Use Telegram bot as a Penetration Testing Framework

✈️Use Telegram bot as a Penetration Testing Framework

• The idea ? :

So I was checking out my browser bookmarks, then I noticed having a medium article about Telegram bot for Hacking & Pentesting . I checked the article and shared it on my Twitter account, than I’ve seen that some CyberSec (or Interested by ) loved the bot idea.

I made a Penetration Testing Framework called Lockdoor, So why not making the same thing with my tool ?

Updates : Arbaz Hussain’s tool isn’t working now ( 12/15/2019 )

Check it here : https://github.com/arbazkiraak/hackbot

• How does that work ?

So the idea is by running Lockdoor Framework from any Telegram chat/messenger.

Basically, it’s about running ( commands ) to run the tool from any Telegram chat, Of course before doing that you have first to configure & install the tool first, than configuring the bot and using it.

• Cool, Let’s do that !

1 — Configuring & Installing Lockdoor Framework :

To do that, you can check the installation wiki of the tool :

SofianeHamlaoui/Lockdoor-Framework

• Or :

$: git clone [https://github.com/SofianeHamlaoui/Lockdoor-Framework.git](https://github.com/SofianeHamlaoui/Lockdoor-Framework.git) && cd Lockdoor-Framework 
$: chmod +x ./install.sh 
$: ./install.sh

2 — Configuring & Installing the Telegram bot

For that I used A modified version of shell bot, made by _ _ botgram .

• Configuring the bot

https://github.com/SofianeHamlaoui/lockdoor-bot

Starting a conversation with botfather

• Go to https://web.telegram.org/
• Start a conversation with our father botfather

Creating the Telegram bot

• type /newbot to create a new bot
• give it a Name. ( A name for your Telegram Bot )
• give it a Username. ( A username for your Telegram bot
• Copy and Save the API
• Configuring & Running the bot server

Requirements : 
- python
- [node-pty](https://github.com/Microsoft/node-pty#dependencies)
- Telegram 
- Happiness :D

• * Installing

$: git clone [https://github.com/SofianeHamlaoui/Lockdoor-bot](https://github.com/SofianeHamlaoui/lockdoor-bot) && cd Lockdoor-bot
$: npm install

• *Starting the server :

$: node server

The first time you run it, it will ask you some questions and create the configuration file automatically: config.json. You can also write it manually, see config.example.json

Configuring the server

• Using the API token you copied after creating the Telegram bot
• Use the link given by the bot ( https://t.me/X/X/X/X/X/X/X/X/X/ ) and send a message to make your Telegram profile as bot’s owner )
• *Running the server :

$: node server

The bot is ready

CONGRATULATIONS ! Your Bot is ready ❤

• The commands :

You have lot of commands to use with this bot here is the list of the commands ( or you can check them fromgithub’s repo_ )_

run - Execute command
enter - Send input lines to command
type - Type keys into command
control - Type Control+Letter
meta - Send the next typed key with Alt
keypad - Toggle keypad for special keys
redraw - Force the command to repaint
end - Send EOF to command
cancel - Interrupt command
kill - Send signal to process
status - View status and current settings
cd - Change directory
env - Manipulate the environment
shell - Change shell used to run commands
resize - Change the terminal size
setsilent - Enable / disable silent output
setlinkpreviews - Enable / disable link expansion
setinteractive - Enable / disable shell interactive flag
help - Get help
file - View and edit small text files
upload - Upload and overwrite raw files
r - Alias for /run or /enter

The important commands :

/run - to run a command
/enter - to Send input lines to command

After Configuring and running the server, Now it’s time to Use Lockdoor-Framework From any Telegram Chat/Messenger.

Now ! You have 2 choices ! As Lockdoor Framework requires the Root Permissions, You can :

• 1 > Run the bot server as root, ( Not really recommended)

$: sudo node server

• 2 > Run lockdoor as root from the telegram chat

$: ( Telegram chat ) : / **run sudo lockdoor**

• Go to your telegram bot chat and type / run lockdoor ( or / run sudo lockdoor if you didn’t start the bot server as root )

CONGRATULATIONS ! You’re running a Penetration Testing Framework from a Telegram chat ❤

• Screenshots :

From Desktop/Web chat :

Screenshots from the Desktop/Web chat

From phone :

Lockdoor Framework on phone

• What’s next ? :

More : Check Lockdoor Framework Github repo with to know more about the tool and how it works ❤

• My Github profile :

SofianeHamlaoui/Lockdoor-Framework

• My Twitter account :

Sofiane Hamlaoui

• My Website :

Sofiane HAMLAOUI on about.me

• My Facebook profile

Facebook

• Thanks !

Thanks to Arbaz Hussain for his article that gave me this idea.

Thanks to Alba Mendez for her bot-shell that helped me making the lockdoor Telegram bot.