Bifrost C2. Open-source post-exploitation using Discord API

Related tags

Third-party APIs Wrapperspythonwindowsmacoslinuxdiscorddiscord-botencrypted-connectionspost-exploitationpentestoffensive-securityred-teamc2pentest-toolcommand-and-controlcommand-control
Overview


Bifrost
Bifrost

Command and Control

What's Bifrost?

Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for communication between clients and server.

Developed with Python, this C2 have multiples features for post-exploitation.

How Bifrost works?

As mentioned before, Bifrost is basically a discord bot that receive commands from the Discord user and do a pre-defined task.

So for every client that you are going to "infect", you will send a copy of this discord bot, and it will respond to you using discord. This allows you to hide behind Discord service being stealth and have a secure connection between you and your client.

Disclaimer: This project should be used for authorized testing or educational purposes only.

Virustotal

Virustotal detection was 5/67 when there was none defense against sandbox execution.

Antivirus that detected Bifrost as malicious was SecureAge APEX, Jiangmin, Cynet, Zillya and Palo Alto Networks

Bifrost Features

  • Multiple clients.
  • Multi-platform support.
  • Keylogger.
  • Antivirus enumeration.
  • Real-time communication.
  • Encrypted(HTTPS) communication.
  • Fast and stealth communication trough Discord API.
  • No need of public service.
  • Screenshot gathering.
  • Download and upload of files.

⚠️ Contributors ⚠️

Bifrost is an open project, so, if you want to add some functionality, improve features or code performance in Bifrost, the best way to get it to the main project is to create a fork and open pull request.

Installation

1 - Clone or download Bifrost source code;

2 - Install lib dependencies;

pip install -r requirements.txt

3 - Have Discord account;

4 - Create an application (Bot) on Discord;

5 - Go to General information tab and copy your Application ID;

6 - Go to Bot tab, create the Bot and copy it's token

7 - Invite your bot to your discord server by filling up the following link with your application ID;

https://discord.com/oauth2/authorize?client_id=<APP_ID>&scope=bot&permissions=8

8 - Now create a channel in your Discord server and copy its ID;

Obs.: Activate developers function in your discord app to copy channel ID easily.

Now with those 2 information (channel ID and Bot Token), change the var values on 22 and 23 lines in bifrost.py file to your account/channel values.

Client Installation

After creating your bot, channel and changing the variable values, follow the steps bellow to deploy the payload to your client

Windows

Create an bifrost executable file using pyinstaller, or sending bifrost.py to client and installing all dependencies.

Using the executable file, the client don't need to have python or any dependencies pre-installed.

pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost or
python -m pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost

OBS.: All of this params are optional, read pyinstaller documentation for more information on how to use it.

Linux\Mac OS

You can send the bifrost.py and install the dependencies, or create and script/executable to automate this process, similar to windows installation

To do

  • Persistence feature
  • Bind shell connection
  • Stealth Download
  • Upload big files anonymously
  • Live/recorded voice streaming
  • Fix Bugs/Issues

Screen live stream is not possible trough Discord API :(

Screenshots

You might also like...
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)

Articuno (discord-interactions) A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py) Get started If you wa

Blue 8 Dec 26, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
MicroStealer - A compact Discord Token Logger/Discord Token Grabber made in only 15 lines of code! Injects into discord for long-term use

💾 MicroStealer ⚡ A compact Discord Token Logger/Discord Token Grabber made in o

DeKrypt 24 Sep 21, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

null 30 Nov 13, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

null 6 Jul 14, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

null 3 Sep 8, 2021
This is a open source discord bot project

pythonDiscordBot This is a open source discord bot project #based on the MAX A video: https://www.youtube.com/watch?v=jHZlvRr9KxM Prerequisites Python

Edson Holanda Teixeira Junior 3 Oct 11, 2021
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

null 2 Nov 5, 2021
Comments
  • Suggest to loosen the dependency on discord.py

    Suggest to loosen the dependency on discord.py

    Dear developers,

    Your project Bifrost requires "discord.py==1.7.1" in its dependency. After analyzing the source code, we found that the following versions of discord.py can also be suitable without affecting your project, i.e., discord.py 1.7.0, 1.7.2, 1.7.3. Therefore, we suggest to loosen the dependency on discord.py from "discord.py==1.7.1" to "discord.py>=1.7.0,<=1.7.3" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

    May I pull a request to further loosen the dependency on discord.py?

    By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


    Details:

    Your project (commit id: b5ae2fc024e3e0a7104cfb5c2cb394876c2a8853) directly uses 2 APIs from package discord.py.

    discord.file.File.__init__, discord.client.Client.__init__

    Beginning fromwhich, 15 functions are then indirectly called, including -2 discord.py's internal APIs and 17 outsider APIs as follows:

    [/th3r4ven/Bifrost]
+--discord.file.File.__init__
|      +--os.path.split
+--discord.client.Client.__init__
|      +--asyncio.get_event_loop
|      +--discord.http.HTTPClient.__init__
|      |      +--asyncio.get_event_loop
|      |      +--weakref.WeakValueDictionary
|      |      +--asyncio.Event
|      +--discord.client.Client._get_state
|      |      +--discord.state.ConnectionState.__init__
|      |      |      +--discord.flags.Intents.default
|      |      |      +--warnings.warn
|      |      |      +--discord.flags.MemberCacheFlags.from_intents
|      |      |      +--inspect.getmembers
|      |      |      +--discord.state.ConnectionState.clear
|      |      |      |      +--weakref.WeakValueDictionary
|      |      |      |      +--collections.OrderedDict
|      |      |      |      +--collections.deque
|      |      |      |      +--gc.collect
|      +--asyncio.Event

    Since all these functions have not been changed between any version for package "discord.py" from [1.7.0, 1.7.2, 1.7.3] and 1.7.1. Therefore, we believe it is safe to loosen the corresponding dependency.

    opened by Agnes-U 0
Releases(1.0)
Owner
GitHub Repository
A bot that updates about the most subscribed artist' channels on YouTube

A bot that updates about the most subscribed artist' channels on YouTube. A weekly top chart report is provided every Monday. It posts updates on Twitter

Marco Fantauzzo 5 Dec 14, 2022
Pysauce is a Discord bot which utilizes the SauceNAO API to locate the source of images.

Pysauce Pysauce is a Discord bot which utilizes the SauceNAO API to locate the source of images. Use Pysauce has one public instance always running, i

Akira 2 Oct 04, 2022
A bot which is a ghost and you can make friends with it

This is a bot which is a ghost and you can make friends with it. It will haunt your friends. Explore and test the bot in replit !

Siwan SR 0 Oct 06, 2022
Discord spam bots with multiple account support and more

Discord spam bots with multiple account support and more. PLEASE READ EVERYTHING BEFORE WRITING AN ISSUE!! Server Messages Text Image Dm Messages Text

Mr. Nobody 6 Sep 14, 2022
Bendford analysis of Ethereum transaction

Bendford analysis of Ethereum transaction The python script script.py extract from already downloaded archive file the ethereum transaction. The value

sleepy ramen 2 Dec 18, 2021
Diablo II Resurrected Diablo Clone Running Room Mgr

d2rdc Diablo II Resurrected Diablo Clone Running Room Mgr Install Dependencies pip install fastapi pip install uvicorn Running uvicorn init:app INFO:

1 Dec 03, 2021
For Help/Questions Join in discord

Simple-Nitro-Generator-Source Must have installed python! Discord: $MartoBossX#7777 Server: https://discord.gg/ErynDxTV5Y DONATE: (Crypto) BTC: bc1qg8

1 Jan 08, 2022
A Telegram Bot to manage your music channel with some cool features.

Music Channel Manager V2 A Telegram Bot to manage your music channel with some cool features like appending your predefined username to the musics tag

11 Oct 21, 2022
A python tool to Automate Whatsapp through Whatsapp web

This python tool is used to Automate Whatsapp through Whatsapp web. We can add number of contacts whom we want to send text messages on perticular time

5 Jul 21, 2022
Currency Merger is a simple tool for joining values in different currencies

Currency Merger Description Currency Merger is a simple tool for joining values in different currencies. For example, if I have money in USD, EUR, BRL

Arthur Diniz 1 Feb 08, 2022
Nft-maker - Create your own NFT!

nft-maker How to If you're going to use this program, change the pictures in the "images" folder. All images must be of the same resolution and size.

Georgii Arakelian 4 Mar 13, 2022
The Fasted Proxyless Multi-Threaded Discord Call Crasher

Discord-Call-Crasher The Fasted Proxyless Multi-Threaded Discord Call Crasher (Created By Jonah) Requirements / Setting up There will be a few things

8ua 10 Jun 17, 2022
Source code of BobuxAdmin bot from Bobux Bot Development server.

BobuxAdmin Source code of BobuxAdmin bot from Bobux Bot Development server. The bot is written with usage of disnake and SQLite database. Functionalit

Bobux Bot Developers 3 Dec 29, 2022
Weather_besac is a French twitter bot that tweet the weather of the city of Besançon in Franche-Comté in France every day at 8am and 4pm.

Weather Bot Besac Weather_besac is a French twitter bot that tweet the weather of the city of Besançon in Franche-Comté in France every day at 8am and

Rgld_ 1 Nov 15, 2021
Example of Telegram local API and aiogram 3.x

Telegram Local Full example of Telegram local application. Contains Telegram Bot API Local Telegram Bot API server based on aiogram Bot API Server ima

Oleg A. 9 Sep 16, 2022
Automated JSON API based communication with Fronius Symo

PyFronius - a very basic Fronius python bridge A package that connects to a Fronius device in the local network and provides data that is provided via

Niels Mündler 10 Dec 30, 2022
It is a temporary project to study discord interactions. You can set permissions conveniently when you invite a particular disk code bot.

Permission Bot 디스코드 내에 있는 message-components 를 연구하기 위하여 제작된 봇입니다. Setup /config/config_example.ini 파일을 /config/config.ini으로 변환합니다. config 파일의 기본 양식은 아

gunyu1019 4 Mar 07, 2022
D-Ticket is a discord bot for ticket system

D-Ticket Discord Bot D-Ticket is a discord bot for ticket management system. This is not final product is currently being in development stay connecte

DeViL 1 Jan 06, 2022
PyHoroscope - Observational Indian lunisolar calendar, horoscope and matching using the Swiss ephemeris

PyHoroscope Observational Indian lunisolar calendar, horoscope and matching usin

4 Jun 05, 2022
Useful tools for building interactions in Python

discord-interactions-python Types and helper functions for Discord Interactions webhooks. Installation Available via pypi: pip install discord-interac

Discord 77 Dec 07, 2022