<br /> <div align="center"> <a href="https://github.com/r3nt0n/zombiegang"> <img src="https://github.com/r3nt0n/zombiegang/blob/master/img/logo.svg" alt="Logo" width="80" height="80"> </a> <h3 align="center">zombiegang</h3> <p align="center"> The extensible botnet framework <br /> <a href="#-getting-started"><strong>Explore the docs »</strong></a> <br /> <br /> <a href="#-getting-started">Kickoff</a> · <a href="https://github.com/r3nt0n/zombiegang">Report Bug</a> · <a href="https://github.com/r3nt0n/zombiegang">Request Feature</a> </p> </div>  <details> <summary>Table of contents</summary> <ol> <li> <a href="#-about-the-project">📖 About the Project</a> <ul> <li><a href="#built-with">Built with</a></li> </ul> </li> <li> <a href="#-getting-started">✨ Getting started</a> <ul> <li><a href="#-download-and-setup">🚀 Download and setup</a></li> <li><a href="#-start-cc-server">🕸️ Start cc-server</a></li> <li><a href="#-start-zombie-client">🧟 Start zombie client</a></li> <li> <a href="#-start-master-client">🧙‍♂️ Start master client</a> <ul> <li><a href="#web-client">web client</a></li> <li><a href="#cli-client">cli client</a></li> </ul> </li> </ul> </li> <li> <a href="#-tools-and-attacks">🎨 Tools and attacks</a> <ul> <li><a href="#keylogger-module">Keylogger module</a></li> </ul> </li> <li><a href="#-roadmap">🚧 Roadmap</a></li> <li> <a href="#-contributing">🌍 Contributing</a>  </li> <li><a href="#-changelist">📋 Changelist</a></li> <li><a href="#-contact">📇 Contact</a></li> <li><a href="#-acknowledgments">💎 Acknowledgments</a></li> <li><a href="#-legal-disclaimer">⚖️ Legal disclaimer</a></li> <li><a href="#-license">📙 License</a></li> </ol> </details>

📖 About the Project

Zombiegang is a botnet framework written mostly in Python and PHP. It supports asynchronous communication between cc and zombies, remote-shell live sessions and task scheduler. It also has a plugin manager, which comes with some modules pre-included to perform most typical attacks (DDoS, bruteforce and keylogger). This modular approach allows anyone to extend features by writing his own modules (I will appreciate any contribution).

The Command and Control server is a semi-CRUD API written in php, which manages database read/write operations and authentication. This schema also allows to separate the front-end, which resides entirely in the client used by masters.

Several kind of clients could be used to admin the botnet, and several kind of "zombie-clients" could co-exists too.

master clients: cli and web-based. The webclient is a light flask app focused on browse db info and schedule tasks. The cli client is intended to run remote-shell live sessions with one or more zombies simultaneously. Both of them support proxy configuration to reach cc-server anonymously.
zombie clients: by now, we only have a python client. Take note that you can write a zombie in the programming language of your preference, you just need to write a simple http client to communicate with API and maybe add some "zombie routines" (you can take the python client as an example). Again, any contribution would be welcome.

Built with

[![PHP][PHP-badge]][PHP-url]
[![MariaDB][MariaDB-badge]][MariaDB-url]
[![Python][Python-badge]][Python-url]
[![Flask][Flask-badge]][Flask-url]
[![Jinja][Jinja-badge]][Jinja-url]
[![JavaScript][JavaScript-badge]][JavaScript-url]
[![Jquery][Jquery-badge]][Jquery-url]

✨ Getting started

This is just a simple way to kickstart all the initial stuff. Obviously, in production environments you can use separate servers for DB and CC, and replace the http server for something like Apache or Nginx.

🚀 Download and setup

Download zombiegang framework

git clone https://github.com/r3nt0n/zombiegang.git

Create database

# step 1 and 2 are optional, only if mariadb not installed yet
sudo apt-get install mariadb-server, mariadb-client
sudo mysql_secure_installation
# change db default password and creates db structure
cd cc-server
nano api/config/data/init.sql
sudo ./initdb

Create your master profile

# log into mariadb with the password you just set in init.sql
mariadb -u zgang -p
use zgang;
insert into Masters SET username = '<your-username>', public_key = '<public-key>';
exit

Note: By now, when creating the new row you shouldn't specify any password, we will create it later. As another note, the public_key can be an empty string, since PKI logic isn't implemented yet.

Optional: if you want to dump some mocked zombies into db for testing purposes, execute this file:

./dump-testdata

🕸️ Start cc-server

Now you need to start the http server that will act as a proxy, allowing masters and zombies to interact with this db.

When editing database.php, you must set an IP/hostname pointing to db in $host, and the password you have just created to access it in $password (optional, if you changed db name and/or db user defaults, updates $db_name and $db_user too).

When editing core.php, you must change $key to a random string of your choice. This value is used for JWT tokens encode/decode operations.

cd cc-server
# Edit this file to match your db config
nano api/config/database.php
# and create your own secret-key
nano api/config/core.php 

# For testing purposes, you can use the simple http server provided by php
sudo php -S 127.0.0.1:8080

Now you should have the cc-server listening on port 8080 and connected to the database created before.

Note: You can disable masters access logging in core.php

🧟 Start zombie client

# install zombieclient dependencies 
cd zombie-client
pip install -r requirements.txt 

# edit config to set cc-server url
nano app/config.py

# to run the zombieclient
python3 run.py

When editing config.py, you need to set self.credentials['cc_url'] to the URL and path that point to api dir located in your cc-server:

self.credentials = {'cc_url': '<your-url>'}
# example:
self.credentials = {'cc_url': 'http://192.168.1.131/api'}

After run the zombie you should have an output similar to this:

<div align="center"><img src="https://github.com/r3nt0n/zombiegang/blob/master/img/zombie_first_wakeup_example.png" /><p style="font-decoration: italic;">zombie first wake up</p></div>

Although it may seem like an error, this is expected behavior. Actually, the zombie has successfully created its user but, until we "allow it to enter", he will not be converted to zombie and will not be able to log in with that role into the cc server. We will cover how to accept zombies into the botnet using the master-client.

Zombies will send info about themselves on every boot and check regularly for new tasks, they just keep asking and serving to the cc-server forever (in fact, until you kill this process).

In real scenarios, you will also need persistence, obfuscation and probably compilation (since Python is not available by default on most systems).

🧙‍♂️ Start master client

web client

# install masterclient (web-client) dependencies 
cd master-client
pip install -r requirements.txt 

# to run the masterclient (web-client)
./run.sh

Now you should have a Flask app running and listening on port 5000. Browse to http://localhost:5000 and check it. Once inside, you will see something like a desktop. You can enable/disable proxy configuration and login to the botnet with the aproppiate software (proxy.exe and zgang.exe).

If you want to cover your trace, use the built-in proxy tool to connect to cc-server through the socks5 proxy of your choice:

<br> <div align="center"><img src="https://github.com/r3nt0n/zombiegang/blob/master/img/proxy_example.png" /><p style="font-decoration: italic;">proxy configuration example</p></div> <br>

On this stage you are going to create your master password: with zgang.exe, create a user with the same name used in your master profile. Now you are logged in as master and can start to admin the botnet.

Note: Mozilla Firefox and Chromium are the recommended browsers, any other could work but won't be officially supported. Some visual features (e.g.: emojis, form elements...) could vary across different browsers.

<br> <div align="center"><img src="https://github.com/r3nt0n/zombiegang/blob/master/img

Zombiegang

Install / Use

README