This repository contains Python scripts, TeleTexter.py, TeleGatherer.py and TeleViewer.py, designed to assist analysts in tracking and disrupting active malware campaigns that use Telegram for command and control (C2) communications.
TeleGatherer.py is the main script for gathering intelligence on the activities of threat actors and the data they collect from compromised hosts. It has been updated with new features and improvements:
-
✅ View Channel Messages & Download Content
- Save content in current working directory under new folder named 'downloads'.
- Supports the download of documents, photos, videos, etc.
-
✅ Send Documents via Telegram
- Optionally send a message.
- Supports all Telegram file types.
- Auto-detects MIME type.
-
✅ Message Selection
- Choose a specified number of messages or a specific message_id for download.
- Download is ALWAYS from newest to oldest message.
-
✅ Log Saving
- Pretty text with basic info under <bot_name>.txt.
- Full JSON dumps of each message under <bot_name>.json.
-
✅ Bot Information Retrieval
- Get info on bot and owner.
- Includes channel-related details.
-
✅ Newest Added Feature/Enhancement
- Send files functionality.
-
✅ Optional Menu
- MONITOR: Read new messages.
- DISRUPT: Delete messages from malicious channels.
- DISRUPT: Spam channels at a high rate with the message of your choice.
- VIEW: Launch web viewer to browse downloaded messages in a Telegram-style interface.
Note
This script is intended for threat intelligence analysts or researchers who want to monitor, collect, and track adversaries using Telegram for C2 communication.
To use these scripts, Python must be installed on your system, along with the requests library.
-
Clone the repository:
git clone https://github.com/tsale/TeleTracker.git -
Install the required Python package:
pip install -r requirements
To send a message to a Telegram channel:
python TeleTexter.py -t YOUR_BOT_TOKEN -c YOUR_CHAT_ID -m "Your message here"
To send messages continuously:
python TeleTexter.py -t YOUR_BOT_TOKEN -c YOUR_CHAT_ID -m "Your message here" --spam
Televiewer.py is the latest tool, allowing you to view and download all messages and media from the threat actor-controlled telegram channel. You can use this feature by selecting the number 6 from the initial menu after running TeleGathere.py. With Televiewer.py features, you can:
- View all channel messages and download all uploaded content, including documents, photos, videos, and other media. All downloaded content is saved in a
downloadsdirectory. - Specify the number of messages to download, from the newest to the oldest.
- Save all text in two formats: clean, readable text with basic info saved in a Txt file and a comprehensive list of every message saved in a JSON file.
To use Televiewer.py, create a Telegram API and add your API_hash and API_id to the .env file. in the below format:
API_ID="XXX"
API_HASH="XXX"
To gather intelligence from a Telegram channel:
python TeleGatherer.py -t YOUR_BOT_TOKEN -c YOUR_CHAT_ID
The web viewer provides a modern, Telegram-style interface for browsing downloaded messages. Features include:
- 📱 Telegram-style UI - Beautiful, modern interface that mimics Telegram's design
- 🔄 Dynamic Loading - Automatically detects and displays all chats from the Downloads folder
- 📝 Message Display - Shows message text, metadata, entities, and forwarded messages
- 🔍 Search Functionality - Search through messages by text, sender, or forwarded content
- ⚡ Infinite Scroll - Automatically loads more messages as you scroll
- 🎨 Responsive Design - Works on desktop and mobile devices
To launch the web viewer:
- Run
TeleGatherer.pyand select option 8 from the menu, or - Manually start the server:
python web_viewer.py
- Open your browser to
http://localhost:5000
The viewer automatically detects all chats in your Downloads/ folder and displays them in the sidebar. Click any chat to view its messages. Messages are grouped by their actual chat ID, so messages from different chats stored in the same folder are displayed separately.
- Web Viewer - New Telegram-style web interface for browsing downloaded messages with search functionality
- Ability to view and download all types of media from channels.
- Option to select the number of messages for downloading.
- Dual format text saving: pretty text and full JSON dumps.
- UTF-8 encoding support for proper handling of emojis and special characters on Windows.
- Numerous improvements and bug fixes to enhance existing features.
Use these tools responsibly. They are intended for analysis and research purposes only. Ensure compliance with all applicable laws and Telegram's terms of service.