A Flask-based HTTP(S) command and control (C2) framework with a web frontend. Malleable agents written in Go and scripts written in bash.

 ▄▄▄▄    ██▓  █████▒██▀███   ▒█████    ██████ ▄▄▄█████▓
▓█████▄ ▓██▒▓██   ▒▓██ ▒ ██▒▒██▒  ██▒▒██    ▒ ▓  ██▒ ▓▒
▒██▒ ▄██▒██▒▒████ ░▓██ ░▄█ ▒▒██░  ██▒░ ▓██▄   ▒ ▓██░ ▒░
▒██░█▀  ░██░░▓█▒  ░▒██▀▀█▄  ▒██   ██░  ▒   ██▒░ ▓██▓ ░ 
░▓█  ▀█▓░██░░▒█░   ░██▓ ▒██▒░ ████▓▒░▒██████▒▒  ▒██▒ ░ 
░▒▓███▀▒░▓   ▒ ░   ░ ▒▓ ░▒▓░░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░  ▒ ░░   
▒░▒   ░  ▒ ░ ░       ░▒ ░ ▒░  ░ ▒ ▒░ ░ ░▒  ░ ░    ░    
 ░    ░  ▒ ░ ░ ░     ░░   ░ ░ ░ ░ ▒  ░  ░  ░    ░      
 ░       ░            ░         ░ ░        ░           
      ░                                                

Bifrost is a Flask app that allows communication between implants and a centralized command and control server.

How to get started:

Server side:

Clone the repo

git clone https://github.com/AshleyNikr/Bifrost.git

Change into the server directory

cd Bifrost/server

Make sure the docker service is running

sudo systemctl restart docker.service

Start the docker container

sudo docker-compose up --force-recreate --build

Client side:

Run the implant on the agent

sudo ./implant

Important

  • Make sure to change the base url in the implant to the IP you're hosting the server on

Planned Features:

  • Bot Authentication
  • Modularity
  • Documentation
  • Group commands
  • Remote hosting
  • Nil goated
Owner
Similar Resources

Ffuf - A fast web fuzzer written in Golang

Ffuf - A fast web fuzzer written in Golang

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \

Jan 2, 2022

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Guark Guark allows you to build beautiful user interfaces using modern web technologies such as Vue.js, React.js..., while your app logic handled and

Jul 3, 2022

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Jun 30, 2022

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

Jun 24, 2022

Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

SerpScan Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. Table

Apr 21, 2022

Volana - Shell command obfuscation to avoid detection systems

Volana - Shell command obfuscation to avoid detection systems

volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm

Jun 20, 2022

Doctl: A command-line interface (CLI) for the DigitalOcean API

doctl doctl is a command-line interface (CLI) for the DigitalOcean API. Usage:

Feb 16, 2022

"I do" stops interactive command if there is any potential risky pattern

Description ido (I do) executes your shell command provided as its input, but it may wait for you to confirm when there is some potential risky patter

Mar 30, 2022

set of web security test cases and a toolkit to construct new ones

Webseclab Webseclab contains a sample set of web security test cases and a toolkit to construct new ones. It can be used for testing security scanners

Jun 14, 2022
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Jun 28, 2022
A web-based testing platform for WAF (Web Application Firewall)'s correctness

WAFLab ?? WAFLab is a web-based platform for testing WAFs. Live Demo https://waflab.org/ Architecture WAFLab contains 2 parts: Name Description Langua

Jun 22, 2022
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

Jun 29, 2022
Exploit for remote command execution in Golang go get command.

CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta

Oct 15, 2021
Web-Security-Academy - Web Security Academy, developed in GO

Web-Security-Academy - Web Security Academy, developed in GO

Feb 23, 2022
Health-go - Web based app for health tracking and monitoring (Go port)

Health Web based app for health tracking and monitoring. Work in progress. Installation Clone the repository: git clone [email protected]:jonathantorr

Dec 31, 2021
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.

Dent More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This fr

Jun 24, 2022
Shfz - Scenario-based fuzzing test execution tool for web applications
Shfz - Scenario-based fuzzing test execution tool for web applications

shfz A scenario-based web application fuzzng tool that supports fuzz generation

Apr 10, 2022
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Jun 14, 2022
Fast web fuzzer written in Go
Fast web fuzzer written in Go

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

Jun 29, 2022