Test how a Windows machine's defenses hold up against remote desktop control during an authorized red team exercise.
Practice building and viewing a live encrypted remote desktop feed for security research.
Study how encrypted WebSocket and HTTPS fallback connections can be built between two custom programs.
| nzyuko/rustyvnc | arman-bd/chromiumfish | avelino/mcp | |
|---|---|---|---|
| Stars | 54 | 55 | 52 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | easy | easy |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | researcher | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires cross compiling a Windows client from Linux and running it inside an interactive Windows desktop session.
RustyVNC is a tool built for red team security testing. It lets an authorized operator watch and control a Windows desktop remotely, similar in spirit to VNC, but built as two separate pieces that talk to each other over an encrypted connection. The project has two parts. The client runs on the Windows machine being observed. It is written in Rust and handles capturing the desktop, encoding what it sees as JPEG images, launching applications, and sending back mouse and keyboard input. The server runs on the operator's own machine, written in Go, and handles the network connection, checks that incoming frames are valid, sends the video feed out to anyone viewing it, and serves a small browser page for viewing. To use it, you start the server first, which listens on a local address and either uses a certificate you provide or creates a temporary one on the spot. You then open the viewer in a web browser at that address. The Windows client is built separately using a cross compiler and then run directly on the target machine, pointed at the server's address. Under the hood, the client tries to open a secure, real time connection to the server, called a WebSocket. If that is not available, it falls back to sending updates over regular encrypted web requests instead. Either way, the connection is encrypted, the tool refuses to run over an unencrypted link. The client will not run in certain background Windows sessions, since those produce blank output instead of a real view of the desktop. Right now, the project supports only one connected viewer at a time, which keeps the code simpler while the core features are still settling. The README notes that the server should stay on the local machine by default, and that anyone exposing it more broadly should add proper certificates, an access token, and keep it on a private network. The author states plainly that this is meant for authorized research and defense analyst work, not for general use against systems the operator does not control.
A red team tool with a Rust Windows client and a Go server that lets an authorized operator view and control a Windows desktop remotely over an encrypted connection.
Mainly Rust. The stack also includes Rust, Go, WebSocket.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.