{ "id": "3b1e803e-fd6f-49d2-9c36-badfa526485c", "created_at": "2026-04-06T00:17:17.110573Z", "updated_at": "2026-04-10T03:21:17.510666Z", "deleted_at": null, "sha1_hash": "7088b9f79618639d24ea40e1ddf56e4a11dfa02e", "title": "GitHub - sweetsoftware/Ares: Python botnet and backdoor", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50134, "plain_text": "GitHub - sweetsoftware/Ares: Python botnet and backdoor\r\nBy sweetsoftware\r\nArchived: 2026-04-05 23:22:49 UTC\r\nAres is a Python Remote Access Tool.\r\nWarning: Only use this software according to your current legislation. Misuse of this software can raise\r\nlegal and ethical issues which I don't support nor can be held responsible for.\r\nAres is made of two main programs:\r\nA Command aNd Control server, which is a Web interface to administer the agents\r\nAn agent program, which is run on the compromised host, and ensures communication with the CNC\r\nThe Web interface can be run on any server running Python. The agent can be compiled to native executables\r\nusing pyinstaller.\r\nSetup\r\nInstall the Python requirements:\r\npip install -r requirements.txt\r\nInitialize the database:\r\ncd server\r\n./ares.py initdb\r\nIn order to compile Windows agents on Linux, setup wine (optional):\r\n./wine_setup.sh\r\nServer\r\nRun with the builtin (debug) server:\r\n./ares.py runserver -h 0.0.0.0 -p 8080 --threaded\r\nOr run using gunicorn:\r\nhttps://github.com/sweetsoftware/Ares\r\nPage 1 of 3\n\ngunicorn ares:app -b 0.0.0.0:8080 --threads 20\r\nThe server should now be accessible on http://localhost:8080\r\nAgent\r\nRun the Python agent (update config.py to suit your needs):\r\ncd agent\r\n./agent.py\r\nBuild a new agent to a standalone binary:\r\n./builder.py -p Linux --server http://localhost:8080 -o agent\r\n./agent\r\nTo see a list of supported options, run ./builder.py -h\r\n./agent/builder.py -h\r\nusage: builder.py [-h] -p PLATFORM --server SERVER -o OUTPUT\r\n [--hello-interval HELLO_INTERVAL] [--idle_time IDLE_TIME]\r\n [--max_failed_connections MAX_FAILED_CONNECTIONS]\r\n [--persistent]\r\nBuilds an Ares agent.\r\noptional arguments:\r\n -h, --help show this help message and exit\r\n -p PLATFORM, --platform PLATFORM\r\n Target platform (Windows, Linux).\r\n --server SERVER Address of the CnC server (e.g http://localhost:8080).\r\n -o OUTPUT, --output OUTPUT\r\n Output file name.\r\n --hello-interval HELLO_INTERVAL\r\n Delay (in seconds) between each request to the CnC.\r\n --idle_time IDLE_TIME\r\n Inactivity time (in seconds) after which to go idle.\r\n In idle mode, the agent pulls commands less often\r\n (every \u003chello_interval\u003e seconds).\r\n --max_failed_connections MAX_FAILED_CONNECTIONS\r\n The agent will self destruct if no contact with the\r\n CnC can be made \u003cmax_failed_connections\u003e times in a\r\n row.\r\n --persistent Automatically install the agent on first run.\r\nhttps://github.com/sweetsoftware/Ares\r\nPage 2 of 3\n\nSupported agent commands\r\n\u003cany shell command\u003e\r\nExecutes the command in a shell and return its output.\r\nupload \u003clocal_file\u003e\r\nUploads \u003clocal_file\u003e to server.\r\ndownload \u003curl\u003e \u003cdestination\u003e\r\nDownloads a file through HTTP(S).\r\nzip \u003carchive_name\u003e \u003cfolder\u003e\r\nCreates a zip archive of the folder.\r\nscreenshot\r\nTakes a screenshot.\r\npython \u003ccommand|file\u003e\r\nRuns a Python command or local file.\r\npersist\r\nInstalls the agent.\r\nclean\r\nUninstalls the agent.\r\nexit\r\nKills the agent.\r\nhelp\r\nThis help.\r\nSource: https://github.com/sweetsoftware/Ares\r\nhttps://github.com/sweetsoftware/Ares\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "ETDA" ], "references": [ "https://github.com/sweetsoftware/Ares" ], "report_names": [ "Ares" ], "threat_actors": [], "ts_created_at": 1775434637, "ts_updated_at": 1775791277, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7088b9f79618639d24ea40e1ddf56e4a11dfa02e.pdf", "text": "https://archive.orkl.eu/7088b9f79618639d24ea40e1ddf56e4a11dfa02e.txt", "img": "https://archive.orkl.eu/7088b9f79618639d24ea40e1ddf56e4a11dfa02e.jpg" } }