Login
T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list (MSEL) together with a set of rules defined for each exercise (optional) and a configuration that allows defining the parameters of the corresponding platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, etc.) that allows the events to present the events in the input channels as injects for each platform. In addition, the framework supports different use cases: "single organization, multiple areas", "multiple organization, single area" and "multiple organization, multiple areas".
To use the framework with your desired platform, whether it's Slack or Discord, you will need to install the required modules for that platform. But don't worry, installing these modules is easy and straightforward.
To do this, you can follow this simple step-by-step guide, or if you're already comfortable installing packages with pip, you can skip to the last step!
FreshRSS # Python 3.6+ required
python -m venv .venv # We will create a python virtual environment
source .venv/bin/activate # Let's get inside it
pip install -U pip # Upgrade pipOnce you have created a Python virtual environment and activated it, you can install the T3SF framework for your desired platform by running the following command:
pip install "T3SF[Discord]" # Install the framework to work with Discordor
pip install "T3SF[Slack]" # Install the framework to work with SlackThis will install the T3SF framework along with the required dependencies for your chosen platform. Once the installation is complete, you can start using the framework with your platform of choice.
We strongly recommend following the platform-specific guidance within our Read The Docs! Here are the links:
We created this framework to simplify all your work!
$ docker run --rm -t --env-file .env -v $(pwd)/MSEL.json:/app/MSEL.json base4sec/t3sf:slackInside your .env file you have to provide the SLACK_BOT_TOKEN and SLACK_APP_TOKEN tokens. Read more about it here.
There is another environment variable to set, MSEL_PATH. This variable tells the framework in which path the MSEL is located. By default, the container path is /app/MSEL.json. If you change the mount location of the volume then also change the variable.
$ docker run --rm -t --env-file .env -v $(pwd)/MSEL.json:/app/MSEL.json base4sec/t3sf:discordInside your .env file you have to provide the DISCORD_TOKEN token. Read more about it here.
There is another environment variable to set, MSEL_PATH. This variable tells the framework in which path the MSEL is located. By default, the container path is /app/MSEL.json. If you change the mount location of the volume then also change the variable.
Once you have everything ready, use our template for the main.py, or modify the following code:
Here is an example if you want to run the framework with the Discord bot and a GUI.
from T3SF import T3SF
import asyncio
async def main():
await T3SF.start(MSEL="MSEL_TTX.json", platform="Discord", gui=True)
if __name__ == '__main__':
asyncio.run(main())Or if you prefer to run the framework without GUI and with Slack instead, you can modify the arguments, and that's it!
Yes, that simple!
await T3SF.start(MSEL="MSEL_TTX.json", platform="Slack", gui=False)If you need more help, you can always check our documentation here!
Supports almost all operating systems
Supports almost all desktop applications developed based on Electron
๏จ All malicious operations are executed by the injected program, those commonly used trusted programs
Bypass of Network Access Control Policy for Applications by Zero Trust Sandbox
Verified that it will not be discovered by the antivirus software below
(Please note that a simple command call has been implemented here, and some behavior based heuristic checks will still prompt , bypass AV is not a key issue to be addressed in this project)
An increasing number of desktop applications are opting for the Electron framework.
Electron provides a method that can be debugged, usually by utilizing Chrome's inspect function or calling inspect through Node.js. In this project, the implementation of inspect was analyzed, and a method for automatically parasitizing common Electron programs was developed.
By establishing a connection with the Command and Control (C2) server, a simple remote control is achieved.
Due to the widespread trust of most antivirus software in these well-known applications (with digital signatures), executing malicious commands in the program context provides excellent concealment and stability.
For these injected applications, it is necessary to carefully consider the potential legal risks brought by such actions. When users analyze program behavior, they may be surprised to find that the parent process executing malicious behavior comes from the application they trust.
nc -lvnp 8899
clone this project
modify build.config
injected_app: The electron program you want to inject
c2: set c2_Public IP and c2_netcat Port
exec node build.js, and then pkg to an execute program
Send to victim, and get electron_shellย
This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts.
This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data.
It's using Baileys since it's a WS based multi-device whatsapp library and therefore could be used in android in the future, using Termux for example.
The idea is to use it with a proxy setup on the server like this: [Client (restricted access) -> Whatsapp -> Server -> Proxy -> Internet]
Apologizes in advance since Javascript it's not one of my primary coding languages :/
Use only for educational purpose.
It sends TCP network packages through WhatsApp text and file messages, depending on the amount of characters it splits them into different text messages or files.
To not get timed out by WhatsApp by default it's limited at 20k characters per message, at the moment it's hardcoded in wasocket.js. I have done multiple tests and anything below that may get you banned for sending too many messages and any above 80k may timeout.
If a network package is over the limit (20k chars by default) it will be sent as a file if enabled. Also if multiple network packages are cached it will use the same cryteria.
File messages are sent as binary files, TCP responses are concatenated with a delimiter and compressed using brotli to reduce data usage.
It caches TCP socket responses to group them and send the maximum amount of data in a message therefore reducing the amount of messages, improving the speed and reducing the probability of getting banned.
Before: (without files and no response caching)
curl -x localhost:12345 https://www.youtube.com
- 50-80 messages
- 30-40 seconds
After: (with files and response caching)
curl -x localhost:12345 https://www.youtube.com
- 6-8 messages
- 7-15 seconds
In case you are not allowed to send files use the --disable-files flag when starting the server and client to disable this functionality.
I got the idea While travelling through South America network data on carriers is usually restricted to not many GBs but WhatsApp is usually unlimited, I tried to create this library since I didn't find any usable at the date.
You must have access to two Whatsapp accounts, one for the server and one for the client. You can forward a local port or use an external proxy.
Clone the repository on your server and install node dependencies.
cd path/to/wa-tunnelnpm installThen you can start the server with the following command where port is the proxy port and host is the proxy host you want to forward. And number is the client WhatsApp number with the country code alltogether and without +.
npm run server host port number
You can use a local proxy server like follows:
npm run server localhost 3128 12345678901
Or you can use a normal proxy server like follows:
npm run server 192.168.0.1 3128 12345678901
Clone the repository on your server and install node dependencies.
cd path/to/wa-tunnelnpm installThen you can start the server with the following command where port is the local port where you will connect and number is the server WhatsApp number with the country code alltogether and without +.
npm run client port number
For example
npm run client 8080 1234567890
The first time you open the script Baileys will ask you to scan the QR code with the whatsapp app, after that the session is saved for later usage.
It may crash, that's normal after that just restart the script and you will have your client/server ready!
Once you have both client and server ready you can test using curl and see the magic happen.
curl -v -x proxyHost:proxyPort https://httpbin.org/ip
With the example commands would be:
curl -v -x localhost:8080 https://httpbin.org/ip
It has been tested also with a normal browser like Firefox, it's slow but can be used.
You can also forward other protocol ports like SSH by setting up the server like this:
npm run server localhost 22 12345678901
And then connect to the server by using in the client:
ssh root@localhost -p 8080
To use on Android, you can use it with Termux using the following commands:
pkg update && pkg upgrade
pkg install git nodejs -y
git clone https://github.com/aleixrodriala/wa-tunnel.git
cd wa-tunnel
npm install
Using this library may get your WhatsApp account banned, use with a temporary number or at your own risk.
