Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/malwaretech/trickbot-toolkit
A collection of tools for dealing with TrickBot
https://github.com/malwaretech/trickbot-toolkit
Last synced: 3 months ago
JSON representation
A collection of tools for dealing with TrickBot
- Host: GitHub
- URL: https://github.com/malwaretech/trickbot-toolkit
- Owner: MalwareTech
- Created: 2017-11-10T03:31:51.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2017-11-11T13:00:24.000Z (almost 7 years ago)
- Last Synced: 2024-07-31T00:19:45.736Z (3 months ago)
- Language: Python
- Size: 7.81 KB
- Stars: 198
- Watchers: 16
- Forks: 42
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **150**星
README
# TrickBot
A collection of tools for working with TrickBot
## ConfigDecrypter.py
**Used to decrypt TrickBot configs (found in install directory under then name config.conf)**
Example usage: ConfigDecrypter.py -input config.conf -output config.txt
## FileDownloader.py
**Used to download files from command and control server**
For it to work you'll need to fill servers.txt with a list of recent servers (TrickBot servers die very quickly)
-o (--output) is the file to save to.
-f (--file) specifes the file to download, here is a list of files available:
* Modules
* systeminfo32 - gather information about the infected system (32-bit module)
* injectdll32 - injects into the browser and performs webinjects (32-bit module)
* mailsearcher32 - searches through files to gather a list of email addresses (32-bit module)
* sharedll32 - allows the malware to move laterally via network shares (32-bit module)
* Config Files
* main - main TrickBot config which includes the latest server list
* dinj - dynamic webinject configuration
* sinj - static webinject configuration
* dpost - server which the dynamic webinjects will send intercepted requests to
* mailconf - server to send harvested email list to