Bifrost C2. Open-source post-exploitation using Discord API

Related tags

Third-party APIs Wrapperspythonwindowsmacoslinuxdiscorddiscord-botencrypted-connectionspost-exploitationpentestoffensive-securityred-teamc2pentest-toolcommand-and-controlcommand-control
Overview


Bifrost
Bifrost

Command and Control

What's Bifrost?

Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for communication between clients and server.

Developed with Python, this C2 have multiples features for post-exploitation.

How Bifrost works?

As mentioned before, Bifrost is basically a discord bot that receive commands from the Discord user and do a pre-defined task.

So for every client that you are going to "infect", you will send a copy of this discord bot, and it will respond to you using discord. This allows you to hide behind Discord service being stealth and have a secure connection between you and your client.

Disclaimer: This project should be used for authorized testing or educational purposes only.

Virustotal

Virustotal detection was 5/67 when there was none defense against sandbox execution.

Antivirus that detected Bifrost as malicious was SecureAge APEX, Jiangmin, Cynet, Zillya and Palo Alto Networks

Bifrost Features

  • Multiple clients.
  • Multi-platform support.
  • Keylogger.
  • Antivirus enumeration.
  • Real-time communication.
  • Encrypted(HTTPS) communication.
  • Fast and stealth communication trough Discord API.
  • No need of public service.
  • Screenshot gathering.
  • Download and upload of files.

⚠️ Contributors ⚠️

Bifrost is an open project, so, if you want to add some functionality, improve features or code performance in Bifrost, the best way to get it to the main project is to create a fork and open pull request.

Installation

1 - Clone or download Bifrost source code;

2 - Install lib dependencies;

pip install -r requirements.txt

3 - Have Discord account;

4 - Create an application (Bot) on Discord;

5 - Go to General information tab and copy your Application ID;

6 - Go to Bot tab, create the Bot and copy it's token

7 - Invite your bot to your discord server by filling up the following link with your application ID;

https://discord.com/oauth2/authorize?client_id=<APP_ID>&scope=bot&permissions=8

8 - Now create a channel in your Discord server and copy its ID;

Obs.: Activate developers function in your discord app to copy channel ID easily.

Now with those 2 information (channel ID and Bot Token), change the var values on 22 and 23 lines in bifrost.py file to your account/channel values.

Client Installation

After creating your bot, channel and changing the variable values, follow the steps bellow to deploy the payload to your client

Windows

Create an bifrost executable file using pyinstaller, or sending bifrost.py to client and installing all dependencies.

Using the executable file, the client don't need to have python or any dependencies pre-installed.

pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost or
python -m pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost

OBS.: All of this params are optional, read pyinstaller documentation for more information on how to use it.

Linux\Mac OS

You can send the bifrost.py and install the dependencies, or create and script/executable to automate this process, similar to windows installation

To do

  • Persistence feature
  • Bind shell connection
  • Stealth Download
  • Upload big files anonymously
  • Live/recorded voice streaming
  • Fix Bugs/Issues

Screen live stream is not possible trough Discord API :(

Screenshots

You might also like...
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)

Articuno (discord-interactions) A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py) Get started If you wa

Blue 8 Dec 26, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
MicroStealer - A compact Discord Token Logger/Discord Token Grabber made in only 15 lines of code! Injects into discord for long-term use

💾 MicroStealer ⚡ A compact Discord Token Logger/Discord Token Grabber made in o

DeKrypt 24 Sep 21, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

null 30 Nov 13, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

null 6 Jul 14, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

null 3 Sep 8, 2021
This is a open source discord bot project

pythonDiscordBot This is a open source discord bot project #based on the MAX A video: https://www.youtube.com/watch?v=jHZlvRr9KxM Prerequisites Python

Edson Holanda Teixeira Junior 3 Oct 11, 2021
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

null 2 Nov 5, 2021
Comments
  • Suggest to loosen the dependency on discord.py

    Suggest to loosen the dependency on discord.py

    Dear developers,

    Your project Bifrost requires "discord.py==1.7.1" in its dependency. After analyzing the source code, we found that the following versions of discord.py can also be suitable without affecting your project, i.e., discord.py 1.7.0, 1.7.2, 1.7.3. Therefore, we suggest to loosen the dependency on discord.py from "discord.py==1.7.1" to "discord.py>=1.7.0,<=1.7.3" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

    May I pull a request to further loosen the dependency on discord.py?

    By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


    Details:

    Your project (commit id: b5ae2fc024e3e0a7104cfb5c2cb394876c2a8853) directly uses 2 APIs from package discord.py.

    discord.file.File.__init__, discord.client.Client.__init__

    Beginning fromwhich, 15 functions are then indirectly called, including -2 discord.py's internal APIs and 17 outsider APIs as follows:

    [/th3r4ven/Bifrost]
+--discord.file.File.__init__
|      +--os.path.split
+--discord.client.Client.__init__
|      +--asyncio.get_event_loop
|      +--discord.http.HTTPClient.__init__
|      |      +--asyncio.get_event_loop
|      |      +--weakref.WeakValueDictionary
|      |      +--asyncio.Event
|      +--discord.client.Client._get_state
|      |      +--discord.state.ConnectionState.__init__
|      |      |      +--discord.flags.Intents.default
|      |      |      +--warnings.warn
|      |      |      +--discord.flags.MemberCacheFlags.from_intents
|      |      |      +--inspect.getmembers
|      |      |      +--discord.state.ConnectionState.clear
|      |      |      |      +--weakref.WeakValueDictionary
|      |      |      |      +--collections.OrderedDict
|      |      |      |      +--collections.deque
|      |      |      |      +--gc.collect
|      +--asyncio.Event

    Since all these functions have not been changed between any version for package "discord.py" from [1.7.0, 1.7.2, 1.7.3] and 1.7.1. Therefore, we believe it is safe to loosen the corresponding dependency.

    opened by Agnes-U 0
Releases(1.0)
Owner
GitHub Repository
This Lambda will Pull propagated routes from TGW and update VPC route table

AWS-Transitgateway-Route-Propagation This Lambda will Pull propagated routes from TGW and update VPC route table. Tested on python 3.8 Lambda AWS INST

4 Jan 20, 2022
Automatic Video Library Manager for TV Shows

Automatic Video Library Manager for TV Shows. It watches for new episodes of your favorite shows, and when they are posted it does its magic. Dependen

1.5k Dec 22, 2022
An Amazon Product Scraper built using scapy module of python

Amazon Product Scraper This is an Amazon Product Scraper built using scapy module of python Features it scrape various things Product Title Product Im

Sudhanshu Jha 1 Dec 13, 2021
A ShareX alternative for Mac OS built in Python.

Clipboard Uploader A ShareX alternative for Mac OS built in Python. Install and setup Download the latest release and put it in your applications fold

Ben Tettmar 2 Jun 07, 2022
A simple, lightweight Discord bot running with only 512 MB memory on Heroku

Haruka This used to be a music bot, but people keep using it for NSFW content. Can't everyone be less horny? Bot commands See the built-in help comman

Haruka 4 Dec 26, 2022
A Telegram Calculator to calculate your maths sums

CalculatorBot A Telegram Calculator to calculate your maths sums! Made by /Team

TeamOctave 2 Dec 31, 2021
Python wrapper for JeyyAPI

Async python wrapper for JeyyAPI

7 Dec 10, 2022
Acid's Utilities is a bot for my Discord server that alerts when I go live, welcomes new users, has some awesome games and so much more!

Acid's Utilities Acid's Utilities is a bot for my Discord server that alerts when I go live, welcomes new users, has some awesome games and so much mo

AcidFilms (Fin Stuart) 3 Nov 19, 2021
Production Ontology Merging (PrOM) Framework

Production Ontology Merging (PrOM) Framework OWL 2 DL ontology merging framework tailored to the production domain Features preprocessing: translation

4 Nov 02, 2022
A discord bot that will help you browse/download nhentai sources.

Risa Introduction Risa is an nHentai discord bot that will help you browse and download your favorite doujin inside your own discord server. Hosting M

markee7 14 Oct 25, 2021
Azure Neural Speech Service TTS

Written in Python using the Azure Speech SDK. App.py provides an easy way to create an Text-To-Speech request to Azure Speech and download the wav file.

Rodney 1 Oct 11, 2021
Rbx-mass-send - mass sends trades to item owners

mass sends trades to item owners proxies should be in ip:port format itemsToSend

0 Feb 20, 2022
A simple Telegram bot that can add caption to any media on your channel

Channel Auto Caption This bot can add a caption for any media/document sent to a channel. Just deploy bot and add bot as admin to a channel. Deploy to

22 Nov 14, 2022
(@Tablada32BOT is my bot in twitter) This is a simple bot, its main and only function is to reply to tweets where they mention their bot with their @

Remember If you are going to host your twitter bot on a page where they can read your code, I recommend that you create an .env file and put your twit

3 Jun 04, 2021
Simple Telegram bot to confess to your crush this Valentine's Day

Simple Telegram bot to confess to your crush this Valentine's Day! Steps pip install python-telegram-bot Register a Telegram bot & get the token by fo

3 Mar 18, 2022
SIGIT - Simple Information Gathering Toolkit

SIGIT - Simple Information Gathering Toolkit Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find ema

Termux Hackers 437 Dec 29, 2022
Pancakeswap-Sniper-TORNADO-CASH--MAC-WIN-ANDROID-LINUX--2022-V1 - Pancakeswap Sniper BOT - TORNADO CASH (MAC WINDOWS ANDROID LINUX) FAST snipe BUY token on LUANCH after add LIQUIDITY

TORNADO CASH Pancakeswap Sniper BOT 2022-V1 (MAC WINDOWS ANDROID LINUX) ⭐️ AUTO

Crypto Trader 3 Jan 08, 2022
Telegram 隨機色圖,支援每日自動爬取

Telegram 隨機色圖機器人 使用此原始碼的Bot 開放的隨機色圖機器人: @katonei_bot 已實現的功能 爬取每日R18排行榜 不夠色!再來一張 Tag 索引,指定Tag色圖 將爬取到的色圖轉為 WebP 格式儲存,節省空間 需要注意的事件 好久之前的怪東西,代碼質量不保證 請在使用A

cluckbird 15 Oct 18, 2021
A very basic starter bot based on CryptoKKing with a small balance

starterbot A very basic starter bot based on CryptoKKing with a small balance, use at your own risk. I have since upgraded this script significantly a

Danny Kendrick 2 Dec 05, 2021
Get random jokes bapack2 on telegram

Jokes Bapack2 Telegram Bot Get random jokes bapack2 from jokes-bapack2-api on telegram bot Screenshot Requirements python pip pipenv python-telegram-b

Miftah Afina 2 Nov 17, 2021