Skip to content
Powershell fork of Monohard by Carlos Ganoza P. This botnet/backdoor was designed to egress over unecrypted web using very little, but effective obfuscation. Egress over ICMP and DNS are planned as features. Lastly, the server code is designed to setup the C2 on a LAMP-esque server. The default creds are admin/admin.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

#Galvatron Powershell fork (with upgrades) of the Monohard botnet (Carlos Ganoza P.). Default creds are admin/admin

  1. Features

    Utilizes Internet Explorer as the C2 channel Checks in via an obfuscated POST disguised as a login attempt Posts back stdout and stderr of commands run Contains an udpflood module for DDoS tests Supports download and upload of files

  2. Install

    Server Requires typical LAMP setup. Run for default setup. This assumes /var/www as your apache content directory. Change the install script as needed. This will setup the server in a default state. User assumes risk of using default installation. Login via /bot/login.php

    Client Run galvatron.ps1 from the client directory either via the file or in memory. If using udpflood, ensure either the udpflood.ps1 file is local or can be accessed in memory. Ensure script is being run in x86 mode as currently the IE COM object on 64 bit seems buggy.

Twitter: @khr0x40sh Email: Site:

You can’t perform that action at this time.