Skip to content

Latest commit

 

History

History
604 lines (562 loc) · 14 KB

README.md

File metadata and controls

604 lines (562 loc) · 14 KB

Project Discontinued, I no longer have time or interest in Malware Development. (10/16/2021)

Some Items are removed. 

Project-Whis (WORKING NAME)

Project-Whis is a Advanced HTTP Botnet / Remote Admin Tool written in GoLANG mainly. The Server (C2) is Cross-Platform and can be run on Windows, Linux, MacOS, Etc. once compiled for it. Supported Clients for Windows, Linux and Android Based Systems. The user Frontend is written in HTML, CSS3, JavaScript while using Bootstrap4 and Font Awesome frameworks.

Suggestions of features and commands you would like to see please leave a message and I will look into it. 

No. I will NOT be adding Ransomware to this project.

Mac client may come in the future if I get a Mac to develop on.

DISCLAIMER & TERMS

By Downloading, Forking, Editing or compiling this source code you agree to the following;

  1. USE FOR EDUCATIONAL PURPOSES ONLY!
  2. I WILL NOT BE HELD LIABLE FOR MISSUSE OF THIS CODE.
  3. DO NOT SELL THIS AS YOUR OWN.
  4. I DO NOT GUARANTY THIS CODE WILL WORK ON ALL SYSTEMS.
  5. Only scan with non-distributing Anti-Virus scanners like (DynCheck, AVCheck, AVBox, AntiScan, Run4Me, Scan4Me, Etc.)

I develop malware as a hobby, I do not use this in the wild, I only test on personal networks and computers.

C2 (Command and Control)

  • In Browser Control Panel Connect from anywhere in the world!
  • End 2 End Multilayered Encryption
  • Dynamic Ever-Changing URI
  • Lets Encrypt SSL System Integrated
  • TOR Hidden Service Support
  • In Browser Client Builder
  • Client Management
    • Detailed Client Database
    • Basic and Advanced Commands
    • Client Analytics
    • Advanced Task Management
    • Account Management System
  • Plus lots more

Windows Client

Features

  FULL UNICODE SUPPORT
  FULLY NATIVE NO FRAMEWORKS NEEDED
  Advanced Anti-Forensics
    - Arbitrary Code Guard
    - Powerful Anti-Runtime Scan
    - Advanced Obfuscation for Scantime
    - Multipul Methods of Debugger, Virtual Mechine, and Sandbox Detection
    - Detect systems like ANY.RUN, VirusTotal and Hybrid-Analysis.com
    - Detection Responce System
    - Ping Jitter
  Advanced UserKit
    - Smart UAC Bypass System
    - Smart Install System
    - Powerful Active Defence System
  Campaign System
    - The client will not run in Countries you select

Commands

Basic Commands
  - Open URL (Optional Hidden)
  - Start Process (Optional Hidden)
  - Download and Run
    - Paramiters
    - Startup
    - RunPE
  - Kill Client
  - Uninstall Client
  - Update Client
  - System Power Commands (Shutdown, Restart, Lock)
Advanced Commands
  - Message Box
  - Download and Run
    - Add to Startup
    - Inject into Application with RunPE
  - Powerful Scripting
    - Powershell
    - VBScript
    - Windows Script File
    - Javascript
    - Batch
  - Advacned Shellcode Runners
    - Inject into Process
    - Early Bird Inject
    - Syscal Inject
    - CreateThread Inject
  - Play Rickroll in Background
  - Caputre Screenshot
  - Capture HD Webcam Image
    - Attempts to disable Webcam LED
    - Capture if Window Detected
  - Play Gandalf Sax Guy in Background
  - Change Clients Background to Screeming Picture
  - Fork Bomb
    - Combination of tree, ipconfig, systeminfo and tasklist with "hacker colors"
  - CPU Loader
  - BSOD Trigger
  - Drive Formater
  - WiFi Disconnector
  - System Log Clearer
  - Change Wallpaper
  - Boot to Blue Screen of Death
  - Create Persistant Command
  - Record Mic Audio (Options for Duration and Scheduling)
  - Torrent Seeder
    - Use local Torrent Software if Available
    - Download and Silently use uTorrent if no other options
  - DDoS (Dynamic User-Agent Generation where needed)
    - HTTP Get
    - TCP Flood
    - UDP Flood
    - ACE
    - GoldenEye
    - Hulk v3
    - SYN Flood
    - CCTV Flood
  - File Dropper
    - Location on Host
    - File Name and Type
    - Date Created, Read and Edited
  - Advanced Keylogger
    - Active Logging (24/7)
    - Scheduled Logging (Log only at set times)
    - Filtered Logging
       Log if Window Detected
    - Clipboard Logging
  - File Hunter
    - Search for File Types, Suffixes, Names, Patterns and more
    - Search Select Drives and Folders
    - Active Monitoring for External Drives, Phones and More
  - Password Recovery 
     - Chromium Web-Browsers (CreditCards,Cookies,Passwords,Autofill,History++)
         360chrome
         Amgigo
         Avast Secure
         Brave
         Bromium
         CatallinaGroup
         CentBrowser
         CheDot
         Chrome
         Chrome SxS
         Chrome-Beta
         Chromium
         Chromium Embedded Framework (CEF)
         Chromodo
         CocCoc
         Comodo
         CooWon
         CryptoTab
         Elements
         Epic
         Fenrir Sleipnir 
         Fenrir Sleipnir 5
         Go!
         Iridium
         kMelon
         Kometa
         Liebao
         Mail.RU
         MapleStudio
         Maxthon3
         Microsoft-Edge
         Mustang
         NiChrome
         Opera
         Opera-GX
         Orbitum
         qIP
         QQbrowser
         RockMelt
         Safer Browser
         SevenStar
         Spark
         Sputnik
         Suhba
         Superbird
         Titan
         TorBro
         Torch
         uCozMedia
         Ungoogled Chromuim
         Uran
         Vivaldi
         Xpom
         Yandex
     - FireFox Web-Browsers (Cookies,History,Passwords++)
         FireFox
         FireFox-Beta
         FireFox-Dev
         FireFox-Esr
         FireFox-Nightly
         K-Meleon
         Waterfox
         Cyberfox
     - Other Web-Browsers (Profiles)
         GNU Icecat
         Moonshild Pale Moon
         NETGATE BlackHawk
         QupZilla
         Mozilla SeaMonkey
         Lunascape
         FlashPeak SlimBrowser
     - Cryptocurrency Wallets (Inlcuding Browser based)
         AtomicWallet
         Bitcoin
         Bither
         Bytecoin
         Bytecoin
         Coinomi
         Dash
         Doge
         Electrum
         Electrum-LTC
         ElectronCash
         Electrum-btcp
         Ethereum
         Exodus
         Guarda
         Jaxx
         MultiBitHD
         LBRY
         Litecoin
         Monero
         MultiDoge
         Wasabi
         Zcash
         Armory
         Guild Wallet
         Ronin Wallet
         Binance Wallet
         KardiaChain Wallet
         MetaMask
         Wombat
         Jaxx Liberty
         Oxygen
         TronLink
         Terra Station
         Harmony
         MEW CX
         TON Crystal Wallet
         Math Wallet
         Guarda
         Yoroi
         BitApp Wallet
         iWallet
         Nifty Wallet
         Saturn Wallet
         Coin98 Wallet
         Coinbase Wallet
         EQUAL Wallet
      - VPN Clients
         NordVPN
         OpenVPN
         ProtonVPN
         PrivateVPN
         EarthVPN
      - FTP Clients
         32BitFTP
         AbleFTP (ALL VERSIONS)
         Automize (ALL VERSIONS)
         BitKinex
         BlazeFTP
         ClassicFTP
         CyberDuck
         DeluxeFTP
         EasyFTP
         Estsoft ALFTP
         Far2 FTP
         Far FTP
         Far Manager
         FlashFXP
         FTP Now
         FTPBox
         FTPGetter
         FTPInfo
         GoFTP
         JaSFTP (ALL VERSIONS)
         mRemoteNG
         NetDrive
         NetSarang
         NexusFile
         NovaFTP
         oZone3D MyFTP
         SFTP Drive
         Staff-FTP
         SmartFTP
         Sherrod FTP
         Total Commander
         WinFTP
         WinSCP
         FileZilla
      - SSH Clients
         Putty
         PuttyCM
         OpenSSH
         Mobaxterm
         Muon SSH
         Snowflake SSH
         KiTTY
      - Mail Clients
         Thunderbird
         MailBird
         Mailspring
         TheBat!
         Opera Mail
         PocoMail
         Postbox
         IncrediMail
         SendMail
         PostboxApp
      - Messangers
         PSI
         PSI+
         Pidgin
         Skype
         Telegram
         Utopia
         Slack
         WhatsApp
         Signal
         Paltalk
         RamBox
         TeamSpeak 3
         Trillian
         Flock
         Google Talk
      - Game Clients
         Minecraft
         Minecraft RedServer
         Minecraft loliland (-_-')
         Minecraft McSkill
         Minecraft LavaServer
         Minecraft VimeWorld
         Roblox
         Steam
         UPlay
         Battle.net
         Osu!
         Origin
         Kalypso Media
         Galcon Fusion
         Rogues Tale
         Turba
         Growtopia
         Pixel Worlds
         ClickWars2
     - Password Managment
         Authy Desktop
         WinAuth
         RoboForm
         1Password
         Dashlane
     - Database Software
         SquirrelSQL
         PostgreSQL
         Robomongo(Robo 3T)
         phpMyAdmin
     - Discord Tokens
         Discord
         Discord Canary
         Discord PTB
         Discord Development
         Lightcord
     - Downloaders
         Transmission
         qBittorrent
         IDM (Internet Download Manager)
         JDownloader
         Git
         GitHub Desktop
     - Product Keys
         Windows Prodoct Key
     - Others
         ShareX
         Binance
         IntelliForms
         Miranda
         XAMPP
         GNU Privacy Guard
         Notepad++
         SDRTrunk
         Microsoft Remote Desktop (RDP)
         TortoiseSVN
         Windows Credential Manager  (Credman)
         Windows AutoLogon
         Windows Credential Files
         WinRAR
         Winbox
         Windows Subsystem for Linux
         PHP Composer
         Apache Maven
         Plague Cheats Client
         ExpanDrive
         CoffeeCup Software
         Ngrok 
         OBS Studio
         Vitalwerks DUC (No-IP)
         Proxifier
         Apache Directory Studio
  - UPnP
      - Open Ports
      - Close Ports
  - DocX Infector
    - Injects your Template into all DocX files on host
  - Spreading
      - USB/External Drives
      - Binary Infection
      - Cloud Services (Dropbox, Google Drive, One Drive)
      - File Sharing Services (eMule, ICQ, eDonkey2000)
  - Crypto Clipper
    - Bitcoin
    - Etherum
    - Monero
    - Custom
      - Uses Regex Patterns to Match
  - Meterpreter
      - HTTP, HTTPS, TCP
  - Remote Shell
  - Reverce Socks5
  - DNS Blocker
  - Silent Installer
    - Silently Install .NET Framework
    - Silently Install MSI Installers
  - hVNC
    - Download and Injects small hVNC Client into Host

Linux Client

Features

 FULL UNICODE SUPPORT
 Advanced Anti-Forensics
   - Powerful Anti-Runtime Scan
   - Multipul Methods of VM & Sandbox Detection
   - Detect systems like any.run, VirusTotal and hybrid-analysis.com
   - Detection Responce System
   - Ping Jitter
 Campaign System
   - The client will not run in Countries you select

Commands

- DDoS
    - HTTP Get
    - TCP Flood
    - UDP Flood
    - ACE
    - GoldenEye
    - Hulk v3
    - SYN Flood
    - CCTV Flood
- CPU Loader
- System Log Clearer
- Kill Procces
- Kill Client
- Uninstall Client
- Update Client
- System Power Commands (Shutdown, Restart)
- Drive Formater
- Reverce Socks5
- HTTP Proxy
- DNS Blocker
- MicroServer
    - Run website hidden on the Host
    - SQL Database Support
    - TOR Hidden Service Support
- Remote Shell
- Spreading
    - USB/External Drives (lsblk)
    - Binary Infection
    - Cloud Services (Dropbox, Google Drive, One Drive)
- File Hunter
    - Search for File Types, Suffixes, Names, Patterns and more
    - Search Select Drives and Folders
    - Active Monitoring for External Drives, Phones and More
- File Dropper
    - Location on Host
    - File Name and Type
    - Date Created, Read and Edited
- Download and Run
    - Add to Startup (systemd, crontab, rc.local)
- Scripting
    - Python (Auto Detect)
    - Shell
- Torrent Seeder
    - Use Internal Torrent System

Android Client

TODO

Included Tools

  • Socks5 Client (GO - Cross)
  • Download and Run (GO - Cross)
  • Download and Inject (GO - Windows)
  • DigiSpark Scripts (Arduino)
    • Download and Run with UAC
  • File Size Pumper (GO - Cross)
  • hVNC Project (C++)
    • Based on TinyNukes hVNC
  • RDP Project (VB.net)
    • Basic RDP in VB.net
  • HTTP Relay (GO - Cross)
    • Forward connections from one server to the C2
  • Tor Relay (GO - Cross)
    • Forward connections through TOR to the C2
  • Runtime & Scantime Crypter Project (GO - Windows)

Install

TODO

Support

TODO

In-Development

- DDOS Anti-DDoS Bypasses (ALL CLIENTS)
    - BitMitigate Bypass
    - Cloudflare Bypass
    - Cloudsheild Bypass
    - DDOSGuard Bypass
    - Gamesense Bypass
    - GateHost Bypass
- Crypto Miners (ALL CLIENTS)
    - XMRig
    - Ethereum
- Remote Browser (WINDOWS ONLY)
- Remote Desktop (WINDOWS ONLY)
- Process Manager (ALL CLIENTS)
- File Manager (ALL CLIENTS)
- Anti Malware (ALL CLIENTS)
- Keylogger (LINUX)
- Meterpreter (LINUX)
     - HTTP, HTTPS, TCP
- Password Recovery (LINUX)
     - Chromium Based
         - Chrome
         - Chrome Beta
         - Chromium
         - Microsoft Edge Dev
         - Brave
         - Opera
         - Vivaldi
     - Firefox Based
         - Firefox
         - Firefox Beta
         - Firefox Dev
         - Firefox ESR
         - Firefox Nightly
     - Others
         - GNOME Keyring
         - Grub
         - Hisory Files
         - System Passowrd
         - Apache Directory Studio
     ++ Lots more...

Images

Available in the "Issues" Tab, Subject to change.

Future Plans

  • Finish Feature Set of Windows Client
  • Finish Feature Set of Linux Client
  • Finish Feature Set of Android Client
  • Clean code and Re-Organize
  • Extensive internal testing of all clients and features
  • ....
  • Release?

Donations and Support

Taking time out of my life to study, code and debug projects like these takes time and money away from me and my family, any support will be apricated and will aid in the future projects I am working on and plan to release. 

Please Donate To Bitcoin Address: 1AEbR1utjaYu3SGtBKZCLJMRR5RS7Bp7eE

Credits

TODO