Displaying 1 to 15 from 15 results

botnets - This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

  •    C++

Many projects are duplicates or revisions of each other. Many of them have outdated depedencies. My goal is to collectively put them together so that they are compilable and help people interested in malware research analyze them and learn from these samples.

linux.mirai - Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

  •    C

Uploaded for research purposes and so we can develop IoC's and such. See "post.txt" (transcribed in post.md) for the post in which it leaks, if you want to know how it is all set up and the likes.

diskover - File system crawler, disk space usage, file search engine and file system analytics powered by Elasticsearch

  •    Python

diskover is an open source file system crawler and disk space usage software that uses Elasticsearch to index and manage data across heterogeneous storage systems. Using diskover, you are able to more effectively search and organize files and system administrators are able to manage storage infrastructure, efficiently provision storage, monitor and report on storage use, and effectively make decisions about new infrastructure purchases. As the amount of file data generated by business' continues to expand, the stress on expensive storage infrastructure, users and system administrators, and IT budgets continues to grow.

GoBot2 - Second Version of The GoBot Botnet, But more advanced.

  •    Go

After seeing another users Go based botnet i wanted to do more work on my GoBot, But i ended up building something a bit more. There is issues with this but it more of a advanced PoC.... I am not a good coder but i was able to make this buy doing some basic reading online. There was more i wanted to do with this project but i stopped, I am getting out of making Malware and virus's... I am going to move on to more legitimet things. Though i will be posting some of my old projects on my Github, and most of witch are malevolent i am putting them here to make it simpler for the 'good guys' to fight them and there kin. The C&C is a program, You can compile it for Windows, Linux, Mac systems. Its a self-running web-server that handles all connections on the selected port in the settings. it will serve the HTLM C&C to a connector if you allow it and it saves data about account, bots and commands as a SQL database and bots files (screenshots, keylogs, ect) as file under the bots own "Profile" You can control the botnet from the program(more secure) or control it from the HTML C&C. The C&C's program is extremely stable, Go based servers are know for handling millions or requests at once without fail, just make sure you have a good connection. The C&C has a build in hard-coded login (kinda like a Backdoor) you can use if you 'forgot' the account login. the C&C can have any number of accounts. With it being a self-contained program this removes the issue of SQLi attacks on the C&C so its more SECURE. The C&C can also run inside a Tor Hidden service if configured right and the client (bot) can connect to it using a onion.to or onion.cab forwarder if needed. Tor can also be used by the bot via a SOCKS proxy... Simple to do, Google it.




python-medusa - :snake: Python IRC botnet for controlling Mac OS X computers! (defeated by SIP & Gatekeeper)

  •    Python

Don't worry this bot is not a danger to anyone. It would be incredibly difficult to install it on anyone's computer these days as you'd have to disable SIP & Gatekeeper.If you somehow got this bot unintentionally, please remove it, it's not meant to be a virus.

hontel - Telnet Honeypot

  •    Python

HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment. Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default root:123456 to some arbitrary values (options AUTH_USERNAME and AUTH_PASSWORD), custom Welcome message can be changed from default (option WELCOME), custom hostname (option FAKE_HOSTNAME), architecture (option FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH), location of downloaded binary files dropped by connected users (option SAMPLES_DIR), etc.

mesh-botnet - :snake: Proof-of-concept python IRC botnet for orchestrating macOS computers (harmless due to SIP & Gatekeeper)

  •    Python

python-medusa is a demo of simple intrusion and virus building concepts introduced in the book "Violent Python", to be run on the test bed provided by mesh-networking. The book is a a funny overview of Python & system security by a US Military Paratrooper, and I highly recommend checking it out. This is an ideal demonstration of the mesh-networking project because it needs a large, organic, networked app to show off its true capability. It would be incredibly difficult to install or get away with using this for malicious purposes in the real world. It makes no attempts to shield communications or evade filesystem detection in any way because the mesh-networking hosts are not adversarial and do not have any of the protection measures like SIP or Gatekeeper.

vinchuca - A resilient peer-to-peer botnet agent in .NET

  •    CSharp

Have some fun and explore the techniques used by popular botnet like Zeus Game Over. Vinchuca is only developed during vacations. Anyway, you are welcome to contribute code. You can send code both as a patch or a GitHub pull request.


mirai - Mirai related codes and stuff

  •    C

This is the source code of Mirai source which was used to attack against Krebs On Security recently. The code was released on Hack Forums. Here's a post on Krebs On Security. Disclaimer: Not my original work. For educational purposes.

doxycannon - A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy

  •    Python

Doxycannon takes a pool of OpenVPN files and creates a Docker container for each one. After a successful VPN connection, each container spawns a SOCKS5 proxy server and binds it to a port on the Docker host. Combined with tools like Burp suite or proxychains, this creates your very own private botnet on the cheap. Use the --single flag to bring up your proxies and create a proxy rotator.

distributed-password-cracking - Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes 😲

  •    Javascript

Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes. Embedding a hidden <iframe> to a website will automatically add a visitor's browser as a node in a password cracking botnet. Their browser will received MD5 hashes and password candidates from a command-and-control server and report back any passwords it cracks for the duration of the time the visitor is browsing the "infected" website. This is proof-of-concept code for the Browser as Botnet talk (video) at Radical Networks 2017. As such, it is not optimized. There are far more efficient ways to crack passwords if that is your goal. This project is intended to illustrate how compute jobs can be massively distributed across browsers.

T2B-framework - Cross-Platform Post Exploitation Toolkit

  •    Python

Merge the power of Python with the anonymity of Tor. In windows-client the cert is not required because when you compile and deliver it, it can't extract the cert file because (and at the moment of writing I don't know why) it will run in C:\Windows\System32 instead of C:\Path\to\file.exe.

Javascript-Botnet-C-Sharp - This is a plugin for the c# R

  •    CSharp

This is a plugin for the c# R.A.T Server providing extension to javascript based browser botnets