{"id":13469257,"url":"https://github.com/malwaredllc/byob","last_synced_at":"2025-05-12T20:51:48.324Z","repository":{"id":37579987,"uuid":"114619595","full_name":"malwaredllc/byob","owner":"malwaredllc","description":"An open-source post-exploitation framework for students, researchers and developers.","archived":false,"fork":false,"pushed_at":"2025-03-10T23:35:13.000Z","size":39653,"stargazers_count":9154,"open_issues_count":7,"forks_count":2143,"subscribers_count":323,"default_branch":"master","last_synced_at":"2025-04-23T17:39:11.613Z","etag":null,"topics":["encrypted-connections","no-dependencies","platform-independent","post-exploitation","reverse-shells"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malwaredllc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":"paypal.me/donatebyob"}},"created_at":"2017-12-18T09:10:12.000Z","updated_at":"2025-04-23T17:22:15.000Z","dependencies_parsed_at":"2024-11-18T22:04:24.379Z","dependency_job_id":"2e4c57a7-bf2b-4209-b3cb-4ce0b41b4ca4","html_url":"https://github.com/malwaredllc/byob","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredllc%2Fbyob","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredllc%2Fbyob/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredllc%2Fbyob/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwaredllc%2Fbyob/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malwaredllc","download_url":"https://codeload.github.com/malwaredllc/byob/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253821271,"owners_count":21969670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encrypted-connections","no-dependencies","platform-independent","post-exploitation","reverse-shells"],"created_at":"2024-07-31T15:01:30.948Z","updated_at":"2025-05-12T20:51:48.298Z","avatar_url":"https://github.com/malwaredllc.png","language":"Python","readme":"![Banner](https://github.com/malwaredllc/byob/blob/master/byob/static/byob_logo_black.svg)\n\n[![license](https://img.shields.io/badge/license-GPL-brightgreen.svg)](https://github.com/malwaredllc/byob/blob/master/LICENSE)\n[![version](https://img.shields.io/badge/version-2.0-blue.svg)](https://github.com/malwaredllc/byob)\n[![Coverage Status](https://coveralls.io/repos/github/malwaredllc/byob/badge.svg)](https://coveralls.io/github/malwaredllc/byob)\n\u003cimg alt=\"Discord\" src=\"https://img.shields.io/discord/709150520446550097\"/\u003e\n[![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=BYOB%20(Post-Exploitation%20Framework)\u0026url=https://github.com/malwaredllc/byob\u0026via=malwaredllc\u0026hashtags=byob,python,security,github)\n\n\n**Questions?** Check out the [docs](https://github.com/malwaredllc/byob/wiki) or join our [Discord support server](https://discord.gg/8FsSrw7)\n\n__Disclaimer__: This project should be used for authorized testing or educational purposes only.\n\nBYOB is an open-source post-exploitation framework for students, researchers and developers. It includes features such as:\n- Command \u0026 control server with intuitive user-interface\n- Custom payload generator for multiple platforms\n- 12 post-exploitation modules\n\nIt is designed to allow students and developers to easily implement their own code and add cool new\nfeatures *without* having to write a C2 server or Remote Administration Tool from scratch.\n\nThis project has 2 main parts: the **original console-based application** (`/byob`) and the **web GUI** (`/web-gui`).\n\n# Web GUI\n\n## Dashboard\nA control panel for your C2 server with a point-and-click interface for executing post-exploitation modules. The control panel includes an interactive map of client machines and a dashboard which allows efficient, intuitive administration of client machines.\n\n![dashboard_preview](https://github.com/malwaredllc/byob/blob/master/web-gui/buildyourownbotnet/assets/images/previews/preview-dashboard.png)\n\n## Payload Generator\nThe payload generator uses black magic involving Docker containers \u0026 Wine servers to compile executable payloads for any platform/architecture you select. These payloads spawn reverse TCP shells with communication over the network encrypted via AES-256 after generating a secure symmetric key using the [Diffie-Hellman IKE](https://tools.ietf.org/html/rfc2409).\n\n![payloads_preview](https://github.com/malwaredllc/byob/blob/master/web-gui/buildyourownbotnet/assets/images/previews/preview-payloads2.png)\n\n## Terminal Emulator\nThe web app includes an in-browser terminal emulator so you can still have direct shell access even when using the web GUI.\n\n![terminal_preview](https://github.com/malwaredllc/byob/blob/master/web-gui/buildyourownbotnet/assets/images/previews/preview-shell.png)\n\n# Console Application\n\n## Client\n[![client](https://img.shields.io/badge/byob-client-blue.svg)](https://github.com/malwaredllc/byob/blob/master/byob/payloads.py)\n\n*Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules*\n\n1) __Remote Imports__: remotely import third-party packages from the server without writing them \nto the disk or downloading/installing them\n2) __Nothing Written To The Disk__: clients never write anything to the disk - not even temporary files (zero IO\nsystem calls are made) because remote imports allow arbitrary code to be \ndynamically loaded into memory and directly imported into the currently running \nprocess\n3) __Zero Dependencies (Not Even Python Itself)__: client runs with just the python standard library, remotely imports any non-standard\npackages/modules from the server, and can be compiled with a standalone python \ninterpreter into a portable binary executable formatted for any platform/architecture,\nallowing it to run on anything, even when Python itself is missing on the target host\n4) __Add New Features With Just 1 Click__: any python script, module, or package you copy to the `./byob/modules/` directory\nautomatically becomes remotely importable \u0026 directly usable by every client while \nyour command \u0026 control server is running\n5) __Write Your Own Modules__: a basic module template is provided in `./byob/modules/` directory to make writing\nyour own modules a straight-forward, hassle-free process\n6) __Run Unlimited Modules Without Bloating File Size__: use remote imports to add unlimited features without adding a single byte to the\nclient's file size \n7) __Fully Updatable__: each client will periodically check the server for new content available for\nremote import, and will dynamically update its in-memory resources\nif anything has been added/removed\n8) __Platform Independent__: everything is written in Python (a platform-agnostic language) and the clients\ngenerated can optionally be compiled into a portable executable (*Windows*) or\nbundled into a standalone application (*macOS*)\n9) __Bypass Firewalls__: clients connect to the command \u0026 control server via reverse TCP connections, which\nwill bypass most firewalls because the default filter configurations primarily\nblock incoming connections\n10) __Counter-Measure Against Antivirus__: avoids being analyzed by antivirus by blocking processes with names of known antivirus\nproducts from spawning\n11) __Encrypt Payloads To Prevent Analysis__: the main client payload is encrypted with a random 256-bit key which exists solely\nin the payload stager which is generated along with it\n12) __Prevent Reverse-Engineering__: by default, clients will abort execution if a virtual machine or sandbox is detected\n\n## Modules\n[![modules](https://img.shields.io/badge/byob-modules-blue.svg)](https://github.com/malwaredllc/byob/blob/master/byob/modules)\n\n*Post-exploitation modules that are remotely importable by clients*\n\n1) __Persistence__ (`byob.modules.persistence`): establish persistence on the host machine using 5 different methods\n2) __Packet Sniffer__ (`byob.modules.packetsniffer`): run a packet sniffer on the host network \u0026 upload .pcap file\n3) __Escalate Privileges__ (`byob.modules.escalate`): attempt UAC bypass to gain unauthorized administrator privileges\n4) __Port Scanner__ (`byob.modules.portscanner`): scan the local network for other online devices \u0026 open ports\n5) __Keylogger__ (`byob.modules.keylogger`): logs the user’s keystrokes \u0026 the window name entered\n6) __Screenshot__ (`byob.modules.screenshot`): take a screenshot of current user’s desktop\n7) __Outlook__ (`byob.modules.outlook`): read/search/upload emails from the local Outlook client\n8) __Process Control__ (`byob.modules.process`): list/search/kill/monitor currently running processes on the host\n9) __iCloud__ (`byob.modules.icloud`): check for logged in iCloud account on macOS\n\n## Server\n[![server](https://img.shields.io/badge/byob-server-blue.svg)](https://github.com/malwaredllc/byob/blob/master/byob/server.py)\n\n*Command \u0026 control server with persistent database and console*\n\n1) __Console-Based User-Interface__: streamlined console interface for controlling client host machines remotely via\nreverse TCP shells which provide direct terminal access to the client host machines\n2) __Persistent SQLite Database__: lightweight database that stores identifying information about client host machines,\nallowing reverse TCP shell sessions to persist through disconnections of arbitrary\nduration and enabling long-term reconnaissance\n3) __Client-Server Architecture__: all python packages/modules installed locally are automatically made available for clients \nto remotely import without writing them to the disk of the target machines, allowing clients to use modules which require\npackages not installed on the target machines\n\n## Core\n[![core](https://img.shields.io/badge/byob-core-blue.svg)](https://github.com/malwaredllc/byob/blob/master/byob/core)\n\n*Core framework modules used by the generator and the server*\n\n1) __Utilities__ (`byob.core.util`): miscellaneous utility functions that are used by many modules\n2) __Security__ (`byob.core.security`): Diffie-Hellman IKE \u0026 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)\n3) __Loaders__ (`byob.core.loaders`): remotely import any package/module/scripts from the server\n4) __Payloads__ (`byob.core.payloads`): reverse TCP shell designed to remotely import dependencies, packages \u0026 modules\n5) __Stagers__ (`byob.core.stagers`): generate unique payload stagers to prevent analysis \u0026 detection   \n6) __Generators__ (`byob.core.generators`): functions which all dynamically generate code for the client generator\n7) __DAO__ (`byob.core.dao`): handles interaction between command \u0026 control server and the SQLite database\n8) __Handler__ (`byob.core.handler`): HTTP POST request handler for remote file uploads to the server\n\n________________________________________________________________________________________________\n\n### To Do\n\n*Contributors welcome! Feel free to issue pull-requests with any new features or improvements you have come up with!*\n\n1) __Remote Import Encryption__ - encryption for data streams of packages/modules being remotely imported (to maintain confidentiality/authenticity/integrity and prevent any remote code execution vulnerabilities arising from deserialization)\n2) __Transport Types__ - add support for more transport types (HTTP/S, DNS, etc.)\n3) __Bug Fixes__ - fix any bugs/issues\n","funding_links":["paypal.me/donatebyob"],"categories":["\u003ca id=\"tag-dev\" href=\"#tag-dev\"\u003eDev\u003c/a\u003e","Python","\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","others","\u003ca id=\"783f861b9f822127dba99acb55687cbb\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"tag-dev.security\" href=\"#tag-dev.security\"\u003eSecurity\u003c/a\u003e","\u003ca id=\"80301821d0f5d8ec2dd3754ebb1b4b10\"\u003e\u003c/a\u003ePayload\u0026\u0026远控\u0026\u0026RAT","\u003ca id=\"c45a90ab810d536a889e4e2dd45132f8\"\u003e\u003c/a\u003eBotnet\u0026\u0026僵尸网络"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwaredllc%2Fbyob","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalwaredllc%2Fbyob","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwaredllc%2Fbyob/lists"}