Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


NSA EquationGroup C&C Hunter using the Shodan API

Ala The Italian Job with regards to HackingTeam, this one hunts down NSA "Equation Group" C&C servers. All of them are dead now, NSA pulled them down after getting 0wn3d 4nd 3xp0z3d and all that, but they were valid on 2015-02-23. Below is a paste of some C&C servers identified. I am uploading it now for historical reasons, and also because, well, the "Italian Job" is now public after Phineas rekt HT.

This work would not be possible without the inputs of various security researchers, especially that magnificent bastard March (the rootkit wizard)

Dump of DDoS numbers Enumerated back in Febuary.

Again, you will need a Shodan API key and the Shodan python module.

$ pip install shodan # this installs the shodan module :)

Basically how all this works is, these scumbags C&C servers behave "wierdly" and send strange headers, which are easy to identify. No matter how "legit looking" they try be, we will always be able to locate them :)

Remember, those who would spy on us, try fuck with us, and generally be scumbags: Mess with the best, die like the rest. There are more of us than you, and we will not take your fuckery lightly <3

Licence: WTFPL


NSA EquationGroup C&C Hunter using the Shodan API



No releases published


You can’t perform that action at this time.