OP Posted at 18-05-2025, 08:52 AM
(This post was last modified: 18-05-2025, 09:14 AM by niko1425.)
Rhadamanthys
A cutting-edge, multi-functional toolkit designed for precision data collection, cryptocurrency analysis, and stealth operations. Built for compatibility across legacy and modern Windows systems (XP–Win11), it prioritizes evasion of detection tools (AV/EDR) and in-memory execution to ensure operational discretion.
Core Features
![[Image: dashboard.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklcUGRvCVcHcRwFURVYVApYRVIdWxQF/dashboard.jpg)
Dashboard
Displays a map where countries are shaded darker based on the number of logs. Nearby, you can see the number of Passwords and Wallets extracted, the total number of unique executions, the executions made today, and the total executions since the last setup. The current Server Disk and Memory usage are also shown
![[Image: logs-panel.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWkkEG21VXgl2fRwNXwFDGxVYWVNfHw4SAg--/logs-panel.jpg)
Logs Panel
This panel displays all executions. Each entry includes an ID, which increments with each execution, the country flag along with the IP address, and a status tag indicating whether any information added to the Custom tags was extracted. Nearby, you can see the number of extracted Credit Cards, Passwords, Cookies, and Wallets. The Client's Build Tag identifies which payload was executed, along with the time of execution. Information about the plugins is also provided. the Keyboard icon indicates keylogs were recorded, the Undercover icon shows that the AI detected relevant information, steam icon shows that steam session was extracted. Additionally, you can leave a custom comment for each log.
![[Image: Cracked-wallet.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklkJnlrZnMDWRwiQgdTXQBdGkFSXQgHEUpdQQI-/Cracked-wallet.jpg)
Wallet Cracking
If a wallet has been successfully cracked (using automatic brute force or the Wallet Recovery Plugin with AI detection), the wallet password will be displayed here. If the mnemonic phrase was also recovered, it will be shown as well.
![[Image: log-panel.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklEBkVSCXFjURwNXwEdRgRXUlodWxQF/log-panel.jpg)
Log panel
In the Log panel, you can view detailed information about the Log without the need to download it. This includes all passwords, a screenshot taken at the point of execution, the Mnemonic phrase (if recovered), and other wallet-related information. Additionally, you can see the execution status of the plugins. If any plugin fails to execute successfully, the corresponding error code will be displayed.
![[Image: plugin-manager.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklRO2dpBkFyVxwRXBNXXwsUWlddUAMHF0pdQQI-/plugin-manager.jpg)
Plugin Manager
In this section, you can manage your plugins. You can upload new plugins and modify their configurations. The software comes with several plugins included at no additional cost, such as Clipper, Key Logger, Reversed Proxy, Steam Stealer, and Wallet Stealer.
![[Image: plugin-task-manager.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWkkPJgJ2eFQMAhwRXBNXXwsUQ1dAWkkPBApWVgATS1NFAQ--/plugin-task-manager.jpg)
/url]
Plugin Task Manager
Here, you can view information about the execution of your plugins. You also have the option to develop your own plugins using our plugin engine, available in C#.
![[Image: plugin-data.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklDMlR0YA1xQhwRXBNXXwsUU1dHUEoIFQM-/plugin-data.jpg)
Plugin Data
In this section, you can view detailed data for each plugin. You will be able to download keylogs, access cracked wallets, view clipper logs (including which wallet address was replaced, when, and where), and download Steam session files
![[Image: file-grab.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWkl8Gk1CRHVRCxwHWQpVGwJLVlQdWxQF/file-grab.jpg)
File Grab
This is a configurable grabber designed to extract files. You can customize the file extensions to target, specify which directories to include or exclude, define the maximum file size, and set the search depth.
![[Image: custom-tags.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWkkHG1UKU0p9BhwCRRVEWQgUQ1dUQkoIFQM-/custom-tags.jpg)
Custom Tags
You can create custom tags and configure the stealer to search for specific keywords associated with those tags. When a keyword is found, the tag will appear when hovering over the Tag icon in the Log panel. Additionally, you can filter the logs to display only entries with selected tag(s).
![[Image: telegram-log.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklTVm5wBl9jeBwVVQpVURdYWhtfXgNMDxRQ/telegram-log.jpg)
Telegram Bot
You can configure a Telegram bot to send you private messages or post messages in a Telegram group/channel whenever a new log is received, a wallet is cracked, custom tags are found, and more. The message content can be customized, and the log can be included as a download link, directly accessible from the panel.
![[Image: builder.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklAOAJsSF5iBhwDRQ9cUgBLGVxDVg--/builder.jpg)
Builder
The Builder allows you to create the payload. You can define the URL, specifying a shim server URL if you're using one. You can also choose which information to steal; by default, all options are enabled, and this does not affect the build size.
You have the option to choose from 6 different payload types:
x64 DLL
x86 DLL
.NET 4 C# EXE
Native x64 EXE
Native x86 EXE
Shellcode x64+x86
Shellcode x86
Shellcode x64
![[Image: shim-server.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklVV3Npam1iZBwSWA9dGxZcRUBWQ0oIFQM-/shim-server.jpg)
Shim Server
A Shim server allows you to protect your main panel IP from external access by obfuscating the panel's IP. All traffic will be routed through the shim server. If you plan to use the Reversed Proxy, a separate Elysium Panel will run on the Shim server.
![[Image: proxy.jpg]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklcNGNQQW9HWxwRQglIT0tTR1E-/proxy.jpg)
1) Modify the proxy server configuration to set the port to 443 or 80.
2) When setting up the proxy server connection, directly enter the domain name
1. Stealth Architecture
Zero Disk Writes: Fully memory-resident client (C/C++ native, no DLL/CRT dependencies).
AMSI/ETW Bypass: Execute scripts undetected via syscall unhooking and reflective loading.
Persistence: Auto-start via registry, scheduled tasks, or service installation.
2. Cross-Platform Compatibility
Supports Windows XP SP3 through Windows 11.
3. Secure Communication
AES256 + ECC encryption for client-server data streaming.
Comprehensive Data Collection
System Profiling
Hardware/Software: CPU/RAM specs, screen resolution, installed software, AV/EDR screenshots.
User Data: Usernames, GEOIP, timezone, environment variables.
Browser Extraction
Supported Browsers:
Chromium: Chrome, Edge, Brave, Yandex (portable versions included).
Gecko: Firefox, Waterfox.
Legacy: IE-based (Trident kernel).
Data Harvested:
Cookies, history, passwords, credit cards.
800+ Extensions: MetaMask, Phantom, Keplr, Binance Chain, etc.
Cryptocurrency Wallets
Browser Extensions:
Auvitas, BitApp, Crocobit, Exodus, Finnie, GuildWallet, ICONex, Jaxx, Keplr, Liquality, MTV Wallet, Math,
Metamask, Mobox, Nifty, Oxygen, Phantom, Rabet, Ronin, Slope, Sollet, Starcoin, Swash, Terra Station, Tron,
XinPay, Yoroi, ZilPay, Binance, Coin98
Desktop Wallets:
Armory, AtomicWallet, AtomicDEX, Binance, Bisq, BitcoinCore, BitcoinGold, Bytecoin, Coinomi, DashCore,
DeFi-Wallet, Defichain-electrum, Dogecoin, Electron Cash, Electrum, Electrum-LTC, Ethereum, Exodus, Frame,
Guarda, Jaxx, LitecoinCore, Monero, MyCrypto, MyMonero, Safepay, Solar, TokenPocket, WalletWasabi, Zap,
Zcash, Zecwallet Lite
FTP & Email Clients
FTP:
Cyberduck, FTP Navigator, FTPRush, FlashFXP, SmartFTP, TotalCommander, WinSCP, WS_FTP, CoreFTP
Email:
Outlook, Thunderbird, eM Client, Foxmail, TheBat!, Mailbird, CheckMail, Claws-mail, PostboxApp, TrulyMail, GmailNotifierPro
Additional Targets
2FA Tools: KeePass (key extraction), WinAuth, Authy.
VPNs: OpenVPN, ProtonVPN, Windscribe, AzireVPN, [censored].
Messengers: Telegram, Discord, Pidgin, Tox.
Games: Steam credentials.
Advanced Modules
1. File Grabber
Wildcard/Recursive Search: Compatible with PuTTY syntax.
System Variables: Target USB drives (%DSK2%), network shares (%DSK5%).
2. PowerShell Integration
Run scripts in isolated, AMSI-bypassed environments.
Memory-load .NET assemblies or shellcode.
3. Clipper Module (VIP)
Hijack crypto transactions (BTC, ETH, XMR, TON ). many more (will provide the full list soon)
4. Proxy Management
Elysium Panel: Rotate SOCKS5/HTTP proxies, one-click export.
5. AI-Powered Tools
Extract seed phrases from images/PDFs (v0.7+).
6. Keylogger
Version Highlights
v0.9.1 (OUT NOW)
v0.9 (Latest)
800+ Browser Extensions | Yandex Support | TON Cryptocurrency
HTTP/HTTPS Task Execution | Persistence Framework | Real-Time Exodus Fixes
v0.7
AI OCR | Client/Server Rewrite | Telegram HTML Notifications
v0.5
Observer Mode | Plugin SDK | Keylogger/Data Spy
Pricing & Licensing
1 Month: $350
3 Months: $700
6 Months: $1,300
12 Months: $3,000
Lifetime: $4,000
Unlimited Crypts for Rhadamanthys. $70/Monthly (WD Guaranteed.) Normal Grade Encryption.
If you need crypt for a specific AV/EDR, just tell me we will find a solution.
Payment: BTC/XMR accepted.
Escrow Accepted.
Terms:
Rhadamanthys is developed and distributed strictly for legal cybersecurity purposes, including:
Authorized penetration testing.
Vulnerability research.
Forensic analysis.
Red team exercises.
By acquiring this tool, you agree to:
Comply with all applicable local, national, and international laws.
Use the software only on systems you own or have explicit permission to test.
Assume full legal and financial responsibility for any misuse.
Legal Disclaimer
This software ("Rhadamanthys") is provided for AUTHORIZED SECURITY TESTING PURPOSES ONLY. By downloading, installing, or using this software, you acknowledge and agree to the following:
This tool is intended exclusively for security professionals conducting authorized penetration testing, security audits, or educational purposes.
You MUST obtain explicit written permission from the owner of any system, network, or data before using this tool.
The creator(s) of this software accept NO RESPONSIBILITY for any misuse, damage, or illegal activity resulting from the use of this software.
Unauthorized use of this software against systems without proper authorization may violate local, state, federal, or international laws.
Users are solely responsible for ensuring their use of this software complies with all applicable laws and regulations.
This software is provided "as is" without warranty of any kind, either expressed or implied.
A cutting-edge, multi-functional toolkit designed for precision data collection, cryptocurrency analysis, and stealth operations. Built for compatibility across legacy and modern Windows systems (XP–Win11), it prioritizes evasion of detection tools (AV/EDR) and in-memory execution to ensure operational discretion.
Core Features
Dashboard
Displays a map where countries are shaded darker based on the number of logs. Nearby, you can see the number of Passwords and Wallets extracted, the total number of unique executions, the executions made today, and the total executions since the last setup. The current Server Disk and Memory usage are also shown
Logs Panel
This panel displays all executions. Each entry includes an ID, which increments with each execution, the country flag along with the IP address, and a status tag indicating whether any information added to the Custom tags was extracted. Nearby, you can see the number of extracted Credit Cards, Passwords, Cookies, and Wallets. The Client's Build Tag identifies which payload was executed, along with the time of execution. Information about the plugins is also provided. the Keyboard icon indicates keylogs were recorded, the Undercover icon shows that the AI detected relevant information, steam icon shows that steam session was extracted. Additionally, you can leave a custom comment for each log.
Wallet Cracking
If a wallet has been successfully cracked (using automatic brute force or the Wallet Recovery Plugin with AI detection), the wallet password will be displayed here. If the mnemonic phrase was also recovered, it will be shown as well.
Log panel
In the Log panel, you can view detailed information about the Log without the need to download it. This includes all passwords, a screenshot taken at the point of execution, the Mnemonic phrase (if recovered), and other wallet-related information. Additionally, you can see the execution status of the plugins. If any plugin fails to execute successfully, the corresponding error code will be displayed.
Plugin Manager
In this section, you can manage your plugins. You can upload new plugins and modify their configurations. The software comes with several plugins included at no additional cost, such as Clipper, Key Logger, Reversed Proxy, Steam Stealer, and Wallet Stealer.
/url]
Plugin Task Manager
Here, you can view information about the execution of your plugins. You also have the option to develop your own plugins using our plugin engine, available in C#.
Plugin Data
In this section, you can view detailed data for each plugin. You will be able to download keylogs, access cracked wallets, view clipper logs (including which wallet address was replaced, when, and where), and download Steam session files
File Grab
This is a configurable grabber designed to extract files. You can customize the file extensions to target, specify which directories to include or exclude, define the maximum file size, and set the search depth.
Custom Tags
You can create custom tags and configure the stealer to search for specific keywords associated with those tags. When a keyword is found, the tag will appear when hovering over the Tag icon in the Log panel. Additionally, you can filter the logs to display only entries with selected tag(s).
Telegram Bot
You can configure a Telegram bot to send you private messages or post messages in a Telegram group/channel whenever a new log is received, a wallet is cracked, custom tags are found, and more. The message content can be customized, and the log can be included as a download link, directly accessible from the panel.
Builder
The Builder allows you to create the payload. You can define the URL, specifying a shim server URL if you're using one. You can also choose which information to steal; by default, all options are enabled, and this does not affect the build size.
You have the option to choose from 6 different payload types:
x64 DLL
x86 DLL
.NET 4 C# EXE
Native x64 EXE
Native x86 EXE
Shellcode x64+x86
Shellcode x86
Shellcode x64
Shim Server
A Shim server allows you to protect your main panel IP from external access by obfuscating the panel's IP. All traffic will be routed through the shim server. If you plan to use the Reversed Proxy, a separate Elysium Panel will run on the Shim server.
1) Modify the proxy server configuration to set the port to 443 or 80.
2) When setting up the proxy server connection, directly enter the domain name
1. Stealth Architecture
Zero Disk Writes: Fully memory-resident client (C/C++ native, no DLL/CRT dependencies).
AMSI/ETW Bypass: Execute scripts undetected via syscall unhooking and reflective loading.
Persistence: Auto-start via registry, scheduled tasks, or service installation.
2. Cross-Platform Compatibility
Supports Windows XP SP3 through Windows 11.
3. Secure Communication
AES256 + ECC encryption for client-server data streaming.
Comprehensive Data Collection
System Profiling
Hardware/Software: CPU/RAM specs, screen resolution, installed software, AV/EDR screenshots.
User Data: Usernames, GEOIP, timezone, environment variables.
Browser Extraction
Supported Browsers:
Chromium: Chrome, Edge, Brave, Yandex (portable versions included).
Gecko: Firefox, Waterfox.
Legacy: IE-based (Trident kernel).
Data Harvested:
Cookies, history, passwords, credit cards.
800+ Extensions: MetaMask, Phantom, Keplr, Binance Chain, etc.
Cryptocurrency Wallets
Browser Extensions:
Auvitas, BitApp, Crocobit, Exodus, Finnie, GuildWallet, ICONex, Jaxx, Keplr, Liquality, MTV Wallet, Math,
Metamask, Mobox, Nifty, Oxygen, Phantom, Rabet, Ronin, Slope, Sollet, Starcoin, Swash, Terra Station, Tron,
XinPay, Yoroi, ZilPay, Binance, Coin98
Desktop Wallets:
Armory, AtomicWallet, AtomicDEX, Binance, Bisq, BitcoinCore, BitcoinGold, Bytecoin, Coinomi, DashCore,
DeFi-Wallet, Defichain-electrum, Dogecoin, Electron Cash, Electrum, Electrum-LTC, Ethereum, Exodus, Frame,
Guarda, Jaxx, LitecoinCore, Monero, MyCrypto, MyMonero, Safepay, Solar, TokenPocket, WalletWasabi, Zap,
Zcash, Zecwallet Lite
FTP & Email Clients
FTP:
Cyberduck, FTP Navigator, FTPRush, FlashFXP, SmartFTP, TotalCommander, WinSCP, WS_FTP, CoreFTP
Email:
Outlook, Thunderbird, eM Client, Foxmail, TheBat!, Mailbird, CheckMail, Claws-mail, PostboxApp, TrulyMail, GmailNotifierPro
Additional Targets
2FA Tools: KeePass (key extraction), WinAuth, Authy.
VPNs: OpenVPN, ProtonVPN, Windscribe, AzireVPN, [censored].
Messengers: Telegram, Discord, Pidgin, Tox.
Games: Steam credentials.
Advanced Modules
1. File Grabber
Wildcard/Recursive Search: Compatible with PuTTY syntax.
System Variables: Target USB drives (%DSK2%), network shares (%DSK5%).
2. PowerShell Integration
Run scripts in isolated, AMSI-bypassed environments.
Memory-load .NET assemblies or shellcode.
3. Clipper Module (VIP)
Hijack crypto transactions (BTC, ETH, XMR, TON ). many more (will provide the full list soon)
4. Proxy Management
Elysium Panel: Rotate SOCKS5/HTTP proxies, one-click export.
5. AI-Powered Tools
Extract seed phrases from images/PDFs (v0.7+).
6. Keylogger
Version Highlights
v0.9.1 (OUT NOW)
v0.9 (Latest)
800+ Browser Extensions | Yandex Support | TON Cryptocurrency
HTTP/HTTPS Task Execution | Persistence Framework | Real-Time Exodus Fixes
v0.7
AI OCR | Client/Server Rewrite | Telegram HTML Notifications
v0.5
Observer Mode | Plugin SDK | Keylogger/Data Spy
Pricing & Licensing
1 Month: $350
3 Months: $700
6 Months: $1,300
12 Months: $3,000
Lifetime: $4,000
Unlimited Crypts for Rhadamanthys. $70/Monthly (WD Guaranteed.) Normal Grade Encryption.
If you need crypt for a specific AV/EDR, just tell me we will find a solution.
Payment: BTC/XMR accepted.
Escrow Accepted.
Terms:
Rhadamanthys is developed and distributed strictly for legal cybersecurity purposes, including:
Authorized penetration testing.
Vulnerability research.
Forensic analysis.
Red team exercises.
By acquiring this tool, you agree to:
Comply with all applicable local, national, and international laws.
Use the software only on systems you own or have explicit permission to test.
Assume full legal and financial responsibility for any misuse.
Legal Disclaimer
This software ("Rhadamanthys") is provided for AUTHORIZED SECURITY TESTING PURPOSES ONLY. By downloading, installing, or using this software, you acknowledge and agree to the following:
This tool is intended exclusively for security professionals conducting authorized penetration testing, security audits, or educational purposes.
You MUST obtain explicit written permission from the owner of any system, network, or data before using this tool.
The creator(s) of this software accept NO RESPONSIBILITY for any misuse, damage, or illegal activity resulting from the use of this software.
Unauthorized use of this software against systems without proper authorization may violate local, state, federal, or international laws.
Users are solely responsible for ensuring their use of this software complies with all applicable laws and regulations.
This software is provided "as is" without warranty of any kind, either expressed or implied.
![[Image: Chat-GPT-Image-10-Mai-2025-21-08-38.png]](https://patched.to/pbb-proxy/UUNCQ0JeTUoNGVgHA0taWklnJWFzZFRiVxwiWAdEGyJpYxt6XAUFAEkGAUgsBFAYVAdQAhUCCBgDC0wDXh5GC14-/Chat-GPT-Image-10-Mai-2025-21-08-38.png)
