Aura Botnet : A Super Portable Botnet Framework With A Django-Based C2 Server

Aura Botnet is a super portable botnet framework with a Django-based C2 server. The client is written in C++, with alternate clients written in Rust, Bash, and Powershell.

The botnet’s C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following:

  • Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained within the aura-server folder.
  • Django includes a very intuitive and powerful admin site that can be used for managing bots and commands
  • The server is only handling simple POST requests and returning text
  • Static files should be handled by a separate web server (local or remote) that excels in serving static files, such as nginx

The admin site located at http://your_server:server_port/admin can be accessed after setting up a superuser (see below).

Also Read – Stegify : Go Tool For LSB Steganography,Capable Of Hiding Any File Within An Image

Database

The C2 server is currently configured to use a SQLite3 database, bots.sqlite3. The current configuration can be changed in aura-server/aura/settings.py. You may wish to use MySQL, or even PostgreSQL instead; this easy to do thanks to Django’s portable database API.

Bot Clients

The primary client is written in C++, and can be compiled for either Linux or Windows using CMake. Alternate clients are written in Rust, Bash, and Powershell, but are may lack certain functionality as they are mostly unsupported. I will fix any major bugs that come to my attention, but they will continue to lack certain features for the time being, such as running commands in different shells.

The client will gather relevant system information and send it to the C2 server to register the new bot. Identification is done by initially creating a file containing random data — referred to as the auth file throughout the code — which will then be hashed each time the client runs to identify the client and authenticate with the C2 server. It will then install all the files in the folder specified in the code, and initialize the system service or schedule a task with the same privileges that the client was run with. The default settings have the client and other files masquerading as configuration files.

Other Notes

Because this is for testing purposes, the C2 server needs to be hard-coded into client and web delivery files. It is currently set to localhost on all the files. This is because an actual botnet would use something like a domain generation algorithm (DGA) to sync a stream of changing domains on the client side with a stream of disposable domains being registered — or just really bulletproof hosting like the original Mirai botnet.

The code is also not obfuscated nor is there any effort put toward preventing reverse engineering; this would defeat the purpose of being a botnet for testing and demonstrations.

The killswitch folder contains scripts for easy client removal when testing on your devices.

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

18 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

18 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago