/botHunter

Scans the internet for open FTP servers looking for common malware bot droppers and grabs them for sampling. Also provides support for uploading samples to VirusTotal

Primary LanguagePython

botHunter

Scans the internet for open FTP servers looking for common malware bot droppers and grabs them for analysis. Downloads stored in output/ dir.

Scanning based on https://github.com/kennell/ftpknocker Copyright (c) 2014, kevin@fileperms.org All rights reserved.

Bot Hunting capabilities added by Hunter Gregal

##Requirements

The netaddr module must be installed, on Debian/Ubuntu systems simply run:

sudo apt-get install python-pip
sudo pip install -r requirements.txt

##Install

Clone this repository or save botHunter.py on your machine and make it executable:

wget https://github.com/huntergregal/botHunter/botHunter.py
chmod +x ./botHunter.py

##Usage

usage: botHunter.py [-h] [-t MAXTHREADS] [-w TIMEOUT] [-s]
                     [targets [targets ...]]

positional arguments:
  targets

optional arguments:
  -h, --help            show this help message and exit
  -t MAXTHREADS, --threads MAXTHREADS
                        Number of threads to use, default is 10
  -w TIMEOUT, --wait TIMEOUT
                        Seconds to wait before timeout, default is 2
  -s, --shuffle         Shuffle the target list

##Examples

The syntax for specifying targets is similar to nmap. Here are some examples:

Scan three individual IPs:

./botHunter.py 192.168.1.1 192.168.1.2 192.168.1.3

Scan an entire IP-block using CIDR notation (in this example, all hosts from 192.168.1.1 - 192.168.1.254 will be scanned, a total of 254 hosts):

./botHunter.py 192.168.1.0/24

Feed targets from a other programm using a pipe (must be IPs, seperated by newlines!):

cat mytargets.txt | ./botHunter.py