Hi, I'm new here, so let me tell you a couple things about me before hands. I am, plain and simply, a black hatter(as in Blackhat SEO), so my morals and ethics tend to "bend" when there is money in the middle, however, I'm also a programmer at hearth and I'm not into illegal things (I would not have registered with my usual nickname if I were to use any information on the site for illegal purposes to begin with).

So, the thing is, I'll be needing to control a relatively large amount of computers (corporate offices of mine with a total of about 100 computers) with mixed operative systems(mostly windows and linux).

I want to use this computers for a particular purpose, server testing (not to be confused with any kind of DDoS). For instance, right now I have an small project in hands and in order to take it to the next stage I need to know how much traffic my server can take per second(all those apache processes spawning as fast as I can say fork! running a Zend Framework based application can't be light weight) so I won't have any costly downtime. I figured if I have 100 computers doing the test, I should get fairly accurate stats.

Now, you might wonder, why does he need a botnet when a simple bash script calling a few curl instances should be enough, or a simple threaded socket app. The answer is, I don't, it's personal curiosity mostly. Botnets have always attracted my attention.

So, I figured I would kill 3 birds with one stone. I would design a world-class botnet(taking away the usual spam, ddos and related functionality as I'm mainly interested in the network communication and effective control and command authorization), I would get accurate stats on server capacity(or redundant servers arrays for that matter), and I would learn a new programming language(thinking of Python or Ruby).

I have been reading quite a lot about redundant networks and distributed protocols such as the edonkey protocol, xmmp, irc(somewhat), etc. I'm pretty sure however, that you guys could probably recommend me a few good books or articles online.

On the programming language, in a real world scenario, I would probably want to write it in C/C++(language in which I'm a "native", so to speak) simply because the final executable must be small; however, I have decided to allow for a bigger executable "baggage" in order to program it in a new language.

Speaking of the language, I'm leaning towards Python, however, I do not wish to learn an old version of Python(2.x) since it's just destined to slow, imminent death now that Py3k is out but Py3k is so new there are basically no libs or support for pretty much anything for it; so I would probably be better off waiting 6 months or so before learning Py3k. So this means Ruby, so I looked at the syntax, etc. It doesn't quite fit me, but that's probably because I'm mainly used to program in C++/PHP, and ruby introduces a myriad of new concepts.

So, I would appreciate any feedback you could have, recommendations, good reads, etc.

Thanks for your time,
T.

As far as I understand, a botnet is just an elaborate client-server application.  Clients and server communicate, passing commands back and forth.   Whenever I write client server apps, I usually do all my communication in XML format.  It's very easy to parse and there are quite a few classes written in C/C++ that make this easy.   So, to sort of answer you question, I would look into client-server programming books to get you started.  Make sure you understand socket programming in C/C++.   

You would basically have a small curl app that sends requests to your app.  That small curl app would be multiplied and distributed to many many machines.   Then you have a server app that controls all them and tells them what to do. 

I have a considerable amount of experience in general, embed and web programming and networks. My main concern is how to design a network that can re-shape itself, and at the same time not be shutdownable (meaning,it doesn't know of any other sibling) without using "master" servers for obvious reasons.

I'll read that book as soon as I can.

For now, I'm looking into the freenet project, which is the closest thing so far. I could just "connect" the peers, and have them perform hourly searchs on the network for encoded resources, which would be normal things like images, chunks of text, etc with embed messages, which would be RSA(or similar) encrypted. Looks like a good model to me, but I'm not convinced just yet.

About the 100 computer thing, yes, it is true that they are unlikely to take down a server, however, if I can get 2 hits per second per computer, that means, a sustained 200 hits per second, which means the server can take 17.280.000 hits per day. Honestly, I doubt my apache will be able to fork() 200 times without degrading the quality of service by a big factor.
So yes, I see it as a very practical way to test load .

And no, employees can't be angry, I'll be including in their contracts that their workstations will be monitored and the unused resources in them will be put to good use.

Any other advise appreciated .

See you.