Before building and running this code, ensure you have the following installed on a Linux host:
gcc- GNU Compiler Collectiongolang- Go programming languageelectric-fence- Memory debugging librarymysql-server- MySQL database servermysql-client- MySQL database clientbuild-essential- Essential build toolscrossbuild-essential-armel- Cross-compilation tools for ARM
Additional Resources:
- For detailed setup instructions and background information, refer to the original leak post in
ForumPost.txtor view the formatted version at ForumPost.md.
This repository contains the leaked source code of the Mirai botnet, originally created to infect IoT devices and launch large-scale DDoS attacks. This code is provided strictly for cybersecurity research, reverse engineering, malware analysis, and detection development purposes only.
🛡️ SECURITY NOTICE: The zip file for this repo is being identified by some AV programs as malware. Please take caution.
- About Mirai
- Repository Structure
- Requirements
- How to Use (Lab Research Only)
- Learning Use Cases
- Do NOT Use For
- References
- Credits
- Acknowledgments
Mirai is a malware botnet that infects Internet of Things (IoT) devices using default or weak login credentials. Once infected, these devices are controlled by a command-and-control (CnC) server and can be used to launch DDoS attacks.
This repo is a fork of the original leaked source code and includes components such as:
- The bot (runs on IoT devices)
- The CnC server
- The loader (infects devices)
- Scanning and deployment scripts
| Folder/File | Description |
|---|---|
mirai/ |
Core malware source code (bot + CnC server) |
loader/ |
Infects vulnerable devices using telnet brute-force |
dlr/ |
Possibly supports payload delivery (optional) |
scripts/ |
Scripts for building and managing the malware |
ForumPost.txt |
Original forum post by author explaining Mirai |
LICENSE.md |
License as included in original leak (not official) |
README.md |
You’re reading it |
You must use isolated VMs or an offline network. Never run this on a real device or public network.
Install on a Linux host:
sudo apt update
sudo apt install gcc make build-essential git crossbuild-essential-armel -ygit clone https://github.com/jgamblin/Mirai-Source-Code.git
cd Mirai-Source-Code./build.shThis will:
-
Cross-compile the bot for different IoT architectures (MIPS, ARM, etc.)
-
Compile the CnC server for your local machine
You can customize the build script and source code paths if needed.
Create a virtual lab with:
-
1 Ubuntu VM for CnC and loader
-
1 or more OpenWRT/Linux VMs simulating IoT devices
Use Host-Only or Internal Networking mode to keep the lab isolated.
-
Start the CnC server (mirai/cnc/cnc)
-
Run the loader to infect virtual IoT VMs
-
Observe communication logs, infection, and payload delivery
You can use this source code to:
-
Understand how botnets spread through weak credentials
-
Reverse engineer malware behavior
-
Write intrusion detection rules (YARA, Snort, Suricata)
-
Develop antivirus and botnet defenses
-
Study CnC-to-bot protocol and build simulators
-
Scanning or infecting real IoT devices
-
DDoS attacks
-
Deploying the bot to the public internet
Any such use is illegal and against GitHub policy.
Original Author: Anna-senpai - Original Mirai botnet source code leak (2016)
Note: The original forum appears to be inactive as of now.
Special thanks to Pushpenderrathore for the improved README structure and comprehensive documentation that makes this educational resource more accessible for cybersecurity research.