Skip to main content
This software is malware. Proone is designed for security research and educational purposes only. It has been tested in controlled virtual environments. Use only in isolated environments safely separated from the Internet. See Security Notice for important information.

What is Proone?

Proone is a Linux worm designed to target unconfigured IoT embedded devices with MMU. It features self-contained breaking and entering, replicating, IPv6 support, and CNC using DNS over TLS. This project is a reengineered version of Mirai, developed with a serious approach and additional capabilities. The original goal was “pruning” poorly secured devices from the Internet, though the project has been released as open-source research instead.

Architecture Overview

Learn about the multi-subsystem architecture

Foreword

Author’s perspective and motivation

Build & Deploy

Compile and configure Proone

Security Notice

Critical legal and ethical information

Key Features

IPv6 Support

Full IPv6 connectivity and scanning capabilities for modern networks

DNS over TLS CNC

Command and control using TXT records over encrypted DNS connections

Binary Recombination

Cross-architecture propagation with multi-platform executable bundling

Data Vault

Sensitive data masking and secure credential storage

Cooperative Multitasking

Resource-efficient execution using GNU Pth threading

Ephemeral Presence

Memory-only file system usage for forensic resistance

Core Subsystems

Proone consists of four main subsystems that work organically to infect hosts and provide CNC capabilities:
1

Heartbeat

Backdoor and CNC mechanism using DNS TXT records or TCP/IP connections for command and control
2

Recon

Network reconnaissance worker that discovers vulnerable nodes on the Internet and local networks using raw socket packet crafting
3

BNE (Break and Enter)

Exploitation worker that uses credential brute force and vulnerability exploits to compromise target hosts
4

Resolv

Custom DNS over TLS resolver designed specifically for secure CNC communications

Documentation Structure

Architecture

System design, subsystems, and architectural decisions

Tools

Command-line utilities for building, testing, and deployment

Protocols

Heartbeat protocol specification and data formats

Development

Implementation details and developer notes

GitHub Repository

View source code and contribute

MIT License

Licensed under MIT

Build docs developers (and LLMs) love

Get started for freeTalk to us