{"id":30183601,"url":"https://github.com/exfil0/phantom_whisper","last_synced_at":"2026-05-08T14:08:27.624Z","repository":{"id":307745683,"uuid":"1030587448","full_name":"exfil0/phantom_whisper","owner":"exfil0","description":"The Phantom Whisper is a sophisticated, production-grade Python orchestration framework designed to deploy zero-click exploits with surgical precision.","archived":false,"fork":false,"pushed_at":"2025-08-01T23:42:26.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-02T00:37:14.691Z","etag":null,"topics":["andoird","c2","exploit","ios","linux","pentest","pentest-tool","poc","red-teaming","whatsapp","zero-click"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exfil0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-01T22:55:55.000Z","updated_at":"2025-08-01T23:42:29.000Z","dependencies_parsed_at":"2025-08-02T00:37:17.193Z","dependency_job_id":"bcf8850e-86c3-4712-9145-37c65a290da5","html_url":"https://github.com/exfil0/phantom_whisper","commit_stats":null,"previous_names":["exfil0/phantomwhisper"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/exfil0/phantom_whisper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fphantom_whisper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fphantom_whisper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fphantom_whisper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fphantom_whisper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exfil0","download_url":"https://codeload.github.com/exfil0/phantom_whisper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fphantom_whisper/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270048482,"owners_count":24518075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-12T02:00:09.011Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["andoird","c2","exploit","ios","linux","pentest","pentest-tool","poc","red-teaming","whatsapp","zero-click"],"created_at":"2025-08-12T11:14:35.842Z","updated_at":"2026-05-08T14:08:22.586Z","avatar_url":"https://github.com/exfil0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Phantom Whisper — Step‑by‑Step Usage Guide\n\n*A zero‑to‑green‑check walkthrough*\n\n\u003e Deploy **only** against devices you own **or** have **written consent** to test. You are fully responsible for legality \u0026 ethics.\n\n---\n\n## What is Phantom Whisper?\n\nA Python 3 framework that\n\n1. **Delivers** a prepared WebP zero‑click payload to WhatsApp targets.\n2. **Polls** your C2 for an ASLR leak proving initial compromise.\n3. **Triggers** download/execute of a full implant (iOS or Android).\n4. **Logs** every step to JSON‑lines for audit‑grade traceability.\n\nThe code is single‑host \u0026 sequential today, but architected for multi‑threaded scale tomorrow.\n\n---\n\n## 1  Prerequisites\n\n| Requirement                 | Why                                                                | Quick Check                      |\n| --------------------------- | ------------------------------------------------------------------ | -------------------------------- |\n| **Python 3.9+**             | Modern typing, `pydantic‑settings`, f‑strings                      | `python3 --version`              |\n| `virtualenv` / `pyenv`      | Isolate project dependencies                                       | *(strongly recommended)*         |\n| **Git + GCC/Clang**         | Clone repo \u0026 compile any C‑backed wheels                           | `git --version`, `gcc --version` |\n| Out‑of‑scope test device(s) | **Only for ethical testing**—never target without explicit consent | Verify IMEI / device ID          |\n\n\u003e 💡 *A C compiler is usually **optional**—all current wheels are pre‑built.*\n\n---\n\n## 2  Clone \u0026 Install\n\n```bash\n# 2.1 Clone the repository\n$ git clone https://github.com/exfil0/phantom_whisper.git\n$ cd phantom_whisper\n\n# 2.2 Create \u0026 activate a virtual environment\n$ python3 -m venv .venv\n$ source .venv/bin/activate       # Windows: .venv\\Scripts\\activate\n\n# 2.3 Install runtime dependencies\n$ pip install -r requirements.txt\n```\n\n---\n\n## 3  Configure Environment\n\nCreate a file named **`.env`** *in the project root*:\n\n```dotenv\n# Required\nC2_API_KEY=REPLACE_ME\n\n# Optional overrides\nC2_SERVER_BASE_URL=https://c2.example.com\nTARGET_WHATSAPP_IDS=\"+15551234567,+447911123456\"\nOS_TYPE=android                # ios (default) | android\n```\n\nThe `Settings` model (see `config.py`) automatically ingests these at runtime.\n\n---\n\n## 4  Payload \u0026 Target Prep\n\n1. **Payload** – place your malicious WebP at **`payloads/malicious_webp.bin`**.\n2. **Targets** – supply IDs via `TARGET_WHATSAPP_IDS` **or** edit the default list in `config.py`.\n\n---\n\n## 5  Smoke Test (Dry‑Run)\n\n```bash\n$ python -m phantom_whisper.orchestrator\n```\n\n*Expect:*\n\n* Console output in plain text.\n* `logs/phantom_whisper.log` containing structured JSON lines.\n* **Zero** outbound C2 traffic unless your `.env` is fully populated.\n\n---\n\n## 6 Live Execution ⚠️\n\n\u003e **Ensure you have legal authority \u0026 written permission before proceeding.**\n\n```bash\n# Verify C2 reachability, VPN/lab network, etc.\n$ python -m phantom_whisper.orchestrator\n```\n\n### Execution Flow (per target)\n\n1. **Init clients** `C2Client` + `WhatsAppTransport` (per‑target context).\n2. **Send payload** Zero‑click WebP delivery.\n3. **Poll for leak** Exponential back‑off until ASLR address received.\n4. **Deploy implant** Command C2 to push the full binary.\n\n| Exit Code | Meaning                           |\n| --------- | --------------------------------- |\n|  `0`      | All targets succeeded             |\n|  `N \u003e 0`  |  `N` targets failed orchestration |\n\n---\n\n## 7 Logging \u0026 Telemetry\n\n| Channel | Location                     | Format        |\n| ------- | ---------------------------- | ------------- |\n| Console | STDOUT                       | Plain text    |\n| File    | `./logs/phantom_whisper.log` | JSON‑per‑line |\n\nEach entry contains: `timestamp`, `session_id`, `payload_hash`, `target_id`, log level, and message.\n\n\u003e **Tip:** Ship the log file to ELK, Splunk, or simply `jq` for ad‑hoc forensics.\n\n---\n\n## 8  Parallel Mode (Optional)\n\nUncomment the `ThreadPoolExecutor` block in `orchestrator.py` and set `MAX_WORKERS` in your `.env`.\n\n---\n\n## 9  Cleanup\n\n```bash\n$ deactivate                        # leave venv\n$ rm -rf .venv logs/*.log           # nuke env \u0026 logs\n```\n\n---\n\n## 10  Troubleshooting\n\n| Symptom                        | Likely Cause                               | Remedy                                                       |\n| ------------------------------ | ------------------------------------------ | ------------------------------------------------------------ |\n| `ConnectionError`              | Bad C2 URL / network issues                | Verify `C2_SERVER_BASE_URL`, VPN, firewall                   |\n| `PayloadError`                 | Missing WebP file                          | Check `payloads/malicious_webp.bin` path                     |\n| `C2ResponseSchemaError`        | C2 JSON doesn’t match expected schema      | Update C2 server or adjust client                            |\n| Exit code \u003e 0                  | Target orchestration failures              | Inspect `phantom_whisper.log` `ERROR` entries                |\n| `AttributeError` / `NameError` | Missing dependency or wrong Python version | Re‑run `pip install -r requirements.txt`; ensure Python 3.9+ |\n\n---\n\n### Next Steps\n\n* **Real WhatsApp transport** – replace simulator.\n* **CLI flags** – for headless operation \u0026 overrides.\n* **PyInstaller bundle** – single‑file distribution.\n* **gRPC‑based C2** – flexible backend protocol.\n\nPRs welcome\n\n---\n\n## License\nInternal proof‑of‑concept — no public license. Contact the author for usage terms.\n\n---\n\n**Happy hunting \u0026 stay ethical!**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fphantom_whisper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexfil0%2Fphantom_whisper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fphantom_whisper/lists"}