{"id":17998092,"url":"https://github.com/cookiengineer/antibote","last_synced_at":"2025-04-04T06:25:14.016Z","repository":{"id":255743466,"uuid":"853430814","full_name":"cookiengineer/antibote","owner":"cookiengineer","description":":robot: The antidote for botnets of APT3/28/29","archived":false,"fork":false,"pushed_at":"2025-02-06T19:13:45.000Z","size":34,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-28T12:11:35.329Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cookiengineer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-06T16:34:29.000Z","updated_at":"2024-09-15T21:14:21.000Z","dependencies_parsed_at":"2024-09-07T00:01:55.663Z","dependency_job_id":"bdaa30b8-0376-4026-9674-1d88949077bf","html_url":"https://github.com/cookiengineer/antibote","commit_stats":null,"previous_names":["cookiengineer/antibote"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantibote","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantibote/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantibote/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fantibote/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cookiengineer","download_url":"https://codeload.github.com/cookiengineer/antibote/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247130795,"owners_count":20888654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-29T21:23:56.568Z","updated_at":"2025-04-04T06:25:13.992Z","avatar_url":"https://github.com/cookiengineer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# antibote\n\nThe Antidote for GitHub botnets to uncover botnets with shared operators.\n\n\n\n## What\n\nA lot of GitHub accounts are bots that are parts of the same\nshared botnet. Turns out, different botnet operators have\ndifferent PGP keys that they use to push commits to those\naccounts.\n\nThis tool scrapes a user's social connections on GitHub and\nmaps the keys back to the fake accounts, so that you can trace\nwhich botnet operator (co-)controls what fake accounts.\n\n## Why\n\nMultiple accounts use the same PGP key, and this tool\ntries to scrape related accounts of a botnet user's followers,\nrepositories, and contributors (pull requests) to uncover\nthe botnet on a larger scale.\n\nUsually lots of botnets work in a way that they create other\nfake accounts and follow each other once they go online, so\nthat these accounts get pushed into \"not being a bot\" by\nGitHub's very flawed bot detector.\n\n## How\n\n```bash\n# Generate Personal Access Token\necho \"My-Personal-Access-Token\" \u003e constants/Token.env;\n\n# Start tracing the botnet behind fake user account\ngo run cmds/antibote/main.go xiexinch;\n\n# GPG key for this botnet operator is mapped in keymap\ncat ~/Antibote/github/xiexinch.json;\ncat ~/Antibote/keymap.json;\n```\n\n\n## Notes\n\nThe GitHub Web UI (Codespaces) uses GPG to sign its commits.\n\nIn case you find another false positive or the key changes in the future, you will need\nto add it to the [GitHubKeys.go](constants/GitHubKeys.go) file.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fantibote","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcookiengineer%2Fantibote","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fantibote/lists"}