Git Product home page Git Product logo

bamf's Introduction

BAMF

Botnet Analysis Modular Framework

BAMF is a modular framework designed to be a platform to perform various forms of analysis against botnets. Since botnets are an expansive and evolving form of malware, this framework is also expansive and evolving. From gathering information from samples statically, to exploiting the command and control panels, this framework hopes to cover the whole process.

Note: Until I have more time to actually design a v1, I will mostly be uploading different PoCs to this repository into the IntegrationQueue folder. The purpose of the IntegrationQueue is ideas to incorporate into the design and to store proof of concepts.

bamfdetect has moved to https://github.com/bwall/bamfdetect

Parts

At this point in time, I have decided to break BAMF up into multiple interfacing scripts serving different purposes. This makes designing quite a bit easier and decreases the requirements for a module. The proposed parts are as follows (although more tools may be added in the future):

In Progress:

  • bamfdetect - Parse binary files and scripts detecting known bots. Also capable of extracting configuration information from the bot. This project has moved to https://github.com/bwall/bamfdetect

Concept Only:

  • bamfident - Identify botnet panel from URI
  • bamfwatch - Parsing pcap or live traffic, identifying known botnet traffic and logging it
  • bamfstalk - Monitor the external command structure for a botnet, essentially pretending to be a bot
  • bamfbrute - Brute force login credentials to the botnet command and control
  • bamfdump - Dump information from the command and control panel (database, credentials, logs, etc)

Versions

Since this framework is still forming, and development is primarily done in limited free time, different parts of this project may be at varying states of stability.

  • Stub - This means functionality is yet to exist, and any results returned may be purely for testing purposes. The stub's interface may change.
  • Experimental - This means functionality/design/execution are still being experimented with. This means the interface may change, and may not be good to base other tools around.
  • RC - Release candidates are closer to stable. There are less chances of changes to the interface. Changes are likely to be limited to additions.

bamf's People

Contributors

bwall-slave avatar bwall avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.