{"id":16493235,"url":"https://github.com/da-rth/visibot","last_synced_at":"2026-04-13T04:03:06.121Z","repository":{"id":111615418,"uuid":"300613954","full_name":"da-rth/VisIBoT","owner":"da-rth","description":"An automated botnet detection framework and geographic visualisation tool.","archived":false,"fork":false,"pushed_at":"2021-07-14T08:44:16.000Z","size":74697,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-24T11:59:46.024Z","etag":null,"topics":["botnet","botnet-detection","celery","docker","expressjs","iot","nuxtjs"],"latest_commit_sha":null,"homepage":"https://visibot.noot.tech","language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/da-rth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-10-02T12:53:37.000Z","updated_at":"2023-12-02T08:39:57.000Z","dependencies_parsed_at":"2023-03-19T01:45:12.468Z","dependency_job_id":null,"html_url":"https://github.com/da-rth/VisIBoT","commit_stats":null,"previous_names":["da-rth/visibot"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/da-rth%2FVisIBoT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/da-rth%2FVisIBoT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/da-rth%2FVisIBoT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/da-rth%2FVisIBoT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/da-rth","download_url":"https://codeload.github.com/da-rth/VisIBoT/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241329394,"owners_count":19944984,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["botnet","botnet-detection","celery","docker","expressjs","iot","nuxtjs"],"created_at":"2024-10-11T14:08:57.511Z","updated_at":"2025-12-31T01:06:26.796Z","avatar_url":"https://github.com/da-rth.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Main Build Status](https://travis-ci.com/denBot/VisIBoT.svg?token=pMfMcyEQzGJGFRQDBST5\u0026branch=main)\n\n# VisiBot - Automated Detection of IoT Botnets\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"src/webapp/frontend/static/favicon.svg\" /\u003e\n    \u003c/br\u003e\n    \u003c!-- a href=\"https://visibot.noot.tech/\"\u003eVisiBot Demo\u003c/a--\u003e\n    \u003c!--/br--\u003e\n    \u003csub\u003eIcon generated by \u003ca href=\"https://loading.io/\"\u003ehttps://loading.io/\u003c/a\u003e\u003c/sub\u003e\n\u003c/p\u003e\n\n\n## Project Information\n- **Level 4 Individual Project** - [SoCS - University of Glasgow](https://www.gla.ac.uk/schools/computing/)\n- **Author**: [Daniel Arthur (2086380a)](mailto:2086380a@student.gla.ac.uk)\n- **Supervisor**: [Angelos Marnerides](mailto:angelos.marnerides@glasgow.ac.uk)\n- **License**: [MIT](https://opensource.org/licenses/MIT)\n\n\n## Installation Instructions and Timelog\n- Please refer to [MANUAL.md](/MANUAL.md) for setup/installation instructions.\n- Please refer to [TIMELOG.md](/TIMELOG.md) for a full time-log of activity throughout development.\n- Please refer to [LICENSE](/LICENSE) for MIT License information\n\n\n## Project Outline\n\nVisiBot is an automated IoT botnet detection system used for real-time identification  and visualisation of Internet of Things (IoT) Botnets.\n\n\n### VisiBot Processing System\n\nThe VisIBot Processing System automatically collects Bad Packets honeypot data and extracts, executes and analyses botnet malware payloads using the LiSa sandbox in real-time. Through combined static, dynamic, and heuristic-based analysis of malware payloads, the proposed system is capable of identifying potential (candidate) Command \u0026 Control (C2) servers and Peer-to-Peer networks for IoT Botnets. Contained in various docker images, celery tasks are created from collected Bad Packets results and are processed using a scalable number of celery workers. The task queue is maintained using redis and is designed to work with various celery workers. This ensures that even if a single worker fails, the task queue will not be halted and processing will continue.\n\n#### Tools and Frameworks:\n- [Python](https://www.python.org/) - Interpreted, high-level programming language\n- [Celery](https://docs.celeryproject.org/en/stable/getting-started/introduction.html) - Python-based distributable task queueing system\n- [Flower](https://flower.readthedocs.io/en/latest/) - Celery Monitoring Tool\n- [Redis](https://redis.io/) - In-memory data store used as a broker for Celery\n- [Docker](https://www.docker.com/) - Platform and container service\n\n#### Services\n- [Bad Packets](https://badpackets.net/) - Cyber-threat Intelligence honeypot service\n- [VirusTotal](https://www.virustotal.com/) - Anti-virus vendor aggregation\n- [MaxMind GeoIP2](https://www.maxmind.com/en/geoip2-databases) - Locally maintained databases for IP geographic information\n- [IPInfo](https://ipinfo.io/) - IP address data API service\n\n### VisiBot Web Application\n\nThe VisiBot web-application is a browser-based visualisation tool that maps geo-location of identified potential bots, payload servers, peer-to-peer nodes and command-and-control servers. Written in Nuxt.js and hosted using Express.js, the main service uses Leaflet.js to cluster and annotate the geo-locations of any identified botnet activity.\n\n\u003cdiv style=\"text-align:center\"\u003e\n    \u003cimg style=\"width: 70%; filter: drop-shadow(5px 5px 5px #222); border-radius: 5px;\" src=\"dissertation/images/visibot_screenshot_cluster.png\" /\u003e\n    \u003c/br\u003e\n    \u003cspan\u003e\u003ci\u003eVisiBot Web Application - Geo-location clustering using \u003ca href=\"https://leafletjs.com/\"\u003eLeafletJS\u003c/a\u003e\u003c/i\u003e\u003c/span\u003e\n\u003c/div\u003e\n\n#### Tools and Frameworks:\n- [NodeJS](https://nodejs.org/en/) - JavaScript runtime\n- [Nuxt.js](https://nuxtjs.org/) - Frontend JavaScript Framework\n- [Express.js](https://expressjs.com/) - Backend Web Server for Node.js\n- [Mongoose](https://mongoosejs.com/docs/) - MongoDB object modelling framework for Node.js\n- [Leaflet.js](https://leafletjs.com/) - JavaScript library for interactive maps\n- [BootstrapVue](https://bootstrap-vue.org/) - Bootstrap CSS/JS Framework vue integration\n\n### LiSa Sandbox\n[LiSa](https://github.com/danieluhricek/LiSa) is a Linux Sandbox project created by [Daniel Uhříček](https://github.com/danieluhricek) which provides automated Linux malware analysis on various CPU architectures. I have modified this project [here](https://github.com/denBot/LiSa) to allow for the following additional features:\n- Ability to create analysis tasks by submitting a malware URL instead of uploading a file\n- Added binary unpacking for any binaries packed using the UPX packer software\n- Added ability to provide external service API endpoints. POST requests are made to these endpoints when a given task fails/succeeds.\n\n## Acknowledgements\n- [Bad Packets](https://badpackets.net/) provided access to distributed honeypot data through their Cyber Threat Intelligence API service\n- [IPInfo](https://ipinfo.io/) provided access to their [Privacy Detection API](https://ipinfo.io/proxy-vpn-detection-api)\n- [VirusTotal](https://www.virustotal.com/gui/) provided access to an academic API with increased request limits\n- [LiSa](https://github.com/danieluhricek/LiSa) is used for automated linux malware analysis\n- [MaxMind GeoIP2](https://www.maxmind.com/en/home) is used for performing IP geo-location look-ups\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fda-rth%2Fvisibot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fda-rth%2Fvisibot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fda-rth%2Fvisibot/lists"}