✈️Use Telegram bot as a Penetration Testing Framework

Sofiane Hamlaoui
Dec 15, 2019 · 5 min read

  • The idea ? :

So I was checking out my browser bookmarks, then I noticed having a medium article about Telegram bot for Hacking & Pentesting. I checked the article and shared it on my Twitter account, than I’ve seen that some CyberSec (or Interested by ) loved the bot idea.
I made a
Penetration Testing Framework called Lockdoor, So why not making the same thing with my tool ?

Updates : Arbaz Hussain’s tool isn’t working now ( 12/15/2019 )

Check it here : https://github.com/arbazkiraak/hackbot

  • How does that work ?

So the idea is by running Lockdoor Framework from any Telegram chat/messenger.

Basically, it’s about running ( commands ) to run the tool from any Telegram chat, Of course before doing that you have to configure & install the tool first, than configuring the bot and using it.

  • Cool, Let’s do that !

1 — Configuring & Installing Lockdoor Framework :

To do that, you can check the installation wiki of my Lockdoor tool :

  • Or just install it directly using the commands below :
$: git clone https://github.com/SofianeHamlaoui/Lockdoor-Framework.git && cd Lockdoor-Framework 
$: chmod +x ./install.sh
$: ./install.sh

2 — Configuring & Installing the Telegram bot

For that I used a modified version of shell bot, made by botgram.

  • Configuring the bot


  • type /newbot to create a new bot
  • give it a Name. ( A name for your Telegram Bot )
  • give it a Username. ( A username for your Telegram bot
  • Copy and Save the API

  • Configuring & Running the bot server
Requirements : 
- python
- node-pty
- Telegram
- Happiness :D
  • * Installing
$: git clone https://github.com/SofianeHamlaoui/Lockdoor-bot && cd Lockdoor-bot
$: npm install
  • *Starting the server :
$: node server

The first time you run it, it will ask you some questions and create the configuration file automatically: config.json. You can also write it manually, see config.example.json

  • Using the API token you copied after creating the Telegram bot
  • Use the link given by the bot ( https://t.me/X/X/X/X/X/X/X/X/X/ ) and send a message to make your Telegram’s account as bot’s owner )
  • *Running the server :
$: node server

CONGRATULATIONS ! Your Bot is ready ❤

  • The commands :

You have lot of commands to use with this bot here is the list of the commands ( or you can check them from github’s repo )

run - Execute command
enter - Send input lines to command
type - Type keys into command
control - Type Control+Letter
meta - Send the next typed key with Alt
keypad - Toggle keypad for special keys
redraw - Force the command to repaint
end - Send EOF to command
cancel - Interrupt command
kill - Send signal to process
status - View status and current settings
cd - Change directory
env - Manipulate the environment
shell - Change shell used to run commands
resize - Change the terminal size
setsilent - Enable / disable silent output
setlinkpreviews - Enable / disable link expansion
setinteractive - Enable / disable shell interactive flag
help - Get help
file - View and edit small text files
upload - Upload and overwrite raw files
r - Alias for /run or /enter

The important commands :

/run - to run a command
/enter - to Send input lines to command

After Configuring and running the server, Now it’s time to Use Lockdoor-Framework From any Telegram Chat/Messenger.

Now ! You have 2 choices ! As Lockdoor Framework requires the Root Permissions, You can :

  • 1 > Run the bot server as root, ( Not really recommended)
$: sudo node server
  • 2 > Run lockdoor as root from the telegram chat
$: ( Telegram chat ) : /run sudo lockdoor

  • Go to your telegram bot chat and type /run lockdoor ( or /run sudo lockdoor if you didn’t start the bot server as root )

CONGRATULATIONS ! You’re running a Penetration Testing Framework from a Telegram chat ❤

  • Screenshots :

From Desktop/Web chat :

Sofiane Hamlaoui

Written by

Student, pentester , fan of proramming and a Cyber Security Analyst.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade