Many method of hacking to hack a smartphones. If you use QRCode to login into whatsapp web for example. The QRCode is can be a bridge to hack your smartphone. This will happen if you scan the code, you automatically open or download something after that, because inside the QRCode there have some command to open, download or install something automatically when you scan that QRCode.
Overview
QRGen is a simple script for generating Malicious QRCodes with your custom payloads/commands.
I’ve wrote this little script to generate generic Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner’s parser or how the application handle QRCode data.
Down side of this tool: you need to manually scan codes with camera 🙁
Demo
Installation
What to you need:
- python3
- qrcode
- Pillow
- argparse
Steps
git clone https://github.com/h0nus/QRGencd QRGenpip3 install -r requirements.txtORpython3 -m pip install -r requirements.txtpython3 qrgen.py
Personalization
You can change the default wordlists to what you want by passing -w/–wordlist 🙂 Order of default wordlists group:
- SQL Injection
- XSS
- Command Injection
- Format String
- XXE
- String Fuzzing
- SSI Injection
- LFI/Directory Traversal
- custom passed with -w/–wordlist
Hacking With QRCode
You can practice by yourself how to hack with QRCode.
Choose your own command and then generate the malicious QRCode with this tool. Scan the code on your phone to understand how it works.
Disclaimer
QRGen is use for educations not to harm other people. Learn the hacker ways to protect yourself from it.
