Specter is a versatile and dynamic red team simulation tool designed to facilitate browser-based attacks for security assessments. This tool allows penetration testers to deliver and manage a wide variety of payloads, including:
- Keylogger: Capture and send keystrokes back to the server
- Geolocation Tracking: Retrieve and send the client's geographic location
- Screenshot Capture: Capture screenshots and send them back as Base64 images
- Webcam Access: Capture webcam images and send them back as Base64
- Clipboard Hijack: Retrieve clipboard content from the client
- File Download: Download files from a URL and send their content back
- APK Download: Trigger APK downloads from specified URLs
- Speech-to-Text: Convert spoken words into text on the client side
- Browser-based payload execution: Send custom or pre-defined JavaScript payloads directly to the client.
- Base64 Encoded Data: Supports payloads that send screenshots, webcam captures, and other data encoded in Base64 format.
- Real-time interaction: Receive real-time feedback from the client, including keystrokes, captured screenshots, and more.
- Custom payloads: Easily extend Specter with custom JavaScript payloads.
- Python 3.7+
websocketslibrary for WebSocket communication- A web browser that supports JavaScript execution and WebSockets
- Clone this repository:
git clone https://github.com/your-username/specter.git cd specter