Matkap - hunt down malicious Telegram bots
Matkap is intended for educational and research purposes only. This tool is designed to help cybersecurity professionals analyze and understand Telegram bot interactions, particularly those that may pose security risks.
🔹 By using Matkap, you agree to the following terms:
You must not use this tool for illegal activities or unauthorized access. You assume full responsibility for any actions performed with this tool. The developers and contributors are not liable for any misuse, damages, or legal consequences arising from the use of Matkap. Ensure you comply with Telegram's API Terms of Service and all applicable laws in your jurisdiction. 📌 If you do not agree with these terms, you should not use this tool.
https://github.com/user-attachments/assets/44599ccd-4b99-461b-9967-913908882771
Before running Matkap, ensure you have the following:
api_id, api_hash, phone_number)..env File).env file and add:
```dotenv
TELEGRAM_API_ID=123456
TELEGRAM_API_HASH=your_api_hash
TELEGRAM_PHONE=+900000000000# (Optional) For FOFA & URLScan: FOFA_EMAIL=your_fofa_email FOFA_KEY=your_fofa_key URLSCAN_API_KEY=your_urlscan_api_key
# Clone the repository
>>git clone https://github.com/0x6rss/matkap.git
# Navigate into the project folder
>>cd matkap
# Create and fill out your .env file
# with TELEGRAM_API_ID, TELEGRAM_API_HASH, TELEGRAM_PHONE
# (and FOFA_EMAIL, FOFA_KEY, URLSCAN_API_KEY if you plan to use them)
# Install dependencies
>>pip install -r requirements.txt
# Run Matkap
>>python matkap.py
When you run the code for the first time, Telegram will send you a login code. You need to enter this code into the terminal where you ran the script.
Enter the malicious bot token (e.g., bot12345678:ABC...) and chat id.
Forward All Messages
You can Stop or Resume forwarding at any time.
Hunt With FOFA
body="api.telegram.org"). Results appear in the Process Log.
Hunt With URLScan
domain:api.telegram.org using URLScan. Also logs them in the Process Log.
Export captured messages
$ claude mcp add matkap \
-- python -m otcore.mcp_server <graph>