This project simulates a custom botnet in a secure and fully isolated VirtualBox environment. It includes:
- A Flask-based Command and Control (C2) dashboard
- Python-based malware agents (bots) for Linux and Windows
- A target server to demonstrate DDoS and scanning modules
- Basic Wireshark-based traffic analysis
⚠️ This project is strictly for educational and research purposes. All simulations were conducted in a closed, offline environment.
- Simulate botnet behavior using modular bots
- Implement C2 dashboard for remote task control
- Explore malware modules (keylogger, scanner, DDoS, etc)
- Monitor traffic using Wireshark
- Ensure complete ethical containment in a virtual lab
| Component | Technology |
|---|---|
| Bots | Python |
| C2 Server | Flask |
| Target Server | Ubuntu + Flask |
| Monitoring | Wireshark |
| VMs | VirtualBox/VMWare/VPN |
modular-botnet-simulation/
├── bot/ # Linux and Windows bot clients
│ ├── bot.py
│ ├── bot.exe # Windows binary file for bot
│ ├── bot # Linux binary file for bot
│ ├── wordlist.txt # Test wordlist for bruteforce attack on Test Website
│ ├── <all_modules>.py
│ └── requirements.txt
├── c2_server/ # Flask-based C2 interface
├── dos_target/ # Flask server to simulate DDoS attack
├── analysis/ # Wireshark logs, screenshots
├── docs/ # Scope, Report, Presentation (PDF)
├── requirements.txt
└── README.md
Keylogger: Captures keystrokesDoS: HTTP flood on target servernet_scan: Scans the network in which the bot is connected and sends the hosts that are up. (Not accurate)port_scan: Scans common ports on hosts that are upbrute_force: Can perform bruteforce operations on SSH/FTP/HTTP-LOGINstealer: Steals known secrets/credentials from Linux-(Fails to steal browser creds), on Windows only steals browser creds (only for chromium based browsers)spyware: Gets clipboard as well as captures screenshots
- Configure Virtual Environment using Virtualization or a VPN
- Create VMs for:
- Kali Linux (C2)
- Debian/Ubuntu (Linux bots)
- Windows VM (optional Windows bot)
- Ubuntu server (target)
Make sure all virtual machines are on the same local area network (LAN).
git clone https://github.com/buggymaytricks/ECSIP-botnet-sim-and-analysis.git
cd ECSIP-botnet-sim-and-analysis
cd c2_server
pip3 install -r requirements.txt
python3 server.pyNow you can send the binaries on the desired VMs
Run the bot.exe file
#It will ask for the servers IP enter the IP and hit enter
./bot
#It will ask for the servers IP enter the IP and hit enter- Access dashboard via browser (
http://<C2-IP>:5000) - View connected bots, run modules and monitor responses
- Filter packets by IP or protocol:
http.requestip.addr == <bot-ip>
- Observe command traffic and DDoS flood patterns
- Communication not encrypted (no HTTPS)
- Static polling interval (no randomized beaconing)
- No real propagation
- Implement AES encryption for bot-C2 traffic
- Build a graphical dashboard with real-time bot telemetry
- Add ML-based traffic anomaly detection
- Simulate DNS or covert-channel based communication
This simulation is intended only for ethical learning and cybersecurity education. All components were run on internal, offline VMs. Do not deploy in real or online environments.