Aura Botnet is a super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.
The botnet’s C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following:
The admin site located at http://your_server:server_port/admin can be accessed after setting up a superuser (see below).
Also Read – Stegify : Go Tool For LSB Steganography,Capable Of Hiding Any File Within An Image
Database
The C2 server is currently configured to use a SQLite3 database, bots.sqlite3. The current configuration can be changed in aura-server/aura/settings.py. You may wish to use MySQL, or even PostgreSQL instead; this easy to do thanks to Django’s portable database API.
Bot Clients
The primary client is written in C++, and can be compiled for either Linux or Windows using CMake. Alternate clients are written in Rust, Bash, and Powershell, but are may lack certain functionality as they are mostly unsupported. I will fix any major bugs that come to my attention, but they will continue to lack certain features for the time being, such as running commands in different shells.
The client will gather relevant system information and send it to the C2 server to register the new bot. Identification is done by initially creating a file containing random data — referred to as the auth file throughout the code — which will then be hashed each time the client runs to identify the client and authenticate with the C2 server. It will then install all the files in the folder specified in the code, and initialize the system service or schedule a task with the same privileges that the client was run with. The default settings have the client and other files masquerading as configuration files.
Other Notes
Because this is for testing purposes, the C2 server needs to be hard-coded into client and web delivery files. It is currently set to localhost on all the files. This is because an actual botnet would use something like a domain generation algorithm (DGA) to sync a stream of changing domains on the client side with a stream of disposable domains being registered — or just really bulletproof hosting like the original Mirai botnet.
The code is also not obfuscated nor is there any effort put toward preventing reverse engineering; this would defeat the purpose of being a botnet for testing and demonstrations.
The killswitch folder contains scripts for easy client removal when testing on your devices.
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…