            [-k private_key_file_path (mandatory for SSL)]
            [-c certificate_file_path (mandatory for SSL)]
            [-o output directory for recoded files]
            [-r RDP standard security (XP or server 2003 client or older)]
            [-n For NLA Client authentication (need to provide credentials)]
rdpy-rdpscreenshot – saves a screenshot of the RDP login screen to a file
root@kali:~# rdpy-rdpscreenshot -h
Usage: rdpy-rdpscreenshot [options] ip[:port]
    -w: width of screen default value is 1024
    -l: height of screen default value is 800
    -o: file path of screenshot default(/tmp/rdpy-rdpscreenshot.jpg)
    -t: timeout of connection without any updating order (default is 2s)
rdpy-vncscreenshot – saves a screenshot of the VNC login screen to a file
root@kali:~# rdpy-vncscreenshot -h
Usage: rdpy-vncscreenshot [options] ip[:port]
    -o: file path of screenshot default(/tmp/rdpy-vncscreenshot.jpg)
    -p: password for VNC Session

python-rdpy Usage Examples

Connect via RDP to a remote host with the provided credentials.

root@kali:~# rdpy-rdpclient -u victim -p s3cr3t 192.168.86.61:3389
[*] INFO:   keyboard layout set to en
[*] INFO:   *******************************************
[*] INFO:   *          NLA Security selected          *
[*] INFO:   *******************************************

Take a screenshot of the remote desktop login screen of the specified host.

root@kali:~# rdpy-rdpscreenshot -w 800 -l 600 -o ~/rdp-host.jpg 192.168.86.61:3389
[*] INFO:   *******************************************
[*] INFO:   *          SSL Security selected          *
[*] INFO:   *******************************************
[*] INFO:   connected IPv4Address(TCP, '192.168.86.61', 3389)
[*] INFO:   save screenshot into /root/rdp-host.jpg192.168.86.61.jpg
Menu