mirror of
https://github.com/jgamblin/Mirai-Source-Code
synced 2025-09-02 02:48:03 +00:00
Respected Author jgamblin of Mirai-Source-Code, ✍️ I Improved README.md with research and usage guidelines (#46)
* added readme.md * modified README.md * modified README.md * modified README.md * Revise and expand README with setup and safety info The README has been restructured to provide clearer setup instructions, detailed requirements, and explicit legal and security disclaimers. Additional sections such as table of contents, references, credits, and acknowledgments have been added to improve clarity and accessibility for cybersecurity research purposes. --------- Co-authored-by: Jerry Gamblin <jerry.gamblin@gmail.com>
This commit is contained in:
enp7s0d
172
README.md
172
README.md
@@ -1,24 +1,160 @@
|
||||
# Mirai BotNet
|
||||
Leaked Linux.Mirai Source Code for Research/IoT Development Purposes
|
||||
# Mirai Source Code (FOR EDUCATIONAL & RESEARCH| `README.md` | You're reading it |
|
||||
|
||||
Uploaded for research purposes and so we can develop IoT and such.
|
||||
---
|
||||
|
||||
See "ForumPost.txt" or [ForumPost.md](ForumPost.md) for the post in which it
|
||||
leaks, if you want to know how it is all set up and the likes.
|
||||
## 🔧 Requirements
|
||||
|
||||
## Requirements
|
||||
* gcc
|
||||
* golang
|
||||
* electric-fence
|
||||
* mysql-server
|
||||
* mysql-client
|
||||
Before building and running this code, ensure you have the following installed on a **Linux host**:
|
||||
|
||||
## Credits
|
||||
[Anna-senpai](https://hackforums.net/showthread.php?tid=5420472)
|
||||
- `gcc` - GNU Compiler Collection
|
||||
- `golang` - Go programming language
|
||||
- `electric-fence` - Memory debugging library
|
||||
- `mysql-server` - MySQL database server
|
||||
- `mysql-client` - MySQL database client
|
||||
- `build-essential` - Essential build tools
|
||||
- `crossbuild-essential-armel` - Cross-compilation tools for ARM
|
||||
|
||||
## Disclaimer
|
||||
This repository is for academic purposes, the use of this software is your
|
||||
responsibility.
|
||||
**Additional Resources:**
|
||||
- For detailed setup instructions and background information, refer to the original leak post in `ForumPost.txt` or view the formatted version at [ForumPost.md](ForumPost.md).
|
||||
|
||||
|
||||
⚠️ **CRITICAL DISCLAIMER**
|
||||
This repository contains the leaked source code of the **Mirai botnet**, originally created to infect IoT devices and launch large-scale DDoS attacks. This code is provided **strictly for cybersecurity research, reverse engineering, malware analysis, and detection development purposes only**.
|
||||
|
||||
**⚠️ WARNING: Do not use this code to attack or scan any real devices or networks. Unauthorized use is illegal and violates GitHub policy.**
|
||||
|
||||
**🛡️ SECURITY NOTICE:** The [zip file](https://www.virustotal.com/en/file/f10667215040e87dae62dd48a5405b3b1b0fe7dbbfbf790d5300f3cd54893333/analysis/1477822491/) for this repo is being identified by some AV programs as malware. Please take caution.
|
||||
|
||||
---
|
||||
|
||||
## 📋 Table of Contents
|
||||
|
||||
- [About Mirai](#-about-mirai)
|
||||
- [Repository Structure](#-repository-structure)
|
||||
- [Requirements](#-requirements)
|
||||
- [How to Use (Lab Research Only)](#️-how-to-use-for-lab-research-only)
|
||||
- [Learning Use Cases](#-learning-use-cases)
|
||||
- [Do NOT Use For](#-do-not-use-for)
|
||||
- [References](#-references)
|
||||
- [Credits](#-credits)
|
||||
- [Acknowledgments](#-acknowledgments)
|
||||
|
||||
---
|
||||
|
||||
## 📌 About Mirai
|
||||
|
||||
Mirai is a malware botnet that infects Internet of Things (IoT) devices using default or weak login credentials. Once infected, these devices are controlled by a command-and-control (CnC) server and can be used to launch DDoS attacks.
|
||||
|
||||
This repo is a fork of the original leaked source code and includes components such as:
|
||||
- The bot (runs on IoT devices)
|
||||
- The CnC server
|
||||
- The loader (infects devices)
|
||||
- Scanning and deployment scripts
|
||||
|
||||
---
|
||||
|
||||
## 📁 Repository Structure
|
||||
|
||||
| Folder/File | Description |
|
||||
|-------------------|-------------------------------------------------------|
|
||||
| `mirai/` | Core malware source code (bot + CnC server) |
|
||||
| `loader/` | Infects vulnerable devices using telnet brute-force |
|
||||
| `dlr/` | Possibly supports payload delivery (optional) |
|
||||
| `scripts/` | Scripts for building and managing the malware |
|
||||
| `ForumPost.txt` | Original forum post by author explaining Mirai |
|
||||
| `LICENSE.md` | License as included in original leak (not official) |
|
||||
| `README.md` | You’re reading it |
|
||||
|
||||
---
|
||||
|
||||
## ⚙️ How to Use (FOR LAB RESEARCH ONLY)
|
||||
|
||||
> You must use **isolated VMs** or an offline network. Never run this on a real device or public network.
|
||||
|
||||
### 🔧 1. Prerequisites
|
||||
|
||||
Install on a **Linux host**:
|
||||
|
||||
```bash
|
||||
sudo apt update
|
||||
sudo apt install gcc make build-essential git crossbuild-essential-armel -y
|
||||
```
|
||||
|
||||
## 🔨 2. Clone the Repository
|
||||
|
||||
```bash
|
||||
git clone https://github.com/jgamblin/Mirai-Source-Code.git
|
||||
cd Mirai-Source-Code
|
||||
```
|
||||
|
||||
## 🔨 3. Build the Bot and CnC
|
||||
|
||||
```bash
|
||||
./build.sh
|
||||
```
|
||||
|
||||
This will:
|
||||
|
||||
* Cross-compile the bot for different IoT architectures (MIPS, ARM, etc.)
|
||||
|
||||
* Compile the CnC server for your local machine
|
||||
|
||||
You can customize the build script and source code paths if needed.
|
||||
|
||||
## 🧪 4. Setup a Test Lab (Recommended)
|
||||
|
||||
Create a virtual lab with:
|
||||
|
||||
* 1 Ubuntu VM for CnC and loader
|
||||
|
||||
* 1 or more OpenWRT/Linux VMs simulating IoT devices
|
||||
|
||||
Use Host-Only or Internal Networking mode to keep the lab isolated.
|
||||
|
||||
## 🕹 5. Running Components
|
||||
|
||||
* Start the CnC server (mirai/cnc/cnc)
|
||||
|
||||
* Run the loader to infect virtual IoT VMs
|
||||
|
||||
* Observe communication logs, infection, and payload delivery
|
||||
|
||||
## ✅ Learning Use Cases
|
||||
|
||||
You can use this source code to:
|
||||
|
||||
* Understand how botnets spread through weak credentials
|
||||
|
||||
* Reverse engineer malware behavior
|
||||
|
||||
* Write intrusion detection rules (YARA, Snort, Suricata)
|
||||
|
||||
* Develop antivirus and botnet defenses
|
||||
|
||||
* Study CnC-to-bot protocol and build simulators
|
||||
|
||||
## ❌ Do NOT Use For
|
||||
|
||||
* Scanning or infecting real IoT devices
|
||||
|
||||
* DDoS attacks
|
||||
|
||||
* Deploying the bot to the public internet
|
||||
|
||||
Any such use is illegal and against GitHub policy.
|
||||
|
||||
## 📚 References
|
||||
|
||||
* [Original Leak on Hackforums (2016)](https://hackforums.net/showthread.php?tid=5420472)
|
||||
* [DDoS Analysis of Mirai by MalwareMustDie](https://blog.malwaremustdie.org/2016/10/mmd-0056-2016-new-mirai-elf-botnet.html)
|
||||
* [US-CERT Alert TA16-288A](https://www.cisa.gov/news-events/alerts/2016/10/14/alert-ta16-288a)
|
||||
|
||||
## 👨💻 Credits
|
||||
|
||||
**Original Author:** [Anna-senpai](https://hackforums.net/showthread.php?tid=5420472) - Original Mirai botnet source code leak (2016)
|
||||
*Note: The original forum appears to be inactive as of now.*
|
||||
|
||||
## 🙏 Acknowledgments
|
||||
|
||||
Special thanks to [Pushpenderrathore](https://github.com/Pushpenderrathore) for the improved README structure and comprehensive documentation that makes this educational resource more accessible for cybersecurity research.
|
||||
|
||||
## Warning
|
||||
The [zip file](https://www.virustotal.com/en/file/f10667215040e87dae62dd48a5405b3b1b0fe7dbbfbf790d5300f3cd54893333/analysis/1477822491/) for this repo is being identified by some AV programs as malware. Please take caution.
|
||||
|
||||
Reference in New Issue
Block a user