whatisgithub

What is thefatrat?

screetsec/thefatrat — explained in plain English

Analysis updated 2026-06-24

11,221CAudience · ops devopsComplexity · 4/5Setup · moderate

In one sentence

A Linux penetration testing tool that automates generating remote-access payloads for Windows, Android, Mac, and Linux targets by wrapping MSFvenom and Metasploit, for authorized security testing only.

Mindmap

mindmap
  root((repo))
    What it does
      Generates payloads
      Sets up listeners
      Automates MSFvenom
    Target platforms
      Windows and Android
      Mac and Linux
    Features
      File embedding
      USB autorun files
      Auto IP detection
    Requirements
      Linux host
      Metasploit installed
      Authorized use only
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Generate a remote-access payload for a Windows target during an authorized penetration test.

USE CASE 2

Embed a test payload inside an existing application file to simulate a social-engineering attack scenario.

USE CASE 3

Set up a Metasploit listener and test USB autorun payloads as part of a physical access security assessment.

What is it built with?

CShellMetasploit

How does it compare?

screetsec/thefatratapple/darwin-xnulibvips/libvips
Stars11,22111,23711,310
LanguageCCC
Setup difficultymoderatehardmoderate
Complexity4/55/53/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Metasploit Framework and several Linux dependencies installed via the provided setup script.

So what is it?

TheFatRat is a Linux-based tool used in penetration testing and security research that automates the process of generating executable payloads. A payload here is a small program that, when run on a target machine, establishes a remote connection back to the tester's system, allowing them to interact with that machine. The tool wraps around MSFvenom and Metasploit, which are established penetration testing frameworks, to make payload creation faster and more menu-driven. The tool can produce payloads targeting Windows, Android, Mac, and Linux systems in various file formats. It also includes options for embedding a payload inside an existing application file, setting up a listener that waits for incoming connections, and detecting your external IP address automatically. A file size tool is included for padding files. There is also support for creating USB autorun files used in physical access testing scenarios. The README states the tool is intended for educational purposes and for use only against systems the user has explicit permission to test. Unauthorized use against systems without consent is described as illegal, and the developers disclaim responsibility for misuse. Installation runs through a shell script that handles dependencies. A separate diagnostic script is provided to check whether all required components installed correctly. The README links to documentation in the Certified Ethical Hacker curriculum and to several tutorial videos demonstrating different use cases. The project is available in BlackArch, a Linux distribution focused on security testing tools. It is written primarily in C and shell scripting.

Copy-paste prompts

Prompt 1
I'm doing an authorized pentest on a Windows target. Show me how to use TheFatRat to generate an MSFvenom payload, set up the listener, and catch the connection.
Prompt 2
How do I embed a TheFatRat payload inside a legitimate-looking Android APK for an authorized mobile security test?
Prompt 3
I've installed TheFatRat but the diagnostic script reports missing components. Walk me through fixing common dependency issues on Kali Linux.

Frequently asked questions

What is thefatrat?

A Linux penetration testing tool that automates generating remote-access payloads for Windows, Android, Mac, and Linux targets by wrapping MSFvenom and Metasploit, for authorized security testing only.

What language is thefatrat written in?

Mainly C. The stack also includes C, Shell, Metasploit.

How hard is thefatrat to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is thefatrat for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.