https://github.com/waived/http-botnet

Primitve DDoS botnet that uses HTTP as a communication method
https://github.com/waived/http-botnet

basic-programming ddos-botnet http-botnet proof-of-concept python-botnet python3

Last synced: 8 months ago
JSON representation

Primitve DDoS botnet that uses HTTP as a communication method

• Host: GitHub
• URL: https://github.com/waived/http-botnet
• Owner: waived
• Created: 2025-01-04T23:28:03.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-01-10T04:18:00.000Z (10 months ago)
• Last Synced: 2025-01-16T05:19:22.034Z (10 months ago)
• Topics: basic-programming, ddos-botnet, http-botnet, proof-of-concept, python-botnet, python3
• Language: HTML
• Homepage:
• Size: 81.1 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
PROOF OF CONCEPT:

This project was designed to be an incredibly simple example of how an HTTP botnet

may choose to operate. This specific bot uses "HTTP Polling" which is a low-bandwidth

option fon controlling a large overhead of bots (opposed to other methods such as

WebSockets or HTTP Streaming). Each infected device will make a request to the server

every 30 seconds to get an update as to what needs to be accomplished.

ATTACK METHODS:

   [+] UDP flood

   [+] TCP flood

   [+] HTTP flood

   [+] TLS exhaustion

NOTE:

Each job assigned by the bot master has an ID. This is done so if a bot receives the

same update from the server, the same job isnt carried out twice. This bot is multi-

threaded, so if an active attack is going on, another one or more can be launched

concurrently to engage more targets.

SETUP:

You are going to want to set permissions for your login panel and dashboard so

that no individual can bypass the authentication and access the DDOS panel.

      # Make dashboard readable only by the server and admin (not accessible to public)

      chmod 600 index.html

      # Make authentication script readable only by the server and admin (not accessible to public)

      chmod 600 auth.js

      

      # Make login publicly readable

      chmod 644 login.html

      # or use .htaccess (with Apache) to protect the dashboard

      

          Order Deny,Allow

          Deny from all

          Allow from 127.0.0.1

      

      # the 'client.py' payload will need to be modified as well. When you upload your

      # files, you need to change the variable 'gate_url' to point to your gate.php file

      #

      # example: gate_url = 'http://your-botnet.com/gate.php'

NOTE:

inside of the auth.js is a password for the login. this will need to be updated

to suit your needs.