Mirai Source Code

This repository contains the source code for a C-based network botnet designed to compromise Internet of Things devices. It serves as a functional implementation of malware used for security research, behavioral analysis, and the development of threat detection signatures.

The project includes a command and control server architecture that manages infected devices via a custom binary protocol and TCP-based command distribution. It employs a cross-compilation toolchain to build and deliver architecture-specific binary payloads across multiple hardware platforms.

The codebase covers capabilities for credential-based brute forcing to spread across network ports and multi-platform target mapping. It provides a dataset for studying malware propagation patterns, simulating network communications, and creating intrusion detection rules based on the botnet's internal logic.

Features

C2 Command Protocols - Provides a central controller architecture that manages infected devices via a custom binary protocol and TCP distribution.

Cross-Compilation Toolchains - Utilizes a cross-compilation toolchain to build executable payloads for multiple different IoT hardware architectures.

Encrypted TCP Command Channels - Uses persistent TCP socket connections to distribute commands for real-time remote execution across a botnet.

C-Based Botnets - Implements a network-based botnet written in C that targets multiple hardware architectures and embedded devices.

IoT Malware Implementations - Provides a functional implementation of malware designed to compromise IoT devices via telnet brute-forcing.

Mirai-Based Botnets - Provides the original source code for a Mirai-based botnet used for creating threat detection signatures.

Multi-Stage Payload Delivery - Implements a multi-stage delivery chain using droppers and stagers to deploy architecture-specific binaries to IoT devices.

Credential Brute-Forcing - Spreads across network ports by attempting to authenticate using a predefined list of common default credentials.

Malware Datasets - Serves as a codebase for security researchers to analyze botnet C2 protocols and develop indicators of compromise.

Intrusion Detection Signatures - Provides a basis for creating network rules and antivirus signatures based on actual botnet logic.

Architecture Mapping - Identifies and targets specific device architectures to ensure the correct binary payload is delivered to matching hardware.

Botnet Protocol Simulations - Enables deploying controllers and loaders in isolated networks to analyze the protocols used between bots and servers.

Network Architecture Simulations - Provides an environment to simulate the interactions and communications between bot controllers and infected clients.

Detection Signature Development - Implements logic that can be used to develop antivirus signatures and intrusion detection rules.

IoT Security Analysis Tools - Facilitates security research on IoT devices by testing compatibility and vulnerabilities using architecture-specific binaries.

Malware Analysis - Allows researchers to study how botnets propagate through weak credentials and how remote servers manage infected devices.

jgamblinMirai-Source-Code

Features

Star history