In order to be in accordance with the law I removed some code from the client and the server.
You can easily find some replacement code by searching on github.
I also have to warn you that you can only use this code inside your own network.
I'm sure you'll all do it because thre's only good guys on github :-)
I made this POC to prove that you can build undetected malwares in javascript. At the time of the writing, the bot is not detected at all by virustotal.
The control center is written using electron framework, react and typescript.
In order to use it it's a bit hard, you have to do yarn install and yarn start inside the Server folder.
Once started you can click on "connect" to start listening on port 4444. A websocket server is instantiated and waiting for incoming connections.
The UI is designed to be ugly and not user friendly at all.
The bot is written in javascript and it's a simple websocket client listening for commands from the server.
The features I left are start with windows, hide window from desktop and download execute a remote file.
It's really easy to add a lot of new commands.
The bot is built with pkg, you can edit the config inside package.json.
At the beginning of the project I wanted to use the DDOS parts with workers because multi threading is cool. But pkg and nexe doesn't support the workers. If someone succeeded with it I'm interested in a pull request.