{% extends "layout.html" %} {% block main %}


Documentation

Interested in the code? It's open-source

license version build

Disclaimer: This project should be used for authorized testing or educational purposes only.

BYOB is an open-source project that provides a framework for security researchers and developersto build and operate a basic botnet to deepen their understanding of the sophisticated malwarethat infects millions of devices every year and spawns modern botnets, in order to improve theirability to develop counter-measures against these threats.

It is designed to allow developers to easily implement their own code and add cool newfeatures without having to write a RAT (Remote Administration Tool) or aC2 (Command & Control server) from scratch.

The RAT's key feature is that arbitrary code/files can be remotely loaded into memoryfrom the C2 and executed on the target machine without writing anything to the disk.

Supports Python 2 & 3.

Client

client

Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules

  1. Remote Imports: remotely import third-party packages from the server without writing themto the disk or downloading/installing them
  2. Nothing Written To The Disk: clients never write anything to the disk - not even temporary files (zero IOsystem calls are made) because remote imports allow arbitrary code to bedynamically loaded into memory and directly imported into the currently runningprocess
  3. Zero Dependencies (Not Even Python Itself): client runs with just the python standard library, remotely imports any non-standardpackages/modules from the server, and can be compiled with a standalone pythoninterpreter into a portable binary executable formatted for any platform/architecture,allowing it to run on anything, even when Python itself is missing on the target host
  4. Add New Features With Just 1 Click: any python script, module, or package you copy to the ./byob/modules/ directoryautomatically becomes remotely importable & directly usable by every client whileyour command & control server is running
  5. Write Your Own Modules: a basic module template is provided in ./byob/modules/ directory to make writingyour own modules a straight-forward, hassle-free process
  6. Run Unlimited Modules Without Bloating File Size: use remote imports to add unlimited features without adding a single byte to theclient's file size
  7. Fully Updatable: each client will periodically check the server for new content available forremote import, and will dynamically update its in-memory resourcesif anything has been added/removed
  8. Platform Independent: everything is written in Python (a platform-agnostic language) and the clientsgenerated can optionally be compiled into a portable executable (Windows) orbundled into a standalone application (macOS)
  9. Bypass Firewalls: clients connect to the command & control server via reverse TCP connections, whichwill bypass most firewalls because the default filter configurations primarilyblock incoming connections
  10. Counter-Measure Against Antivirus: avoids being analyzed by antivirus by blocking processes with names of known antivirusproducts from spawning
  11. Encrypt Payloads To Prevent Analysis: the main client payload is encrypted with a random 256-bit key which exists solelyin the payload stager which is generated along with it
  12. Prevent Reverse-Engineering: by default, clients will abort execution if a virtual machine or sandbox is detected

Modules

modules

Post-exploitation modules that are remotely importable by clients

  1. Keylogger (byob.modules.keylogger): logs the user\u2019s keystrokes & the window name entered
  2. Screenshot (byob.modules.screenshot): take a screenshot of current user\u2019s desktop
  3. Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam
  4. Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment
  5. Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client
  6. Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file
  7. Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods
  8. Phone (byob.modules.phone): read/search/upload text messages from the client smartphone
  9. Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges
  10. Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports
  11. Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host
  12. iCloud (byob.modules.icloud): check for logged in iCloud account on macOS
  13. Spreader (byob.modules.spreader): spread client to other hosts via emails disguised as a plugin update
  14. Miner (byob.modules.miner): run a cryptocurrency miner in the background (supports Bitcoin & Litecoin)

Server

server

Command & control server with persistent database and console

  1. Console-Based User-Interface: streamlined console interface for controlling client host machines remotely viareverse TCP shells which provide direct terminal access to the client host machines
  2. Persistent SQLite Database: lightweight database that stores identifying information about client host machines,allowing reverse TCP shell sessions to persist through disconnections of arbitraryduration and enabling long-term reconnaissance
  3. Client-Server Architecture: all python packages/modules installed locally are automatically made available for clientsto remotely import without writing them to the disk of the target machines, allowing clients to use modules which requirepackages not installed on the target machines

Core

core

Core framework modules used by the generator and the server

  1. Utilities (byob.core.util): miscellaneous utility functions that are used by many modules
  2. Security (byob.core.security): Diffie-Hellman IKE & 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)
  3. Loaders (byob.core.loaders): remotely import any package/module/scripts from the server
  4. Payloads (byob.core.payloads): reverse TCP shell designed to remotely import dependencies, packages & modules
  5. Stagers (byob.core.stagers): generate unique payload stagers to prevent analysis & detection
  6. Generators (byob.core.generators): functions which all dynamically generate code for the client generator
  7. Database (byob.core.database): handles interaction between command & control server and the SQLite database
  8. Handler (byob.core.handler): HTTP POST request handler for remote file uploads to the server
{% endblock %}