DebugBot Panel

Dashboard

0

Online Clients

0 B

Inbound traffic

0 B

Outbound traffic

-

Listening Ports

Connected Clients

#	User@PC	IP	OS	AV	Country	Tag	Runtime	Loader ID	Bkup C2	Actions

Clients

🌐 Push new C2 / domain (all or selected clients)

Admin only. Sends a live update: clients apply the new host list (with ports), then disconnect and reconnect. Same format as the builder: primary + up to 2 backups.

Primary

Port

Backup 1

Port

Backup 2

Port

	#	Nickname	User@PC	IP	OS	Account	Country	AV	Tag	Loader ID	Bkup C2	Heal	RT	Connected	Actions

Last file saved on panel disk:

Nickname:

Property	Value

PID	Name	Window Title	Actions

⬇ = download to browser · ⬆ = save to panel only (Clients/…/Downloads)

Type	Name	Size	Modified	Actions

Name	Path	Type	Actions

Process	Local Address	Local Port	Remote Address	Remote Port	State	Actions

📁 Subkeys

Key	Has SubKeys	Actions

📝 Values

Name	Type	Data	Actions

Click ▶ Start to begin Remote Desktop

Click ▶ Start to begin Webcam

Microphone capture stopped. Audio data is received server-side.

System audio capture stopped. Audio data is received server-side.

Click ▶ Start to begin HVNC

Clipboard Monitor

Replacement Address (for crypto address swap)

Last Clipboard Content

Password recovery is implemented in the native and managed clients. Gecko (Firefox): use a normal or Store install; close Firefox if NSS fails. Chromium may need a closed browser for locked DBs.

No scan stats yet.

Application	URL	Username	Password	Source	Profile

Click "Get Logs Directory" to browse keylogger files. Use Save … to server to store copies on this panel machine under Client Data → Downloads (manual pull).

Reverse Proxy (SOCKS)

Target

Port

Proxy not running.

Plugin Manager

Plugin DLL (base64)

Plugin ID

Type Name

Method Name

Caption

Text

Button

Icon

URL

Hidden (background)

Quick Commands

PPTP VPN (Windows clients)

Runs powershell -EncodedCommand on each Windows agent: Add-VpnConnection (PPTP) + optional rasdial. Random user/pass each run (add the same pair on your VPN server / chap-secrets). RRAS install is on the server, not here.

Encryption Auth

If Optional fails, retry with Required (2012 / older clients)

Split tunneling (Win10+; may fail on old OS)

Connect immediately (rasdial)

Fun Stuff

🖼️ Change Wallpaper

Remote Execute

Execute from URL

Or Upload File (base64)

Update (replace client) .NET In-Memory RunPE

RunPE Target

Custom Path

💉 Inject Shellcode

Upload a raw shellcode binary (.bin) file to inject into the client process.

Shellcode File (.bin)

📦 Inject DLL

Upload a DLL file to inject into the client process.

DLL File (.dll)

Virtual Monitor

Install or uninstall a virtual monitor driver on the client machine. Useful for HVNC/RDP on headless systems.

Status: Unknown

Click "Check Status" to query the client.

Update Client

Push a new client version via URL. The current client will download and replace itself.

Update URL

.NET In-Memory Execution

Elevation / UAC

Client Actions

WinRE Persistence

Install/remove persistence in Windows Recovery Environment.

Custom WinRE File

Specify a custom file to be executed on WinRE boot.

File Path

Arguments

Client Builder

Panel build: Native C++ — Windows PE, no .NET on the target machine. | .NET managed — project DebugBot.Client (net48 / WinForms); requires .NET Framework 4.8 installed on the PC.

Zero-Click Exploits with the loader for client.

.NET managed is selected: build DebugBot.Client outside the panel (VS / dotnet, net48). Place client.bin in server output/ for downloads. Build Client / Main+Loader below still run the native C++ toolchain only.

Build Progress C++ native

🔑 Mutex Database

All mutexes from client builds are saved here. Click a mutex to load it into the builder.

Mutex	Tag	Profile	Hosts	Build Date	Builds	Actions

📴 Offline Clients

Previously connected clients that are now offline.

Nickname	User@PC	IP	OS	Antivirus	Country	Tag	Account	First Seen	Last Seen	Actions

📈 Statistics

0

Total Clients (All Time)

0

🖥️ OS Distribution

Operating System	Count	%

🌍 Country Distribution (Map)

Country	Count	%

👤 Account Type

Account Type	Count	%

🏷️ Tag Distribution

Tag	Count	%

💰 Crypto Clipper

Configure cryptocurrency address replacements. When a client detects a crypto address in the clipboard, it will be swapped with yours.

Enable Crypto Clipper

Bitcoin (BTC)

Ethereum (ETH)

Monero (XMR)

Litecoin (LTC)

Bitcoin Cash (BCH)

Ripple (XRP)

Doge (DOGE)

Dash (DASH)

🤖 Auto Tasks

Define tasks that execute automatically when a client connects.

Task Title

Task Type

Mode

Caption

Text

Button

Icon

Configured Tasks

Title	Type	Mode	Parameters	Actions

🔔 Notifications

Time	Client	Event	Details

Server Settings

Listener Port

IPv6

Auto-Listen on Startup

Enable UPnP

Show Popup on Connect

🔐 Server certificate (PFX)

PFX is the most convenient, fully local format: one file with certificate and private key. No hardware token or cloud required. Used for TLS and client build signing. Restart server for certificate change to take effect.

Certificate path (.pfx or .p12)

PFX password (optional)

🌐 Panel HTTPS (loader downloads)

Recovery loader uses URLDownloadToFile on https:// ticket URLs. Enable a TLS listener (same PFX) on port 443 so clients can fetch the main EXE without a custom port. Changing these options requires a full process restart (not only “Restart server”).

Listen for panel on HTTPS (PFX)

HTTPS port

Public loader base URL(s) (optional)

Separate multiple bases with ; or new lines. Loader / heal builds embed the same ticket on every base so downloads work when any domain reaches this server.

Download tickets are signed with DebugStuff/download-ticket-secret.bin. Rotating the secret invalidates every existing ticket URL immediately.

💾 Client data / downloads

Applies to Clients/*/Downloads on this machine. Set 0 to disable a limit.

Delete downloads older than (days)

Max total size per client folder (MB)

VirusTotal API key (optional — SHA256 lookup after each completed pull)

🔧 Native builder — block algorithms & optional controls

Block algorithms you no longer want (burned by AV / outdated). The builder droplist hides them; the server also rejects a build that still uses a blocked value. If every option in a group is blocked, you must un-block at least one before saving.

Hide optional “Encryption & obfuscation” controls (checkboxes and obfuscation level) on the Builder tab (operators only see a simpler list).

Audit logs

Tail export of security-audit.log and download-audit.log (DebugStuff). Panel file pulls are logged as panel_file_pull. Default max 256 KB per file.

📜 Code signing (SmartScreen / EV)

MS SmartScreen trusts signed EXEs. Use an EV or standard code signing PFX; each build will be signed after compile. On Linux the server uses osslsigncode (install it for PFX signing). EV certs on hardware tokens usually require signing on Windows with signtool.

Code sign PFX path (.pfx / .p12)

Code sign PFX password (optional)

Timestamp URL (recommended for SmartScreen)

📱 Telegram Notifications

Bot Token

Chat ID

Enable Telegram Notifications

🔑 Notification Keywords

Keywords to monitor for in client activity. One per line.

🔐 Account Security

Username

Current Password

New Password

Confirm New Password

Two-factor (2FA)

Option A: time-based code from an app (Google Authenticator, Aegis, etc.). Option B: one-time recovery codes if you lose the phone.

Loading…

Add this key in your app (or scan otpauth URI into the app):

Current password 6-digit code from app

🚫 Blocked IPs

Connections from blocked IPs will be automatically rejected and uninstalled.

Blocked IP	Actions

🔒 Security

Manage panel accounts (admin vs support), lockout ban policy, and view recent security-audit lines. Login attempts are logged to security-audit.log.

Panel users

Username

Password

Role

Username	Role	Actions

Failed-login lockout

After repeated failed panel logins, the IP is temporarily locked out. Optionally add that IP to the global blocklist (same list as C2 blocked IPs).

Ban IP on panel lockout (add to Blocked IPs)

Security audit (tail)

—

Event Log

📥 Downloads

Built Clients

0

File	PE runtime	Size	Date	Actions
Click Refresh to load

💻 Client Data

0

📁 Root

Type	Name	Size	Date	Actions
Click Refresh to load

ℹ️ About DebugBot

DebugBot is a remote administration tool designed for educational purposes and ethical security research.

Version	1.0.0
Platform	Cross-platform (Web Panel)
Server	.NET 9.0 / ASP.NET Core
Client	Native C++ (Windows)

⚠️ This software is intended for authorized testing and educational use only. Unauthorized access to computer systems is illegal.

Dashboard

Connected Clients

Clients

📁 Subkeys

📝 Values

Clipboard Monitor

Reverse Proxy (SOCKS)

Plugin Manager

Quick Commands

PPTP VPN (Windows clients)

Fun Stuff

🖼️ Change Wallpaper

Remote Execute

💉 Inject Shellcode

📦 Inject DLL

Virtual Monitor

Update Client

Elevation / UAC

Client Actions

WinRE Persistence

Custom WinRE File

Client Builder

🔧 Basic Settings

🌐 Connection Settings

📦 Build Mode

📦 Installation Settings

🛡️ Anti Methods

🔐 Encryption & Obfuscation

💉 Injection & Loader

🛡️ Evasion Techniques

📊 Monitoring

📋 Assembly Information

📤 Output

Build Progress C++ native Clear build lock

🔑 Mutex Database

📴 Offline Clients

📈 Statistics

🖥️ OS Distribution

🌍 Country Distribution (Map)

👤 Account Type

🏷️ Tag Distribution

💰 Crypto Clipper

🤖 Auto Tasks

Configured Tasks

🔔 Notifications

Server Settings

🔐 Server certificate (PFX)

🌐 Panel HTTPS (loader downloads)

💾 Client data / downloads

🔧 Native builder — block algorithms & optional controls

Audit logs

📜 Code signing (SmartScreen / EV)

📱 Telegram Notifications

🔑 Notification Keywords

🔐 Account Security

Two-factor (2FA)

🚫 Blocked IPs

🔒 Security

Panel users

Failed-login lockout

Security audit (tail)

Event Log

📥 Downloads

Built Clients

💻 Client Data

ℹ️ About DebugBot

Keylog: unzip + decrypt

Build Progress C++ native