- Botnets of the Web - How to Hijack One
- php5-cli (For bwall's decoder used with
scraper.py)
- statis.py & rsser.py:
pip install feedparser
- scraper.py:
pip install requests
pip install beautifulsoup4
pip install python-magic
- Python 2.7.3
- Kali-Linux
- botConfiguration: Output directory for
rsser.py - bwalldecoder: Used to decode scraped payloads locally with
scraper.py - raw: Raw payloads found by
scraper.py - output: Directory used by
logscraper.sh - statisDir: Directory used by
statis.py - sorted: Directory where gunzipped payloads are stored after mime-check by
scraper.py - decoded: Directory where decoded payloads are stored by
scraper.py
./logscraper.sh- Shell script which parses Apache access.log's./statis.py- Python script that collects all the publish dates in the BallastSec bot RSS feeds../rsser.py- Python scripts that collects and decodes all botnet configurations in BallastSec bot RSS feeds../scraper.py- Python script that scrapes the website at BallastSec and saves the payloads locally (a check is done first). Gunzips the payloads, checks the mime-type of the payload and stores it in an appropriate directory (sorted/known-mime-type). Unzips known good mime-types (i.e. not archives). Cleans up after itself../bwalldecoder/Decoder/haxx.phpAccepts a file via CLI and returns the decoded contents only../findpBots.shFinds pBots in the decoded directory../findRA1NX.shFinds RA1NX bots in the decoded directory.
- Hans-Michael Varbaek
- Spaghetti
- Modify-on-the-fly
- As-long-as-it-works