Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/waived/http-botnet
Primitve DDoS botnet that uses HTTP as a communication method
https://github.com/waived/http-botnet
basic-programming ddos-botnet http-botnet proof-of-concept python-botnet python3
Last synced: 10 days ago
JSON representation
Primitve DDoS botnet that uses HTTP as a communication method
- Host: GitHub
- URL: https://github.com/waived/http-botnet
- Owner: waived
- Created: 2025-01-04T23:28:03.000Z (22 days ago)
- Default Branch: main
- Last Pushed: 2025-01-05T14:30:23.000Z (21 days ago)
- Last Synced: 2025-01-05T15:33:56.292Z (21 days ago)
- Topics: basic-programming, ddos-botnet, http-botnet, proof-of-concept, python-botnet, python3
- Language: HTML
- Homepage:
- Size: 77.1 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
PROOF OF CONCEPT:
This project was designed to be an incredibly simple example of how an HTTP botnet
may choose to operate. This specific bot uses "HTTP Polling" which is a low-bandwidth
option fon controlling a large overhead of bots (opposed to other methods such as
WebSockets or HTTP Streaming). Each infected device will make a request to the server
every 30 seconds to get an update as to what needs to be accomplished.ATTACK METHODS:
[+] UDP flood
[+] TCP flood
[+] HTTP flood
[+] TLS exhaustionNOTE:
Each job assigned by the bot master has an ID. This is done so if a bot receives the
same update from the server, the same job isnt carried out twice. This bot is multi-
threaded, so if an active attack is going on, another one or more can be launched
concurrently to engage more targets.SETUP:
You are going to want to set permissions for your login panel and dashboard so
that no individual can bypass the authentication and access the DDOS panel.# Make dashboard readable only by the server and admin (not accessible to public)
chmod 600 index.html# Make authentication script readable only by the server and admin (not accessible to public)
chmod 600 auth.js
# Make login publicly readable
chmod 644 login.html# or use .htaccess (with Apache) to protect the dashboard
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# the 'client.py' payload will need to be modified as well. When you upload your
# files, you need to change the variable 'gate_url' to point to your gate.php file
#
# example: gate_url = 'http://your-botnet.com/gate.php'NOTE:
inside of the auth.js is a password for the login. this will need to be updated
to suit your needs.