xpctl is a Python CLI and library for managing a Windows XP target over either a
direct TCP agent or SSH. It packages the agent, the transport clients, and the
higher-level reverse-engineering helpers in one installable project.
- A Python API for executing commands, transferring files, and managing the agent
- A Click-based CLI for day-to-day operations
- A packaged Python 3.4-compatible XP agent
- Reverse-engineering helpers for debugger, COM, memory, and GUI workflows
- GitHub Actions for CI, docs deployment, and automated releases to PyPI
- A devcontainer for contributor onboarding
pip install xpctlxpctl configure
xpctl --helpFor development:
python3.14 -m venv .venv
. .venv/bin/activate
pip install -e ".[dev,docs]"The repository includes .python-version pinned to 3.14.3 so tools like
pyenv and pipenv resolve a consistent default interpreter. The package
targets the latest three CPython releases and currently supports Python 3.12+ at
runtime.
Common commands:
xpctl configure --profile lab
xpctl setup bootstrap
xpctl ping
xpctl --profile lab ping
xpctl --profile lab ps
xpctl --profile lab upload ./local.bin "C:\\xpctl\\tmp\\local.bin"
xpctl --profile lab agent statusxpctl configure behaves like aws configure: it walks through host, port,
username, password, and transport settings, validates the connection live, and
writes profiles to ~/.xpcli/config.
The repo keeps Windows XP tooling archives under installs/.
python-3.4.10.zip: Python 3.4.10 for Windows XP. This is an unofficial build kept here because a Python 3.4-compatible runtime is needed for the XP agent.setup-x86-2.874.exe: Cygwin setup bootstrap pinned to a Windows XP-era snapshot. The XP bootstrap batch installs fromhttp://ctm.crouchingtigerhiddenfruitbat.org/pub/cygwin/circa/2016/08/30/104223/.ollydbg-1.10.zip: OllyDbg 1.10.x64dbg-2025.08.19.zip: x64dbg snapshot based on the 2025.08.19 release. This is the last working release I could find.windbg: placeholder, archive to be added later.cdb: placeholder, archive to be added later.
If you need to bring up a fresh XP VM, generate a local bootstrap bundle:
xpctl setup bootstrapThat writes artifacts/xp-bootstrap/ with:
bootstrap_xpctl.batpython-3.4.10.zipsetup-x86-2.874.exeagent.py
Copy that directory onto the XP machine and run bootstrap_xpctl.bat as an
administrator:
cd D:\xp-bootstrap
bootstrap_xpctl.batThe batch file performs the following steps:
- Installs Cygwin packages (bash, openssh, unzip, curl) from a pinned 2016 HTTP mirror
- Unpacks and installs Python 3.4.10 to
C:\Python34 - Installs the Visual C++ runtime
- Configures the Cygwin
sshdservice (user:cyg_server, password:xpctl-sshd) - Copies the packaged agent to
C:\xpctl\agent.pyand starts it on port9578 - Opens firewall ports for SSH (22) and the agent (9578)
The script waits up to 30 seconds for the agent to begin listening before
exiting. Once it completes, you can connect from your host with xpctl ping.
make install
make lint
make test
make build
make docsThe docs are built with MkDocs Material and are intended to be published through GitHub Pages.
Releases are published through .github/workflows/release.yml. That workflow
uses debaser to generate a deterministic
human-readable release name from the Git SHA.
Pushes to main automatically cut a patch release unless the commit is already a
generated Release v... commit. Manual annotated v<version> tags still publish
through the same workflow, which keeps PyPI trusted publishing pinned to a
single workflow file.
Local release flow:
brew install debaser
make release BUMP=patchThat command:
- bumps
src/xpctl/__about__.py - creates a commit and annotated
v<version>tag - pushes the branch and tag when a remote is configured
The release workflow then:
- validates the version/tag match
- builds the wheel and source distribution
- publishes the package to PyPI
- creates a GitHub Release with a
debaser-generated title
Documentation sources live under docs/ and are
published to GitHub Pages from .github/workflows/docs.yml.
src/xpctl/ Public package
docs/ GitHub Pages documentation
scripts/ Development and workflow helpers
tests/ Test suite
.devcontainer/ Reproducible contributor environment