Back to Home

TelegramRAT: RAT via Telegram bot for red team

TelegramRAT — cross-platform RAT using Telegram for C2. Supports shell, files, screenshots and geolocation. Guide to installation and commands for specialists.

TelegramRAT: remote access via Telegram for IT specialists
Advertisement 728x90

TelegramRAT: Cross-Platform RAT Controlled via Telegram Bot

TelegramRAT is a remote access tool (RAT) that uses Telegram as a C2 server to bypass network filters. The tool runs on multiple platforms, letting you execute shell commands, download files, and gather system information through a bot. It's designed for red team scenarios and requires basic Python and Telegram API knowledge.

Installation is straightforward: clone the repository from GitHub and follow the README instructions. The main file is client.py, where you configure API_TOKEN and chat_id.

Installation and Initial Setup

To deploy:

Google AdInline article slot
git clone https://github.com/machine1337/TelegramRAT.git
  • Create a bot via @BotFather in Telegram and get your API_TOKEN.
  • Find your chat_id (use @userinfobot).
  • Open client.py and insert the values on lines 16–17:
API_TOKEN = 'your_token_here'
chat_id = 'your_chat_id_here'
  • Run: python3 client.py.

The server side listens for commands from the bot. After launch, go to the bot and send a message—the tool is ready to go.

Key Features

TelegramRAT supports a range of commands for remote control. The full list is shown with the help command.

  • Shell commands: Direct execution via the bot, e.g., dir to list the directory.
  • File downloads: Upload from client to server.
  • System information: Details on OS, processes, and hardware specs.
  • Geolocation: Get device coordinates.
  • Screenshots: Capture screen with the screenshot command.
  • URL downloads: Fetch files from direct links.

Example dir output:

Google AdInline article slot

![Example dir](image-placeholder)

Screenshots are generated instantly and sent to the chat.

Commands in Detail

| Command | Description | Example Output |

Google AdInline article slot

|---------|----------|---------------|

| help | List of all commands | Text list of features |

| dir | Contents of current directory | Files and folders with permissions |

| screenshot | Screen capture | PNG image in chat |

| sysinfo | System information | OS, CPU, RAM, IP |

| download <path> | Download file | File attached to message |

For geolocation, use location—requires GPS access. Shell runs with user permission limits.

Security and Limitations

The tool bypasses firewalls using legitimate Telegram traffic but can be detected by behavior: frequent requests or unusual commands. Don't use in production without a sandbox. Test in a virtual environment.

For senior developers: check the source for customizations. client.py uses asyncio, bot.py relies on the python-telegram-bot library. Possible enhancements include persistence or traffic encryption.

Key points:

  • Using Telegram as C2 minimizes network blocks but logs activity on Telegram servers.
  • Shell and file ops support make it versatile for pentesting.
  • Requires precise token/chat_id setup to activate.
  • help command unlocks full functionality.
  • Educational tool, not for illegal use.

— Editorial Team

Advertisement 728x90

Read Next