Isiaon/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR

i am not responsible for any damage you do using this!

Modern Cross-Platform HTTP-Based P2P Botnet over TOR that cannot be traced Design is based off intelligence agencies structures for reasoning behind this design check spec.txt

Pitraix has ability to self modify it's own code which results in a completely different executable in terms of hash on every Host infection.

it is done automatically and does not need operator intervention.

Pitraix works on windows 7 all way to windows 11 as well as linux

it has ability to automatically privilege escalate on linux and windows

on linux it does so by keylogging password when user runs "sudo" or "doas"

on windows it uses a modified version of UACME (work in progress)

  • This release will only include windows version, next release will be linux as I iron out bugs from linux port

Pitraix automatically chooses different persistence locations on every host Names of config files, pitraix it's self and more are all dynmically generated to confuse anti-viruses

  • Hosts don't know each other, not even their their tor onion address

  • Agents are hosts but have tor onion address of other hosts, agents relay instructions from operative to hosts. for reasoning behind this design check spec.txt

  • Operatives are camaoflagued as agents to protect against advanced network timing and packets attacks over tor

  • State-of-art encryption using AES-256 and public key crypto

  • Peer-to-Peer over TOR

  • Advanced Anti-VM detection

  • Ability to keylog cross-platform even when run as user and not root

  • Dynamic behaviour

  • Built-in crypter

  • Built-in ransomware that never stores keys on HOST (I am not responsible how you use this)

  • Auto disable backup like Volume shadow copy, onedrive and windows backup

  • Readiable code easy to modify, not alot of scattered files

  • Events are anything interesting that happens on a host computer, currently it's tied only to keylogger

  • Logs are mainly used for debugging behaviour and errors

Picture of working OPER

  • Type "help" in OPER for list of commands

  • This is a oldi-sh version of Pitraix, more advanced options will be added soon as I work on ironing out bugs

  • For example python and powershell Modules support will be added soon alongside alot of bug fixes

  • Please read spec.txt for more techincal information

Operative/OPER means the botmaster

Agent/AGS means a host that can relay instructions

Host/HST means a host that does not relay instructions

Instructions mean commands

Host means a bot

Hostring/cell means botnet

  • Put your RSA key PEM encoded in OPER.go

  • Set up a hidden TOR service on port 1337 and place your tor address in lyst.go

  • You don't to have TOR service on all time, as this is peer to peer. also your tor address embdedded inside will change to other hosts addresses automatically by crypter

have fun

Last updated