Build Your Own Botnet

BYOB provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats. It is designed to allow developers to easily implement their own code and add cool new features without having to write a RAT or Command & Control server from scratch.


  • Nothing Written To The Disk − clients never write anything to the disk - not even temporary files because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process.

  • Platform Independent − everything is written in Python and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application.

  • Bypass Firewalls − clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections.

  • Counter-Measure Against Antivirus − avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning.

  • Encrypt Payloads To Prevent Analysis − the main client payload is encrypted with a random 256- bit key which exists solely in the payload stager which is generated along with it.

  • Prevent Reverse-Engineering − by default, clients will abort execution if a virtual machine or sandbox is detected.

How to Install

  • git clone

  • cd byob

  • pip install -r requirements.txt

  • python

    Here two terminals will be used; first terminal will be Bot Server where sessions will be handled and second terminal the Bot Client where bots will be created.

  • python –port 445

    Then open another linux terminal and Type cd /home/cybersecurity/Downloads/byob/byob

  • python –name ip) 445

After executing the above query, a new botnet will be created. The above query will execute. Now, you can use any social engineering trick anyone to open bot in their computer. When the executed in the target machine, a session will be created in botnet server.

Post exploitation

Post-exploitation modules those are remotely importable by clients after the successful configuration of botnet in the victim.

  • Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered

  • Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop

  • Webcam ( view a live stream or capture image/video from the webcam

  • Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment

  • Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file

  • Persistence (byob.modules.persistence): establish persistence on the host machine

  • Phone ( read/search/upload text messages from the client smartphone

  • Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges

  • Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports

  • Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host