{"id":13721489,"url":"https://github.com/SaturnsVoid/GoBot2","last_synced_at":"2025-05-07T13:33:01.882Z","repository":{"id":47097121,"uuid":"85108778","full_name":"SaturnsVoid/GoBot2","owner":"SaturnsVoid","description":"Second Version of The GoBot Botnet, But more advanced.","archived":false,"fork":false,"pushed_at":"2021-09-24T22:41:14.000Z","size":140,"stargazers_count":701,"open_issues_count":4,"forks_count":266,"subscribers_count":40,"default_branch":"master","last_synced_at":"2024-02-14T06:36:09.941Z","etag":null,"topics":["bot","botnet","ddos-tool","go","golang","keylogger","malware","uac-bypass","virus","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SaturnsVoid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-15T18:42:49.000Z","updated_at":"2024-02-09T12:14:35.000Z","dependencies_parsed_at":"2022-09-03T21:45:22.717Z","dependency_job_id":null,"html_url":"https://github.com/SaturnsVoid/GoBot2","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SaturnsVoid%2FGoBot2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SaturnsVoid%2FGoBot2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SaturnsVoid%2FGoBot2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SaturnsVoid%2FGoBot2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SaturnsVoid","download_url":"https://codeload.github.com/SaturnsVoid/GoBot2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224604978,"owners_count":17339242,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","botnet","ddos-tool","go","golang","keylogger","malware","uac-bypass","virus","windows"],"created_at":"2024-08-03T01:01:17.793Z","updated_at":"2024-11-14T10:31:38.659Z","avatar_url":"https://github.com/SaturnsVoid.png","language":"Go","readme":"# New project: https://github.com/SaturnsVoid/Project-Whis\n\n# GoBot2\n\nAfter seeing another users Go based botnet i wanted to do more work on my GoBot, But i ended up building something a bit more. There is issues with this but it more of a advanced PoC.... I am not a good coder but i was able to make this buy doing some basic reading online. There was more i wanted to do with this project but i stopped, I am getting out of making Malware and virus's... I am going to move on to more legitimet things. Though i will be posting some of my old projects on my Github, and most of witch are malevolent i am putting them here to make it simpler for the 'good guys' to fight them and there kin.\n\n# C\u0026C Features:\n\n*   Written in Go\n*   Cross-Platform\n*   SQL Database for Information\n*   Secure Login System\n*   Hard-Coded Login System\n*   Simple to use HTML \u0026 CSS C\u0026C\n*   Console Based C\u0026C\n*   Tight Security (No PHP!)\n*   Encoded and Obfuscated Data\n*   HTTPS or HTTP\n*   Single, Selected, All Command Issuing\n*   User-Agent Detection\n*   More\n\n# Bot Features\n\n*   Safe Error Handling\n*   Have Unlimited Panels\n*   Encoding and Obfuscation\n*   Use HTTPS or HTTP\n*   Old (\u003e24Hr) Command Handling (Dont run commands that are old!)\n*   Run PowerShell Scripts (Via URL, Parameters Accepted)\n*   Advanced Torrent Seeder (uTorrent, BitTorrent Auto Download the client and runs hidden if needed)\n*   Drive Spreader (with Name list)\n*   Dropbox Spreader (with Name list)\n*   Google Drive Spreader (with Name list)\n*   OneDrive Spreader (with Name list)\n*   Advanced Keylogger (Handles all keys, Window Titles, Clipboard, AutoStart, +more)\n*   System Information (IP, WiFi, User, AV, IPConfig, CPU, GPU, SysInfo, Installed Software, .NET Framework, Refresher)\n*   Screen Capture (Compression, Timed Capture, +more)\n*   Download and Run (MD5 Hash Check, URL or Base64, Parameters, UAC Bypass, Zone Remover)\n*   DDoS Methods (Threaded /w Interval, HTTPGet, TCPFlood, UDPFlood, Slowloris, HULK, TLSFlood, Bandwidth Drain, GoldenEye, Ace)\n*   Bot Update (MD5 Hash Check, Admin, Zone Remover)\n*   UPnP (Open TCP/UDP Ports)\n*   Web-Server (Auto-UPnP port 80, Add/Edit Unlimited Pages)\n*   Add Programs to Windows Firewall\n*   HOST File Editor (Backup and Restore, Replace on Run, DNS Flusher)\n*   Remote CMD\n*   Detect Admin Rights\n*   Bot ID Generation (Never the same)\n*   Advanced Anti-Virus Bypass (Random Memory Allocation, Func HOP, Delays, Runtime Load DLLS /w Obf, Random Connection Times, + more)\n*   Advanced Anti-Debug (isDebuggerPresent, Proc Detection, IP Organization Detection, File Name Detection, Reaction System)\n*   Single Instance System\n*   Reverse HTTP Proxy (Conf. Port, backend Servers)\n*   Active Defense (Active Registry Defense, Active File Defense, Active WatchDog + more) Doesn't want to be killed.\n*   UAC Bypass (Work all versions and current version of Windows 10 Pro 64Bit)\n*   Advanced Install System (Dynamic Registry Keys, Dynamic File Names, Retain Admin Rights, Campaign Targeting (Only install in allowed Country's), Zone Remover, Adds self to Firewall)\n*   Uninstall System (Removes all Traces)\n*   Scripter (Batch, HTML, VBS, PS)\n*   Run Shellcode (ThreadExecute)\n*   Power Options (Shutdown, Restart, Logoff)\n*   Startup Error Message\n*   MessageBox (Returns Reply)\n*   Open Website (Visible/Hidden)\n*   Change Homepage\n*   Change Background (URL or Base64)\n*   Run .exe (UAC Bypass optimal)\n*   Kill Self\n*   Check if Proc is Running\n*   Hide Process /w Active Mode\n*   Disable/Enable (TaskManger, RedEdit, Command Prompt)\n*   File Dropper (Place evedence on pc with no traces where it came from /w dir selection)\n\n# Some Info about the C\u0026C\n\nThe C\u0026C is a program, You can compile it for Windows, Linux, Mac systems. Its a self-running web-server that handles all connections on the selected port in the settings. it will serve the HTLM C\u0026C to a connector if you allow it and it saves data about account, bots and commands as a SQL database and bots files (screenshots, keylogs, ect) as file under the bots own \"Profile\"  \nYou can control the botnet from the program(more secure) or control it from the HTML C\u0026C. The C\u0026C's program is extremely stable, Go based servers are know for handling millions or requests at once without fail, just make sure you have a good connection.  \nThe C\u0026C has a build in hard-coded login (kinda like a Backdoor) you can use if you 'forgot' the account login. the C\u0026C can have any number of accounts.  \nWith it being a self-contained program this removes the issue of SQLi attacks on the C\u0026C so its more SECURE.  \nThe C\u0026C can also run inside a Tor Hidden service if configured right and the client (bot) can connect to it using a onion.to or onion.cab forwarder if needed. Tor can also be used by the bot via a SOCKS proxy... Simple to do, Google it.\n\n# How to Build and Use\n\nBot Settings are located in \"Variables.go\" Server Setting are located in \"Server.go\"\n\nCompile GoBot.go with correct settings, Make a MySQL Database and import db file, Compile Server.go with correct settings\n\n*   go build -o GoBot.exe -ldflags \"-H windowsgui\" \"C:\\\\GoBot2\\\\GoBot.go\"\n*   go build -0 Server.exe \"C:\\\\GoBot2\\\\Console Server\\\\Server.go\"\n\nAlways compile with '-w -s' ldflags to strip any debug information from the binary.\n\n# Included Tools\n\n*   Tool for the project (Obfuscator (Char+1) and other crap. w/ source in VB.net)\n*   Downloader.go (GoLANG Download and Run Example)\n*   DownloaderWithUAC.go (GoLANG Download and Run Example with UAC Bypass)\n\n# Obfuscator\n\nIt not really a Obfuscator all it does it move the Char +1 to and A = B, C = D, ect. Simple but it will slow down people wanting to mess with the program and also programs that search for keywords...\n\n# Packages Used\n\n*   github.com/NebulousLabs/go-upnp\n*   golang.org/x/sys/windows/registry\n*   github.com/AllenDang/w32\n*   github.com/atotto/clipboard\n*   github.com/StackExchange/wmi\n\n# Images\n\n*   http://prnt.sc/d67nh5\n*   http://prnt.sc/d67ogh\n*   http://prnt.sc/d67oqh\n*   http://prnt.sc/d6esj3\n\n# Credits and Stuff\n\n*   https://github.com/decred/gominer\n*   https://github.com/robvanmieghem/gominer\n*   https://astaxie.gitbooks.io/build-web-application-with-golang/content/en/04.5.html\n*   http://www.adlice.com/runpe-hide-code-behind-legit-process/\n*   http://www.hacking-tutorial.com/tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/\n*   https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/\n*   https://mholt.github.io/json-to-go/\n*   https://sentinelone.com/blogs/anti-vm-tricks/\n*   http://hackforums.net/showthread.php?tid=5383448\n*   https://github.com/grafov/hulk\n*   https://github.com/nhooyr/dos\n*   https://github.com/marcelki/sockstress\n*   https://github.com/ammario/ssynflood\n*   https://github.com/matishsiao/goInfo/blob/master/goInfo_windows.go\n*   https://github.com/iamacarpet/go-win64api\n*   https://github.com/oneumyvakin/initme/blob/master/windows.go\n*   https://github.com/LOLSquad/DDoS-Scripts\n*   https://github.com/vbooter/DDoS-Scripts\n*   https://github.com/natefinch/pie\n*   https://www.windows-commandline.com/enable-remote-desktop-command-line/\n*   https://www.socketloop.com/tutorials/golang-secure-tls-connection-between-server-and-client\n*   https://github.com/lextoumbourou/goodhosts\n*   https://github.com/YinAndYangSecurityAwareness/dreamr-botnet\n*   https://github.com/mauri870/ransomware\n*   http://www.devdungeon.com/content/making-tor-http-requests-go\n*   http://www.darul.io/post/2015-07-22_go-lang-simple-reverse-proxy\n*   https://github.com/mauri870/powershell-reverse-http\n*   https://github.com/gh0std4ncer/lizkebab/blob/master/client.c\n*   https://github.com/EgeBalci/EGESPLOIT\n*   https://github.com/EgeBalci/HERCULES\n*   https://github.com/andrewaeva/gobotnet\n*   https://github.com/SaturnsVoid/GoBot\n*   https://github.com/petercunha/GoAT\n*   https://github.com/huin/goupnp\n*   https://github.com/ytisf/theZoo/tree/master/malwares/Source/Original\n*   https://github.com/malwares/Remote-Access-Trojan\n*   https://github.com/kardianos/service\n*   https://github.com/vova616/screenshot/blob/master/screenshot_windows.go\n*   http://hackforums.net/showthread.php?tid=5040543\n*   http://www.calhoun.io/5-useful-ways-to-use-closures-in-go/\n*   https://blogs.technet.microsoft.com/ilikesql_by_dandyman/2013/03/10/how-to-install-a-msi-file-unattended/\n*   https://github.com/tadzik/simpleaes\n*   https://guitmz.com/win32-liora-b/\n*   https://github.com/rk/go-cron\n*   https://breakingmalware.com/vulnerabilities/elastic-boundaries-elevating-privileges-by-environment-variables-expansion/\n*   https://breakingmalware.com/malware/ardbot-a-malware-under-construction/\n*   https://breakingmalware.com/malware/furtim-malware-avoids-mass-infection/\n*   https://www.pugetsystems.com/labs/support-software/How-to-disable-Sleep-Mode-or-Hibernation-793/\n*   https://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/TheresSomethingAboutWMIDevonKerr.pdf\n*   https://github.com/jasonlvhit/gocron\n\n# Other\n\nGo is a amazing and powerful programming language. If you already haven't, check it out; https://golang.org/\n\n# Donations\n\n![](https://blockchain.info/Resources/buttons/donate_64.png)\n\nPlease Donate To Bitcoin Address: **1AEbR1utjaYu3SGtBKZCLJMRR5RS7Bp7eE**\n\n# News\n\nI just read a article on Bleeping Computer, https://www.bleepingcomputer.com/news/security/backdoored-torrents-infect-movie-tv-fans-with-gobot2-malware/ Seems someone has found a use for this project... I have no involvment with this group or person. I have nothing more to say on this matter.\n\n\\-Crab Crab  \n\\----------Update Log---------------------\n\n03/15/2017: Intial Upload...\n","funding_links":[],"categories":["Command and Control"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSaturnsVoid%2FGoBot2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSaturnsVoid%2FGoBot2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSaturnsVoid%2FGoBot2/lists"}