Introduction to peeko
peeko is a browser-based XSS-powered Command and Control (C2) tool designed for stealthy internal network exploration. By leveraging the victim's browser, peeko allows attackers to remotely control the browser to send requests to internal services, scan networks, exfiltrate data, and execute arbitrary JavaScript without dropping any binaries.
Key Features:
- WebSocket Communication: Establishes a connection between the victim's browser and the attacker's server.
- Control Panel: A simple UI to manage connected victims and execute commands.
- Network Scanning: Scan internal networks and specific ports.
- File Delivery: Send files to the victim's browser for automatic download.
- Info Gathering: Collect user agent, platform, cookies, and more.
- Custom JS Execution: Run arbitrary JavaScript on the victim's browser.
- Logging: Comprehensive logging of requests, responses, and actions.
Benefits:
- Stealthy Operations: Operates without dropping files or making outbound connections, making it harder to detect.
- Educational Use: Designed for authorized testing and educational purposes, ensuring ethical use.
Highlights:
- Supports HTTPS with self-signed certificates.
- Lightweight setup with minimal dependencies.
- Written in Python, making it accessible for developers familiar with the language.