It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in the background and saves them locally Saves replays of connections so you can look at them later Runs console commands or PowerShell payloads automatically on new connections RDP Player: Sees live RDP connections coming from the MITM Views replays of RDP connections Takes control of active RDP sessions while hiding your actions Lists the client's mapped drives and download files from them during active sessions RDP Certificate Cloner: Creates a self-signed X509 certificate with the same fields as an RDP server's certificate We have used this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine. PyRDP was first introduced in a blog post in which....
e, but e #2
e