Bifrost C2. Open-source post-exploitation using Discord API

Related tags

Third-party APIs Wrapperspythonwindowsmacoslinuxdiscorddiscord-botencrypted-connectionspost-exploitationpentestoffensive-securityred-teamc2pentest-toolcommand-and-controlcommand-control
Overview


Bifrost
Bifrost

Command and Control

What's Bifrost?

Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for communication between clients and server.

Developed with Python, this C2 have multiples features for post-exploitation.

How Bifrost works?

As mentioned before, Bifrost is basically a discord bot that receive commands from the Discord user and do a pre-defined task.

So for every client that you are going to "infect", you will send a copy of this discord bot, and it will respond to you using discord. This allows you to hide behind Discord service being stealth and have a secure connection between you and your client.

Disclaimer: This project should be used for authorized testing or educational purposes only.

Virustotal

Virustotal detection was 5/67 when there was none defense against sandbox execution.

Antivirus that detected Bifrost as malicious was SecureAge APEX, Jiangmin, Cynet, Zillya and Palo Alto Networks

Bifrost Features

  • Multiple clients.
  • Multi-platform support.
  • Keylogger.
  • Antivirus enumeration.
  • Real-time communication.
  • Encrypted(HTTPS) communication.
  • Fast and stealth communication trough Discord API.
  • No need of public service.
  • Screenshot gathering.
  • Download and upload of files.

⚠️ Contributors ⚠️

Bifrost is an open project, so, if you want to add some functionality, improve features or code performance in Bifrost, the best way to get it to the main project is to create a fork and open pull request.

Installation

1 - Clone or download Bifrost source code;

2 - Install lib dependencies;

pip install -r requirements.txt

3 - Have Discord account;

4 - Create an application (Bot) on Discord;

5 - Go to General information tab and copy your Application ID;

6 - Go to Bot tab, create the Bot and copy it's token

7 - Invite your bot to your discord server by filling up the following link with your application ID;

https://discord.com/oauth2/authorize?client_id=<APP_ID>&scope=bot&permissions=8

8 - Now create a channel in your Discord server and copy its ID;

Obs.: Activate developers function in your discord app to copy channel ID easily.

Now with those 2 information (channel ID and Bot Token), change the var values on 22 and 23 lines in bifrost.py file to your account/channel values.

Client Installation

After creating your bot, channel and changing the variable values, follow the steps bellow to deploy the payload to your client

Windows

Create an bifrost executable file using pyinstaller, or sending bifrost.py to client and installing all dependencies.

Using the executable file, the client don't need to have python or any dependencies pre-installed.

pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost or
python -m pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost

OBS.: All of this params are optional, read pyinstaller documentation for more information on how to use it.

Linux\Mac OS

You can send the bifrost.py and install the dependencies, or create and script/executable to automate this process, similar to windows installation

To do

  • Persistence feature
  • Bind shell connection
  • Stealth Download
  • Upload big files anonymously
  • Live/recorded voice streaming
  • Fix Bugs/Issues

Screen live stream is not possible trough Discord API :(

Screenshots

You might also like...
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)

Articuno (discord-interactions) A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py) Get started If you wa

Blue 8 Dec 26, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
MicroStealer - A compact Discord Token Logger/Discord Token Grabber made in only 15 lines of code! Injects into discord for long-term use

💾 MicroStealer ⚡ A compact Discord Token Logger/Discord Token Grabber made in o

DeKrypt 24 Sep 21, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

null 30 Nov 13, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

null 6 Jul 14, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

null 3 Sep 8, 2021
This is a open source discord bot project

pythonDiscordBot This is a open source discord bot project #based on the MAX A video: https://www.youtube.com/watch?v=jHZlvRr9KxM Prerequisites Python

Edson Holanda Teixeira Junior 3 Oct 11, 2021
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

null 2 Nov 5, 2021
Comments
  • Suggest to loosen the dependency on discord.py

    Suggest to loosen the dependency on discord.py

    Dear developers,

    Your project Bifrost requires "discord.py==1.7.1" in its dependency. After analyzing the source code, we found that the following versions of discord.py can also be suitable without affecting your project, i.e., discord.py 1.7.0, 1.7.2, 1.7.3. Therefore, we suggest to loosen the dependency on discord.py from "discord.py==1.7.1" to "discord.py>=1.7.0,<=1.7.3" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

    May I pull a request to further loosen the dependency on discord.py?

    By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


    Details:

    Your project (commit id: b5ae2fc024e3e0a7104cfb5c2cb394876c2a8853) directly uses 2 APIs from package discord.py.

    discord.file.File.__init__, discord.client.Client.__init__

    Beginning fromwhich, 15 functions are then indirectly called, including -2 discord.py's internal APIs and 17 outsider APIs as follows:

    [/th3r4ven/Bifrost]
+--discord.file.File.__init__
|      +--os.path.split
+--discord.client.Client.__init__
|      +--asyncio.get_event_loop
|      +--discord.http.HTTPClient.__init__
|      |      +--asyncio.get_event_loop
|      |      +--weakref.WeakValueDictionary
|      |      +--asyncio.Event
|      +--discord.client.Client._get_state
|      |      +--discord.state.ConnectionState.__init__
|      |      |      +--discord.flags.Intents.default
|      |      |      +--warnings.warn
|      |      |      +--discord.flags.MemberCacheFlags.from_intents
|      |      |      +--inspect.getmembers
|      |      |      +--discord.state.ConnectionState.clear
|      |      |      |      +--weakref.WeakValueDictionary
|      |      |      |      +--collections.OrderedDict
|      |      |      |      +--collections.deque
|      |      |      |      +--gc.collect
|      +--asyncio.Event

    Since all these functions have not been changed between any version for package "discord.py" from [1.7.0, 1.7.2, 1.7.3] and 1.7.1. Therefore, we believe it is safe to loosen the corresponding dependency.

    opened by Agnes-U 0
Releases(1.0)
Owner
GitHub Repository
Telegram bot for searching videos in your PDisk account by @AbirHasan2005

PDisk-Videos-Search A Telegram bot for searching videos in your PDisk account by @AbirHasan2005. Configs API_ID - Get from @TeleORG_Bot API_HASH - Get

Abir Hasan 39 Oct 21, 2022
Balsam Python client API & SDK

balsam No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) This Python package is automatically

Darren Govoni 1 Oct 22, 2021
A bot can play all variants, but standard are abit weak, so if you need strongest you can change fsf instead of stockfish_14_Dev

MAINTAINERS Drdisrespect1 and drrespectable lichess-bot Engine communication code taken from https://github.com/ShailChoksi/lichess-bot by ShailChoksi

RPNS Nimsilu 1 Dec 12, 2021
SickNerd aims to slowly enumerate Google Dorks via the googlesearch API then requests found pages for metadata

CLI tool for making Google Dorking a passive recon experience. With the ability to fetch and filter dorks from GHDB.

Jake Wnuk 21 Jan 02, 2023
Jackrabbit Relay is an API endpoint for stock, forex and cryptocurrency exchanges that accept REST webhooks.

JackrabbitRelay Jackrabbit Relay is an API endpoint for stock, forex and cryptocurrency exchanges that accept REST webhooks. Disclaimer Please note RA

Rose Heart 23 Jan 04, 2023
Spotify Web API client for Python 3

Welcome to the GitHub repository of Tekore! We provide a client for the Spotify Web API for Python, complete with all available endpoints and authenti

Felix Hildén 186 Dec 22, 2022
Discord Voice Call DoS

VC DoS Simple, effective Discord DM/GC voice call Denial of Service. How to Use & FAQ 1. Download the script (obviously). 2. In CMD prompt, find the l

Roover 4 Feb 28, 2022
Kyura-Userbot: a modular Telegram userbot that runs in Python3 with a sqlalchemy database

Kyura-Userbot Telegram Kyura-Userbot adalah userbot Telegram modular yang berjal

Kyura 17 Oct 29, 2022
A QQ(Tencent) robot created by go-cqhttp & nonebot2

绘梨花(胶布)Bot|ErikaBot ✨ 基于NoneBot2的绘梨花多功能 Bot ,自用 ✨ 快速开始 参考go-cqhttp项目文档,配置好机器人的相关设置,以及反向ws客户端 参考nonebot2项目文档,添加必要的.env相关设置 安装本项目相关的依赖库(依赖清单) git clone本

10 Aug 09, 2022
Automate HoYoLAB Genshin Daily Check-In Using Github Actions

Genshin Daily Check-In 🤖 Automate HoYoLAB Daily Check-In Using Github Actions KOR, ENG Instructions Fork the repository Go to Settings - Secrets Cli

Leo Kim 41 Jun 24, 2022
Change the name and pfp of ur accounts, uses tokens.txt for ur tokens.

Change the name and pfp of ur accounts, uses tokens.txt for ur tokens. Also scrapes the pfps+names from a server chosen by you. For hq tokens go to discord.gg/tokenshop or t.me/praisetelegram

cChimney 36 Dec 09, 2022
Python package for Calendly API v2

PyCalendly Python package to use Calendly API-v2. Installation Install with pip $ pip install PyCalendly Usage Getting Started See Getting Started wi

Lakshmanan Meiyappan 20 Dec 05, 2022
Python wrapper library for World Weather Online API

pywwo Python wrapper library for World Weather Online API using lxml.objectify How to use from pywwo import * setKey('your_key', 'free') w=LocalWeat

World Weather Online 20 Dec 19, 2022
Bagas Mirror&Leech Bot is a multipurpose Telegram Bot written in Python for mirroring files on the Internet to our beloved Google Drive. Based on python-aria-mirror-bot

- [ MAYBE UPDATE & ADD MORE MODULE ] Bagas Mirror&Leech Bot Bagas Mirror&Leech Bot is a multipurpose Telegram Bot written in Python for mirroring file

4 Nov 23, 2021
Facebook fishing on telegram bot

Facebook-fishing Facebook fishing on telegram bot تثبيت الاداة pkg update -y pkg upgrade -y pkg install git -y pkg install python -y git clone https:/

sadamalsharabi 7 Oct 18, 2022
Telegram Bot For Screenshot Generation.

Screenshotit_bot Telegram Bot For Screenshot Generation. Description An attempt to implement the screenshot generation of telegram files without downl

1 Nov 06, 2021
Insane Weather Bot is here! Give suggestions, fork, and do much more to help us enhance the abilities of Insane Weather Bot.

Insane_Weather_Bot Insane Weather Bot is here! Give suggestions, fork, and do much more to help us enhance the abilities of Insane Weather Bot. Weathe

1 Jan 02, 2022
Lists of company wise questions available on leetcode premium. Every csv file in the companies directory corresponds to a list of questions on leetcode for a specific company based on the leetcode company tags. Updated as of May, 2022.

Leetcode Company-wise Problems Curated lists of Leetcode questions group by companies, updated as of May, 2022. Shout out to fishercoder1534 for the a

Huan Xu 1.6k Jan 04, 2023
Previewer for VapourSynth scripts.

Standalone previewer for VapourSynth scripts Fork of Endilll's vapoursynth-preview (not maintained anymore) This program is meant to be paired with a

Irrational Encoding Wizardry 26 Dec 16, 2022
Semplice pagina di informazione per sapere se e quando è uscito Joypad, il podcast a tema videoludico di Matteo Bordone (Corri!), Francesco Fossetti (Salta!) e Alessandro Zampini (Spara! per finta).

È uscito Joypad? Semplice pagina di informazione per sapere se e quando è uscito Joypad, il podcast a tema videoludico di Matteo Bordone (Corri!), Fra

Paolo Donadeo 32 Jan 02, 2023