MCPcopy Index your code
hub / github.com/0x6rss/matkap

github.com/0x6rss/matkap @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
36 symbols 100 edges 3 files 3 documented · 8% updated 11mo ago★ 9685 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Matkap

Matkap - hunt down malicious Telegram bots

Disclaimer (Legal & Ethical Use)

Matkap is intended for educational and research purposes only. This tool is designed to help cybersecurity professionals analyze and understand Telegram bot interactions, particularly those that may pose security risks.

🔹 By using Matkap, you agree to the following terms:

You must not use this tool for illegal activities or unauthorized access. You assume full responsibility for any actions performed with this tool. The developers and contributors are not liable for any misuse, damages, or legal consequences arising from the use of Matkap. Ensure you comply with Telegram's API Terms of Service and all applicable laws in your jurisdiction. 📌 If you do not agree with these terms, you should not use this tool.

📌 Features

  • FOFA & URLScan Integration – Searches for leaked Bot Tokens / Chat IDs in websites
  • export logs - export hunt logs

https://github.com/user-attachments/assets/44599ccd-4b99-461b-9967-913908882771

image

🛠 Installation

🔹 Prerequisites

Before running Matkap, ensure you have the following:

  • Python 3.7+ installed on your system.
  • Pip to install packages.
  • An account on my.telegram.org/apps to get your Telegram API credentials (api_id, api_hash, phone_number).
  • (Optional) FOFA Account & URLScan Account if you want scanning functionality:
  • FOFA_EMAIL, FOFA_KEY for FOFA
  • URLSCAN_API_KEY for URLScan

🔹 Telegram API Credentials (Using a .env File)

  1. Visit my.telegram.org/apps and log in with your phone number.
  2. Create a new application and note the following:
  3. api_id
  4. api_hash
  5. phone_number (the Telegram account you want to use).
  6. In your project folder, create a .env file and add: ```dotenv TELEGRAM_API_ID=123456 TELEGRAM_API_HASH=your_api_hash TELEGRAM_PHONE=+900000000000

# (Optional) For FOFA & URLScan: FOFA_EMAIL=your_fofa_email FOFA_KEY=your_fofa_key URLSCAN_API_KEY=your_urlscan_api_key

# Clone the repository
>>git clone https://github.com/0x6rss/matkap.git

# Navigate into the project folder
>>cd matkap

# Create and fill out your .env file 
# with TELEGRAM_API_ID, TELEGRAM_API_HASH, TELEGRAM_PHONE 
# (and FOFA_EMAIL, FOFA_KEY, URLSCAN_API_KEY if you plan to use them)

# Install dependencies
>>pip install -r requirements.txt

# Run Matkap
>>python matkap.py

Usage

When you run the code for the first time, Telegram will send you a login code. You need to enter this code into the terminal where you ran the script. image

  1. Start Attack
  2. Enter the malicious bot token (e.g., bot12345678:ABC...) and chat id.

  3. Forward All Messages

  4. Forward older messages by iterating through message IDs.
  5. You can Stop or Resume forwarding at any time.

  6. Hunt With FOFA

  7. Searches for exposed Bot Tokens / Chat IDs on sites indexed by FOFA (body="api.telegram.org").
  8. Results appear in the Process Log.

  9. Hunt With URLScan

  10. Similarly hunts for exposed tokens / chat IDs referencing domain:api.telegram.org using URLScan.
  11. Also logs them in the Process Log.

  12. Export captured messages

  13. captured Telegram messages are instantly saved to the "captured_messages" directory

Core symbols most depended-on inside this repo

log
called by 52
matkap.py
configure_theme
called by 2
matkap.py
add_placeholder
called by 2
matkap.py
forward_msg
called by 2
matkap.py
forward_continuation
called by 2
matkap.py
ensure_data_file
called by 1
matkap.py
get_seen_message_ids
called by 1
matkap.py
compute_unseen_ranges
called by 1
matkap.py

Shape

Method 33
Function 2
Class 1

Languages

Python100%

Modules by API surface

matkap.py34 symbols
urlscan_api.py1 symbols
fofa_api.py1 symbols

For agents

$ claude mcp add matkap \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact