-
Modern Cross-Platform HTTP-Based P2P Botnet over TOR that cannot be traced nor taken down.
-
Design is based off "zero-trust" even malicious peers cannot do any damage while protecting operator identity. for more information check wiki
-
Pitraix is able to handle millions of hosts
-
You can run Pitraix on a toaster and it will still work just as good with said millions of hosts.
-
Pitraix has ability to self-modify own code which results in a completely different executable in terms of hash on every new infection, This means security researchers tracking infections via virustotal and similar are no longer a threat. This also means Anti-Malware cannot detect it. All is done automagically and does not need operator intervention.
-
Pitraix has EternalBlue, Follina and UACME 0-days built-in to automagically spread, also has the ability to self-spread to the Host's email and social media contacts.
-
Pitraix works on Windows 7 all way to Windows 11 as well as linux
-
it has ability to automagically privilege escalate in both platforms
-
on Linux it does by keylogging password when the host uses "sudo" or "doas"
-
on Windows it uses a modified version of UACME (work in progress)
-
Mac and *BSD support is work in progress
- Pitraix automagically chooses different persistence locations on every host as well as names of config file, pitraix name it's self and more are all dynamically generated to confuse anti-viruses
-
All pitraix communications happen over the TOR network and never on clearnet
-
Pitraix is coded in Golang which is memory safe, statically linked, and real fast. it's used by important companies such as: Google, Banks, Cloudflare, etc. It uses the same libraries used by those companies, thus guaranteed safe code.
-
Hosts (bots) don't know each other. Not even their TOR onion address
-
Agents are Hosts that have been given TOR onion addresses of other Hosts, Agents relay instructions from Operative to Hosts. for more techincal information check the wiki
-
Operatives appear to others as infected computers, This is to protect against targeted network timing and packets attacks over TOR
-
State-of-art encryption using AES-256 and Public-Key cryptography
-
Peer-to-Peer over TOR
-
Dynamic behaviour
-
Built-in crypter
-
Built-in 0-Days
-
Built-in RDP over TOR (even works on linux too!)
-
Built-in keylogger that only picks interesting things
-
Built-in ransomware that is incredibly fast and never stores keys on HOST (I am not responsible how you use this)
-
Auto disable backup like Volume Shadow Copy, OneDrive and Windows Backup
-
Auto spreading to USBs, modified version of EternalBlue, and bunch other 1-days (work in progress)
-
Auto privilege escalate on Windows and Linux!
-
Can hide from ALL system monitoring tools on Linux! (uses LD_PRELOAD)
-
Ability to hijack crypto addresses in clipboard
-
Readiable code easy to modify, not alot of scattered files
-
Colorful terminal-based interface for operatives
-
ZERO read/write to registry, thus lower detection
-
Time-based Anti-Debugging detection
-
Advanced VM detection
-
Extremely low system and internet requirements
-
Ability to capture Events. Events are anything interesting that happens on a host computer, currently it's tied only to keylogger
-
Ability to capture Logs. Logs are mainly used for debugging behaviour and errors
Picture of working OPER
-
For my GPG key please check gpg.asc
-
Anyone who claims to be me and have not signed a message with my key is NOT me
-
if you'd like to support me to keep updating, best way is via crypto.
-
Monero:
85HjZpxZngajAEy2123NuXgu1PnNyq2DLSkkr93cyT8QQVae1GruhL4hHAtnaFqeCF7Vo9eW2P11Sig8DDqzVzCSE95NaW6
-
Bitcoin (segwit):
bc1q2dqk9u06vv2j5p6yptj9ex7epfv77sxjygnrnw
- Downloaded from Releases and not master
- Read the wiki for information on how to set up and use properly
- Type "help" in OPER for list of commands
- Please read Techincal Info for list of terms and their respective meaning alongside tons of useful information for anybody even thinking of editing source code
- Speed may vary due TOR network, TOR is expected to be upgraded soon and thus speed should be greatly improved then
- TOR binary from the Tor Project (which Pitraix uses) is signed and thus does not affect detection rate negatively.
I am not responsible for any damage you do using this!