{"id":15010800,"url":"https://github.com/joelgmsec/evilnovnc","last_synced_at":"2025-05-15T01:08:55.718Z","repository":{"id":58614264,"uuid":"532511232","full_name":"JoelGMSec/EvilnoVNC","owner":"JoelGMSec","description":"Ready to go Phishing Platform","archived":false,"fork":false,"pushed_at":"2025-05-06T15:24:27.000Z","size":228,"stargazers_count":966,"open_issues_count":3,"forks_count":169,"subscribers_count":21,"default_branch":"main","last_synced_at":"2025-05-15T01:08:49.339Z","etag":null,"topics":["2fabypass","chromium","docker","evilnovnc","novnc","phishing","platform"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JoelGMSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"JoelGMSec","patreon":null,"open_collective":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop"]}},"created_at":"2022-09-04T10:48:49.000Z","updated_at":"2025-05-14T16:00:06.000Z","dependencies_parsed_at":"2023-01-30T06:10:14.177Z","dependency_job_id":"c9a92051-36eb-4402-9b82-f0c07cc84aa6","html_url":"https://github.com/JoelGMSec/EvilnoVNC","commit_stats":{"total_commits":30,"total_committers":3,"mean_commits":10.0,"dds":"0.19999999999999996","last_synced_commit":"5e74a5d78e97cf2b756c622063748ea53b33b4dc"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FEvilnoVNC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FEvilnoVNC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FEvilnoVNC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FEvilnoVNC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JoelGMSec","download_url":"https://codeload.github.com/JoelGMSec/EvilnoVNC/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254042,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fabypass","chromium","docker","evilnovnc","novnc","phishing","platform"],"created_at":"2024-09-24T19:36:04.296Z","updated_at":"2025-05-15T01:08:50.708Z","avatar_url":"https://github.com/JoelGMSec.png","language":"JavaScript","funding_links":["https://github.com/sponsors/JoelGMSec","https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop","https://www.buymeacoffee.com/joelgmsec"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg width=600 alt=\"EvilnoVNC\" src=\"https://github.com/JoelGMSec/EvilnoVNC/blob/main/EvilnoVNC.png\"\u003e\u003c/p\u003e\n\n# EvilnoVNC\n**EvilnoVNC** is a Ready to go Phishing Platform. \n\nUnlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection.\n\nIn addition, this tool allows us to see in real time all of the victim's actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.\n\n\n# Requirements\n- Docker\n- Chromium\n\n\n# Download\nIt's recommended to clone the complete repository or download the zip file.\\\nAdditionally, it's necessary to build Docker manually. You can do this by running the following commands:\n```\ngit clone https://github.com/JoelGMSec/EvilnoVNC\ncd EvilnoVNC ; sudo chown -R 103 Downloads\nsudo docker build -t joelgmsec/evilnovnc .\n```\n\n\n# Usage\n```\n./start.sh -h\n                                                     \n  _____       _ _          __     ___   _  ____\n | ____|_   _(_) |_ __   __\\ \\   / / \\ | |/ ___|\n |  _| \\ \\ / / | | '_ \\ / _ \\ \\ / /|  \\| | |\n | |___ \\ V /| | | | | | (_) \\ V / | |\\  | |___\n |_____| \\_/ |_|_|_| |_|\\___/ \\_/  |_| \\_|\\____|\n\n  ---------------- by @JoelGMSec --------------\n\nUsage:  ./start.sh $resolution $url\n\nExamples:\n        1280x720  16bits: ./start.sh 1280x720x16 http://example.com\n        1280x720  24bits: ./start.sh 1280x720x24 http://example.com\n        1920x1080 16bits: ./start.sh 1920x1080x16 http://example.com\n        1920x1080 24bits: ./start.sh 1920x1080x24 http://example.com\n\nDynamic resolution:\n        ./start.sh dynamic http://example.com\n\n```\n\n### The detailed guide of use can be found at the following link:\n\nhttps://darkbyte.net/robando-sesiones-y-bypasseando-2fa-con-evilnovnc\n\n# Features \u0026 To Do\n- [X] Export Evil-Chromium profile to host\n- [X] Save download files on host\n- [X] Disable parameters in URL (like password)\n- [X] Disable key combinations (like Alt+1 or Ctrl+S)\n- [X] Disable access to Thunar\n- [X] Decrypt cookies in real time\n- [X] Expand cookie life to 99999999999999999\n- [X] Dynamic title from original website\n- [X] Dynamic resolution from preload page\n- [X] Basic keylogger\n- [X] Replicate real user-agent and other stuff\n- [X] Faster than ever\n- [ ] Crazy new ideas\n\n\n# License\nThis project is licensed under the GNU 3.0 license - see the LICENSE file for more details.\n\n\n# Credits and Acknowledgments\nOriginal idea by [@mrd0x](https://twitter.com/mrd0x): https://mrd0x.com/bypass-2fa-using-novnc \\\nThis tool has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec\n\nSpecial thanks to [@ms101](https://github.com/ms101) for some fixes and improvements. \\\nSpecial thanks to [@git-it](https://github.com/git-it) for User-agent and Accept-Language patch.\n\n\n# Contact\nThis software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.\n\nFor more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).\n\n\n# Support\nYou can support my work buying me a coffee:\n\n[\u003cimg width=250 alt=\"buymeacoffe\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-blue.png\"\u003e](https://www.buymeacoffee.com/joelgmsec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelgmsec%2Fevilnovnc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoelgmsec%2Fevilnovnc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoelgmsec%2Fevilnovnc/lists"}