byob

BYOB stands for Build Your Own Botnet. It is an open-source Python framework intended for students, security researchers, and developers who want to study how command-and-control (C2) systems work without having to build every component from scratch. The README explicitly states it should only be used for authorized testing or educational purposes.

The framework has two main parts. The first is a console-based application that lets you run a control server and connect to it from client machines. The second is a web-based graphical interface with a dashboard that shows a map of connected machines and lets you run post-exploitation modules through a point-and-click interface. Both parts share the same underlying server logic; the web GUI is just a more visual way to interact with it.

The client side of the framework generates small programs that run on target machines and call back to the control server over an encrypted connection. A notable design choice is that these client programs do not write files to disk and do not require any external packages to be pre-installed on the machine they run on. Instead, they pull any needed code directly from the server into memory at runtime. The README lists this as a way to avoid detection by security tools, which is relevant context for researchers studying how such evasion works.

The framework comes with around a dozen post-exploitation modules that can be loaded onto connected clients. These include a packet sniffer, a keylogger, a screenshot tool, a port scanner, a process listing tool, a persistence installer, and a privilege escalation attempt module. Each module is a Python file that can be copied into a specific directory and becomes available to clients automatically.

The server stores information about connected clients in a local SQLite database so that sessions can resume after a disconnection. The payload generator uses Docker and Wine to compile executables for different operating systems from a single build environment.