Grok-backdoor is a simple python based backdoor, it uses Ngrok tunnel for the communication. Ngrok-backdoor can generate Windows, Linux and Mac binaries using Pyinstaller.
Ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.
Ngrok connect our malware local listerner port to ngrok cloud service which accepts traffic on a public address and relays that traffic through to the ngrok process(our listner) running on your machine and then on to the local address you specified.
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.
Python 2.7
Pyinstaller 3.21
python-pip 9.0.1
pip install -r requirements.txt
You need a ngrok.com acccount to use this backdoor, provide Ngrok authcode while configuring the grok-backdoor. You will see a new tcp tunnel created in Ngrok status panel after the grok-backdoor server execution on victim machine
Create backdoor binary by running :
python grok-backdoor.py
You can find the output binary in grok-backdoor/dist/ directory:
Run grok-backdoor output binary in victim machine and login to Ngrok.com control panel to see the tunnel URL:
Telnet to tunnel URL to get the Bind shell: Enjoy shell :)
choose No when grok-backdoor ask for "Do you want to download Ngrok binary during execution?". If you choose 'N' it will bind ngrok with the output backdoor binary
Choose bind ngrok binary with malware option to bypass proxy blocking.
Report bugs to twitter.com/deepzec & Pull request are always welcome :)
