Bifrost C2. Open-source post-exploitation using Discord API

Related tags

Third-party APIs Wrapperspythonwindowsmacoslinuxdiscorddiscord-botencrypted-connectionspost-exploitationpentestoffensive-securityred-teamc2pentest-toolcommand-and-controlcommand-control
Overview


Bifrost
Bifrost

Command and Control

What's Bifrost?

Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for communication between clients and server.

Developed with Python, this C2 have multiples features for post-exploitation.

How Bifrost works?

As mentioned before, Bifrost is basically a discord bot that receive commands from the Discord user and do a pre-defined task.

So for every client that you are going to "infect", you will send a copy of this discord bot, and it will respond to you using discord. This allows you to hide behind Discord service being stealth and have a secure connection between you and your client.

Disclaimer: This project should be used for authorized testing or educational purposes only.

Virustotal

Virustotal detection was 5/67 when there was none defense against sandbox execution.

Antivirus that detected Bifrost as malicious was SecureAge APEX, Jiangmin, Cynet, Zillya and Palo Alto Networks

Bifrost Features

  • Multiple clients.
  • Multi-platform support.
  • Keylogger.
  • Antivirus enumeration.
  • Real-time communication.
  • Encrypted(HTTPS) communication.
  • Fast and stealth communication trough Discord API.
  • No need of public service.
  • Screenshot gathering.
  • Download and upload of files.

⚠️ Contributors ⚠️

Bifrost is an open project, so, if you want to add some functionality, improve features or code performance in Bifrost, the best way to get it to the main project is to create a fork and open pull request.

Installation

1 - Clone or download Bifrost source code;

2 - Install lib dependencies;

pip install -r requirements.txt

3 - Have Discord account;

4 - Create an application (Bot) on Discord;

5 - Go to General information tab and copy your Application ID;

6 - Go to Bot tab, create the Bot and copy it's token

7 - Invite your bot to your discord server by filling up the following link with your application ID;

https://discord.com/oauth2/authorize?client_id=<APP_ID>&scope=bot&permissions=8

8 - Now create a channel in your Discord server and copy its ID;

Obs.: Activate developers function in your discord app to copy channel ID easily.

Now with those 2 information (channel ID and Bot Token), change the var values on 22 and 23 lines in bifrost.py file to your account/channel values.

Client Installation

After creating your bot, channel and changing the variable values, follow the steps bellow to deploy the payload to your client

Windows

Create an bifrost executable file using pyinstaller, or sending bifrost.py to client and installing all dependencies.

Using the executable file, the client don't need to have python or any dependencies pre-installed.

pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost or
python -m pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost

OBS.: All of this params are optional, read pyinstaller documentation for more information on how to use it.

Linux\Mac OS

You can send the bifrost.py and install the dependencies, or create and script/executable to automate this process, similar to windows installation

To do

  • Persistence feature
  • Bind shell connection
  • Stealth Download
  • Upload big files anonymously
  • Live/recorded voice streaming
  • Fix Bugs/Issues

Screen live stream is not possible trough Discord API :(

Screenshots

You might also like...
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)

Articuno (discord-interactions) A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py) Get started If you wa

Blue 8 Dec 26, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
MicroStealer - A compact Discord Token Logger/Discord Token Grabber made in only 15 lines of code! Injects into discord for long-term use

💾 MicroStealer ⚡ A compact Discord Token Logger/Discord Token Grabber made in o

DeKrypt 24 Sep 21, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

null 30 Nov 13, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

null 6 Jul 14, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

null 3 Sep 8, 2021
This is a open source discord bot project

pythonDiscordBot This is a open source discord bot project #based on the MAX A video: https://www.youtube.com/watch?v=jHZlvRr9KxM Prerequisites Python

Edson Holanda Teixeira Junior 3 Oct 11, 2021
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

null 2 Nov 5, 2021
Comments
  • Suggest to loosen the dependency on discord.py

    Suggest to loosen the dependency on discord.py

    Dear developers,

    Your project Bifrost requires "discord.py==1.7.1" in its dependency. After analyzing the source code, we found that the following versions of discord.py can also be suitable without affecting your project, i.e., discord.py 1.7.0, 1.7.2, 1.7.3. Therefore, we suggest to loosen the dependency on discord.py from "discord.py==1.7.1" to "discord.py>=1.7.0,<=1.7.3" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

    May I pull a request to further loosen the dependency on discord.py?

    By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


    Details:

    Your project (commit id: b5ae2fc024e3e0a7104cfb5c2cb394876c2a8853) directly uses 2 APIs from package discord.py.

    discord.file.File.__init__, discord.client.Client.__init__

    Beginning fromwhich, 15 functions are then indirectly called, including -2 discord.py's internal APIs and 17 outsider APIs as follows:

    [/th3r4ven/Bifrost]
+--discord.file.File.__init__
|      +--os.path.split
+--discord.client.Client.__init__
|      +--asyncio.get_event_loop
|      +--discord.http.HTTPClient.__init__
|      |      +--asyncio.get_event_loop
|      |      +--weakref.WeakValueDictionary
|      |      +--asyncio.Event
|      +--discord.client.Client._get_state
|      |      +--discord.state.ConnectionState.__init__
|      |      |      +--discord.flags.Intents.default
|      |      |      +--warnings.warn
|      |      |      +--discord.flags.MemberCacheFlags.from_intents
|      |      |      +--inspect.getmembers
|      |      |      +--discord.state.ConnectionState.clear
|      |      |      |      +--weakref.WeakValueDictionary
|      |      |      |      +--collections.OrderedDict
|      |      |      |      +--collections.deque
|      |      |      |      +--gc.collect
|      +--asyncio.Event

    Since all these functions have not been changed between any version for package "discord.py" from [1.7.0, 1.7.2, 1.7.3] and 1.7.1. Therefore, we believe it is safe to loosen the corresponding dependency.

    opened by Agnes-U 0
Releases(1.0)
Owner
GitHub Repository
Orca is an extensive and extendable Python 3.x library for the Discord API.

Orca is an extensive and extendable Python 3.x library for the Discord API.

RPS 4 Apr 03, 2022
go-cqhttp API typing annoations, return data models and utils for nonebot

go-cqhttp API typing annoations, return data models and utils for nonebot

风屿 6 Jan 04, 2023
• Create Your Own YouTube Info Api.

youtube_data_api • Create Your Own YouTube Info Api. Deploy How to Use https://{ Heroku App Name }.herokuapp.com/api?link={YouTube link} In local Host

lokaman chendekar 12 Oct 02, 2022
Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

KasRoudra 1.1k Jan 01, 2023
The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

The Sue Gray Alert System was a 5 minute project that just beeps every time a new article is updated or published on Gov.UK's news pages.

Dafydd 1 Jan 31, 2022
Make WhatsApp ChatBot and use WhatsApp API to send the WhatsApp messages in python .

Ultramsg.com WhatsApp Bot using WhatsApp API and ultramsg Demo WhatsApp API ChatBot using Ultramsg API with python. Opportunities and tasks: The outpu

Ultramsg 64 Dec 29, 2022
(unofficial) Googletrans: Free and Unlimited Google translate API for Python. Translates totally free of charge.

Googletrans Googletrans is a free and unlimited python library that implemented Google Translate API. This uses the Google Translate Ajax API to make

Suhun Han 3.2k Jan 04, 2023
Discord Token Checker and Info

Discord Token Checker A simple way to check Discord user tokens and their info in bulk. By Roover#7098. https://discord.gg/W8hnMWY6XP Proxy support co

Roover 3 Dec 09, 2021
TG-Streaming-bot - TG Simple Streaming bot

TG Simple Streaming bot telegram video straming bot 🎚️ Features Play youtube li

HyDrix 4 May 05, 2022
a Music bot for discord

Bot this is a discord bot made by AnHalfGuy.py#6031(ID: 747864072879603743) and HastagStopAnimalAbuse#5617(ID :349916852308279306) This Bot Is For Mus

A Discord Bot Development 1 Oct 29, 2021
Demonstrate how GitHub OIDC token getting should be included in boto3

boto3 should add direct support for AssumeRoleWithWebIdentity for GitHub Actions There is a aws-actions/configure-aws-credentials action that will get

Ben Kehoe 11 Aug 29, 2022
A cracking tool of Xiaomi Dr AI (Archytas / Archimedes)

Archytas Tool 我们强烈抵制闲鱼平台上未经授权的刷机服务! 我对本人之前在程序中为防止违规刷机服务添加未生效的格机代码感到抱歉,在此声明此过激行为与 Crack Mi Dr AI Team 无关,并将程序开源。 A cracking tool of Xiaomi Dr AI (Archy

rponeawa 5 Oct 25, 2022
Grocy-create-product - A script supports the batch creation of new products in Grocy

grocy-create-product This script supports the batch creation of new products in

André Heuer 6 Jul 28, 2022
AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Photo by Denny Müller on Unsplash AWS Automated Inventory ( aws-auto-inventory ) Automates creation of detailed inventories from AWS resources. Table

AWS Samples 123 Dec 26, 2022
Wrapper for shh/rsync for use with OpenFOAM and blue bear

bbsync wrapper for shh/rsync for use with OpenFOAM and blue bear About The Project bbsync is a wrapper for shh/rsync for use with OpenFOAM and blue be

1 Dec 10, 2021
A reddit.com bot that will return reference links from official python documentation site for the standard library.

Python Docs Bot A reddit.com bot that will return documentation links for the library and language reference sections of the python docs website. The

Trevor Miller 2 Sep 14, 2021
A Python wrapper for the QQ Channel API

A Python wrapper for the QQ Channel API

Fox_white 55 Dec 07, 2022
Read API docs offline, CLI, supports DevDocs.io compatible JSON files

Read API docs offline, CLI, supports DevDocs.io compatible JSON files

Tero Karvinen 3 Oct 18, 2022
An open-source Discord bot that alerts your server when it's Funky Monkey Friday!

Funky-Monkey-Friday-Bot An open-source Discord bot that alerts your server when it's Funky Monkey Friday! Add it to your server here! https://discord.

Cole Swinford 0 Nov 10, 2022
An unofficial Python wrapper for the 'Binance exchange REST API'

Welcome to binex_f v0.1.0 many interfaces are heavily used by myself in product environment, the websocket is reliable (re)connected. Latest version:

DeepLn 2 Jan 05, 2022