This project is a ssh botnet, writen in python 2.7, that include a web panel that offers a few functionalities like network scan, brute force and ddos attacks, send files, execute of python scripts, etc. This code is for learning/researching purpose and I am not responsible for the illegal use of this software.
In the first place you must to have installed Python 2.7, pip and MongoDB >= 2.6.10 in your system.
You must run the following commands in your bash terminal:
sudo apt install libgeoip
And inside Octopus folder:
sudo pip install -r requirements.txt
After that you have to run register user script, in order to register a new user to access to web panel:
python registry_user.py
You must run the following command to run the application, Octopus have to run with sudo in order to use scapy:
sudo python octopus.py
This is going to be a brief explanation of each modules of Octopus botnet. The results will be show in the console, in the web panel and will be stored in the database too.
You can put in here an ip address, a range of ips or a CIDR block (max. length /8).
This is an implementation of the Shodan API. If you want to use this module you should put your Shodan API key inside modules/iotscanner.py.
This module will launch a brute force attack over ssh or ftp protocol. You can put an IP address as target or launch attack over all the hosts that have open port 22 in your database.
Here you can upload files or scripts to the server, in order to send it later to the bots.
You can select one file that will be send to the target. You can choose run the file if is it a python script.
Here will be list all the bots that you have registed in your database. In this botnet a host will we called bot when you have registed his ssh credentials in the database. You can select one or more bots and launch load file and run script functionality, ddos attack or cryptominer.
This module will be show your bots in the world map.
Here will be show to results of the differents modules.
Anyone that want to improve this project will be welcome :) .
- Twitter: @JaviMrSec