BYOB – Build Your Own Botnet

Share this…

Software for testing under authorization or for strictly academic purposes

BYOB is an open source project that provides a framework for researchers and experts in ethical hacking to build and operate a basic botnet to deepen their understanding on the sophisticated malware that infects millions of devices every year and generates modern botnets to improve their ability to develop tools against these threats.

According to specialists in ethical hacking from the International Institute of Cyber Security, BYOB is designed to allow developers to easily implement their own code and add new features without having to write a RAT (remote access tool) or a C2 (command and control server) from the beginig.

The key feature of the RAT is that arbitrary codes or files can be loaded remotely into memory from C2 and run on the receiving machine without writing anything on the disk.


Generate fully undetectable customers with useful phase loads, remote imports and unlimited post-exploitation modules.

  • Remote imports: Import third-party packages from the server without writing to the disk or downloading or installing
  • Anything written to the disk: Customers never write anything on the disk, not even temporary files because the Remote imports allow arbitrary code to be loaded dynamically into memory and imported directly into the current
  • Zero dependencies process (not even Python): Client runs only with standard Python library, import remotely Any non-standard server package and can be compiled with a Python interpreter, allowing you to run on anything, even when Python is not on the target host
  • Add new features with 1 click: Any script, module, or package Python copy to the directory./byob/modules/automatically becomes importable remotely
  • write your own modules: A basic module template is provided in the directory./byob/modules/to write your own modules is a Hassle-free process
  • Run unlimited modules without increasing file size: Use remote imports to add unlimited functions without adding a single byte to the client’s files
  • Fully updatable: Each client will verify Periodically the server to see if new content is available for remote import, and will dynamically update its resources in memory if something has been added or deleted


Post-exploitation modules that customers can import remotely.

  • Keylogger (byob.modules.keylogger): Registers user beats and the name of the window entered
  • Screenshot (byob.modules.screenshot): Takes a screenshot from the desktop of the user
  • Webcam ( Starts a transmission in Live or capture images or video from the webcam
  • Ransom (byob.modules.ransom): Encrypt files and generate a Bitcoin online portfolio for payment of the  ransom
  • Outlook (byob.modules.outlook): Read, search and load emails from the local Outlook client
  • Phone ( Reads, searches and loads text messages from the client’s smartphone
  • Privilege escalation (byob.modules.escalate): Attempts to bypass UAC for unauthorized administrator privileges
  • PortScanner (byob.modules.portscanner): Scans the local network for other online devices and open ports


  • Modules of the framework used by the generator and the server.
  • Utilities (byob.core.util): Several utility functions that are used by many modules
  • Security ( Diffie-Hellman IKE and 3 encryption modes (AES-256-OCB, AES-256-CBC, XOR-128)
  • Loaders (byob.core.loaders): Imports remotely any package/module/scripts from the server Payloads (byob.core.payloads): Reverse Shell TCP designed to remotely import dependencies, packages, and modules
  • Stagers (byob.core.stagers): Generates unique payload stagers to avoid scanning and detection Generators (byob.core.generators): Functions that generate code dynamically for the client’s generator
  • Database (byob.core.database): Manages the interaction between the command and control server and the database

Specialists in ethical hacking from the International Institute of Cyber security believe that tools such as BYOB can be useful to understand the behavior of botnets and thus be better prepared for a possible attack.