{% extends "layout.html" %}
{% block main %}
Disclaimer: This project should be used for authorized testing or educational purposes only.
BYOB is an open-source project that provides a framework for security researchers and developersto build and operate a basic botnet to deepen their understanding of the sophisticated malwarethat infects millions of devices every year and spawns modern botnets, in order to improve theirability to develop counter-measures against these threats.
It is designed to allow developers to easily implement their own code and add cool newfeatures without having to write a RAT (Remote Administration Tool) or aC2 (Command & Control server) from scratch.
The RAT's key feature is that arbitrary code/files can be remotely loaded into memoryfrom the C2 and executed on the target machine without writing anything to the disk.
Supports Python 2 & 3.
Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules
./byob/modules/
directoryautomatically becomes remotely importable & directly usable by every client whileyour command & control server is running./byob/modules/
directory to make writingyour own modules a straight-forward, hassle-free processPost-exploitation modules that are remotely importable by clients
byob.modules.keylogger
): logs the user\u2019s keystrokes & the window name enteredbyob.modules.screenshot
): take a screenshot of current user\u2019s desktopbyob.modules.webcam
): view a live stream or capture image/video from the webcambyob.modules.ransom
): encrypt files & generate random BTC wallet for ransom paymentbyob.modules.outlook
): read/search/upload emails from the local Outlook clientbyob.modules.packetsniffer
): run a packet sniffer on the host network & upload .pcap filebyob.modules.persistence
): establish persistence on the host machine using 5 different methodsbyob.modules.phone
): read/search/upload text messages from the client smartphonebyob.modules.escalate
): attempt UAC bypass to gain unauthorized administrator privilegesbyob.modules.portscanner
): scan the local network for other online devices & open portsbyob.modules.process
): list/search/kill/monitor currently running processes on the hostbyob.modules.icloud
): check for logged in iCloud account on macOSbyob.modules.spreader
): spread client to other hosts via emails disguised as a plugin updatebyob.modules.miner
): run a cryptocurrency miner in the background (supports Bitcoin & Litecoin)Command & control server with persistent database and console
Core framework modules used by the generator and the server
byob.core.util
): miscellaneous utility functions that are used by many modulesbyob.core.security
): Diffie-Hellman IKE & 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)byob.core.loaders
): remotely import any package/module/scripts from the serverbyob.core.payloads
): reverse TCP shell designed to remotely import dependencies, packages & modulesbyob.core.stagers
): generate unique payload stagers to prevent analysis & detectionbyob.core.generators
): functions which all dynamically generate code for the client generatorbyob.core.database
): handles interaction between command & control server and the SQLite databasebyob.core.handler
): HTTP POST request handler for remote file uploads to the server