QRGen – Tool To Generate Malicious QR Code

QRGen - Tool To Generate Malicious QR Code xploitlab

Many method of hacking to hack a smartphones. If you use QRCode to login into whatsapp web for example. The QRCode is can be a bridge to hack your smartphone. This will happen if you scan the code, you automatically open or download something after that, because inside the QRCode there have some command to open, download or install something automatically when you scan that QRCode.

Overview

QRGen is a simple script for generating Malicious QRCodes with your custom payloads/commands.

I’ve wrote this little script to generate generic Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner’s parser or how the application handle QRCode data.
Down side of this tool: you need to manually scan codes with camera 🙁

Demo

QRGen Demo - Tool To Generate Malicious QR Code

Installation

What to you need:

  • python3
  • qrcode
  • Pillow
  • argparse

Steps

git clone https://github.com/h0nus/QRGen
cd QRGen
pip3 install -r requirements.txt
OR 
python3 -m pip install -r requirements.txt
python3 qrgen.py 

Personalization

You can change the default wordlists to what you want by passing -w/–wordlist 🙂 Order of default wordlists group:

  • SQL Injection
  • XSS
  • Command Injection
  • Format String
  • XXE
  • String Fuzzing
  • SSI Injection
  • LFI/Directory Traversal
  • custom passed with -w/–wordlist

Hacking With QRCode

You can practice by yourself how to hack with QRCode.

Choose your own command and then generate the malicious QRCode with this tool. Scan the code on your phone to understand how it works.

Disclaimer

QRGen is use for educations not to harm other people. Learn the hacker ways to protect yourself from it.


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − 19 =