Hello and Welcome to the following channel and blog Shadow Hacker , this tool QRLJacker v2.0 one of the most powerful tools for hacking whatsApp
Install all the requirements with pip install -r requirements.txt
Now you can run the framework with python3 QrlJacker.py --help
QRLJacker v2.0 - QRLJacking Exploitation Framework 2020
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code as the main way to login users to different servicesPrerequisites before installing:
Linux or MacOS. (Not working on windows)
Python 3.7+
Python 3.7+
Installing instructions:
Update Firefox browser to the latest version
Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases and extract the file then do :
Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases and extract the file then do :
Clone the repo with git clone https://github.com/OWASP/QRLJacking then do cd QRLJacking/QRLJackerchmod +x geckodriver
sudo mv -f geckodriver /usr/local/share/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver
sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver
Install all the requirements with pip install -r requirements.txt
Now you can run the framework with python3 QrlJacker.py --help
Tested on
Ubuntu 18.04 Bionic Beaver
Kali Linux 2019.x and up
Kali Linux 2019.x and up
Usage
Commandline arguments
Main menu helpusage: QrlJacker.py [-h] [-r ] [-x ] [--debug] [--dev] [--verbose] [-q]
optional arguments:
-h, --help show this help message and exit
-r Execute a resource file (history file).
-x Execute a specific command (use ; for multiples).
--debug Enables debug mode (Identifying problems easier).
--dev Enables development mode (Reloading modules every use).
--verbose Enables verbose mode (Display more details).
-q Quit mode (no banner).
General commandsModule menu help
=================
Command Description
--------- -------------
help/? Show this help menu.
os <command> Execute a system command without closing the framework
banner Display banner.
exit/quit Exit the framework.
Core commands
=============
Command Description
--------- -------------
database Prints the core version and then check if it's up-to-date.
debug Drop into debug mode or disable it. (Making identifying problems easier)
dev Drop into development mode or disable it. (Reload modules every use)
verbose Drop into verbose mode or disable it. (Make framework displays more details)
reload/refresh Reload the modules database.
Resources commands
==================
Command Description
--------- -------------
history Display commandline most important history from the beginning.
makerc Save the most important commands entered since start to a file.
resource <file> Run the commands stored in a file.
Sessions management commands
============================
Command Description
--------- -------------
sessions (-h) Dump session listings and display information about sessions.
jobs (-h) Displays and manages jobs.
Module commands
===============
Command Description
--------- -------------
list/show List modules you can use.
use <module> Use an available module.
info <module> Get information about an available module.
previous Runs the previously loaded module.
search <text> Search for a module by a specific text in its name or in its description.
General commands
=================
Command Description
--------- -------------
help/? Show this help menu.
os <command> Execute a system command without closing the framework
banner Display banner.
exit/quit Exit the framework.
Core commands
=============
Command Description
--------- -------------
database Prints the core version and then check if it's up-to-date.
debug Drop into debug mode or disable it. (Making identifying problems easier)
dev Drop into development mode or disable it. (Reload modules every use)
verbose Drop into verbose mode or disable it. (Make framework displays more details)
reload/refresh Reload the modules database.
Resources commands
==================
Command Description
--------- -------------
history Display commandline most important history from the beginning.
makerc Save the most important commands entered since start to a file.
resource <file> Run the commands stored in a file.
Sessions management commands
============================
Command Description
--------- -------------
sessions (-h) Dump session listings and display information about sessions.
jobs (-h) Displays and manages jobs.
Module commands
===============
Command Description
---------- --------------
list/show List modules you can use.
options Displays options for the current module.
set Sets a context-specific variable to a value.
run Launch the current module.
use <module> Use an available module.
info <module> Get information about an available module.
search <text> Search for a module by a specific text in its name or in its description.
previous Sets the previously loaded module as the current module.
back Move back from the current context.
Taking advantage of the core
Commands autocomplete
The autocomplete feature that has been implemented in this framework is not the usual one you always see, here are some highlights:
It's designed to fix typos in typed commands to the most similar command with just one tab click so saerch becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what module you are trying to use by typing any part of it. For example if you typed use wh and clicked tab, it would be replaced with use grabber/whatsapp and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like autocomplete for options of the current module after set command, autocomplete for modules after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find the normal autocompletion things you were using before, like commands autocompletion and persistent history, etc...
It's designed to fix typos in typed commands to the most similar command with just one tab click so saerch becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what module you are trying to use by typing any part of it. For example if you typed use wh and clicked tab, it would be replaced with use grabber/whatsapp and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like autocomplete for options of the current module after set command, autocomplete for modules after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find the normal autocompletion things you were using before, like commands autocompletion and persistent history, etc...
Automation
As you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.
Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.
There are history and resource commands so you don't need to exit the framework.
You can execute as many commands as you want at the same time by splitting them with semi-colon and many more left to be discovered by yourself.
Searching for modules in QRLJacker is so easy, you can search for a module by its name, something written in its description or even the author name.
Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.
There are history and resource commands so you don't need to exit the framework.
You can execute as many commands as you want at the same time by splitting them with semi-colon and many more left to be discovered by yourself.
Searching for modules in QRLJacker is so easy, you can search for a module by its name, something written in its description or even the author name.
thank you for watch Shadow Hacker