Merge the power of Python with the anonymity of Tor.
Everything is almost under development, so please write to me for any of it
In windows-client the cert is not required because when you compile and deliver it, it can't extract the cert file because (and at the moment of writing I don't know why) it will run in C:\Windows\System32 instead of C:\Path\to\file.exe.
- Correct change directory
- Reg key (you need to put the file name in the variable)
- 14/04/17:
- Added
evade std sandbox: thanks to Markacho, now the program will wait for left click and then proceed
- Added
- 12/10/16:
- Added v3: now you can handle and choose multiple clients
- 11/10/16:
- Added ASCII-ART
- 28/08/16:
- Fixed Reg key: thanks to ajinabraham
- Added Hide Window: thanks to ajinabraham
- 30/07/16:
- Added
mapMefunction, now you locate the target as Google does. You've to setup a Google Maps Api Key, more info here. Yes, you've some limits but 2500 requests per day is a nice rate (VT has 4 per day). At the moment of writing it's not tested on Windows/Mac.
- Added
- 29/07/16:
- Added
DownHTTPfunction to download file from given url
- Added
- 28/07/16:
- Added windows hook that works like on Linux (working on for Mac)
- 27/07/16:
- Introcuted v2: many changes have come, added a lot of nice function (keylogging, extracting passwd from Firefox ...)
- For a matter of compatibility I decided to write specific code for specific platforms (introducing Linux-Client, Windows-Client and Mac-Client)
- 21/07/16:
- Corrected
HOOK: now the script is handled with threads, no more external scripts or whatever. At the momentHOOKworks only in Linux (that's why LinuxHOOKER), working on for windows. - Added
RunMe.sh: automated tool to setup the HS, certificate and all the necessary - Added
VirusTotal check: once the program is started, itself check is recognised as malware in the Database of VirusTotal. Note that if the file was never scanned before, VT reports an "error". You have to register on VT to get an api key, here for more infos. - Added
HOOKfunction: still in dev. Thanks to JeffHoogland for pyxhook, at the time of writing you can check if hook is running or not, and if you want stop it. - Added
certificate auto extractor: if the certificate.pem is not present in the directory, it'll extract form the code. - Fixed
s-wifi: Thanks to netifaces now you can check what netifaces are present and than choose the wifi card, no more if/ip-config.
- Corrected
- 14/07/16:
- Added
LinuxAutoStart: this will add a hidden .desktop in ~/.config/autostart/, and hidden in StarUp applications; - Added
WindowsAutoStart: this will add a new reg key for the file, and set it hidden (actually not tested at the time of writing) - Added
FirefoxThief: this will dumpkey3.db,logins.jsonandcert8.dbfrom the specified directory. So then you can extract the passwd.
- Added
- 29/05/16:
- Upgraded progress bar, thanks to tqdm
- Added HMAC (coming for transfered files)
- Added PBKDF to sign the hash of the files
- 24/05/16:
- Added
protectfunction, now you can encrypt & decrypt every file that you downloaded (in both directions) so you can keep safe your secrets (soon I'll add, obviously, HMAC)
- Added
- 05/05/16:
- Added
s-wifithat let you to scan the remote Wifi network; - Added
infothat let you retrieve some information about the target, like IP address and other OS information;
- Added
- 21/04/16: Created v1 because reinvent the wheel is helpful but not useful. So added TLS/SSL support to make a sense of real security. At the time of writing I'm using ssl std lib., but if there is a why that I shouldn't use it please tell me.
This project aims to administrate a network of compromised hosts, keeping your identity private (thanks to Tor) and your connections secure (thanks to TLS/SSL). For many times botnets get stuck because the main servers became compromised, but this framework will let you keep yours C&C safe and alive (well, this will do its best).
Another problem is that you let unauthorized users to reach your server, even without the cert or whatever. If I now your hostname/IP/whatever I can reach you. But Tor has the solution (that, as far as I know, clearnet hasn't). I'm referring to HiddenServiceAuthorizeClient and HidServAuth, if you set these properly, see here, your Master server will be more stealth than ever and it won't suffer ddos attack, or any other type of it. Because this is a feature of Tor, of the protocol and not of the software (T2B-framework). So from now on, you'll setup a "firewall" between you (Master) and your bots. The new firewall will be just a node from you and your bots, that will filter "legit" client from attackers. But for this we all will wait. News are coming, changes are coming.
Started looking for one... ended up writing one.
- Linux, Mac or Windows (not completely tested tested)
- Python 2.7
- Tor and a HS.
- Clint: Python Command-line Application Tools
- Colored
- GeoIP and the DB
- Wifi, a Python interface
- OpenSSL to generate Private Key and Cert
- tqdm
- getpass
- simplejson
- netifaces (for Linux and Mac wifi)
- PyWiWi (for Windows wifi)
- pyHook (for Windows hook)
- pywin32 (for Windows hook)
- Install Tor and initialize a HS
- Generate a S.S.C. (Self-Signed-Certificate) with Openssl (you can use the priv key of the HS)
- Modify the variables of the S.C. as you like (host, port, etc..)
- Install GEOIP2, and download the database
- run
pip install -r requirements - Install external (github) dependencies
I found a lot of code all over the web, so as soon as possible I'll add the reference to the main authors. Last but not least, many people inspired me but citing everyone will crush the net.
- Progress bar when uploading files, is not so progress
- When you execute
FirefoxThief, from the downloaded data you can extract only the new logins. I mean, if the target sync passwd/cookie/etc.. with the Firefox account, you can extract only the logins creds since that sync. The old creds can't be extracted (at the time of writing, looking for the solution)
I'm NOT responsible for damages did by the abuse of this software.
You can find me on Twitter