Flask or Django

[godslucy]

i want to create a webpanel. when my backdoor script is run on victims PC. i want the panel to pop up and show 1 by 1 . so how do i write the code and which libs is best for it .. i have already have backdoors and malware ready. but dont know how to start it . a small guide on which ports to use and every single scripts should have different ports correct? please just a small brief will be good for me

thank you

 

[Risinka]

django for big project else flask

 

[voldemort]

I think flask is a light weight and it is good for pretty much anything you want. but it really depends on the type of the project

 

[greywraith]

First learn how Flask works. This is a good guide:

How To Create Your First Web Application Using Flask and Python 3 | DigitalOcean

Flask is a lightweight Python web framework that provides useful tools and features for creating web applications in the Python Language. In this tutorial, y…

www.digitalocean.com

Then look at existing panels to understand how Flask can work as a panel. Like:

GitHub - sweetsoftware/Ares: Python botnet and backdoor

Python botnet and backdoor. Contribute to sweetsoftware/Ares development by creating an account on GitHub.

github.com

GitHub - xRET2pwn/PickleC2: PickleC2 is a post-exploitation and lateral movements framework

PickleC2 is a post-exploitation and lateral movements framework - xRET2pwn/PickleC2

github.com

GitHub - Ziconius/FudgeC2: FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities. - Ziconius/FudgeC2

github.com

You will have to write an API that supports your malware HTTP requests.

 

[ReverseTrue]

Use flask and start coding

 

[web3thug]

Fast API, It will work faster and supports asynchrony. Let Flask die already.

 

[Sarreyayvoh]

Both will work, personally I prefer flask, it is lighter, but as indicated above, Django or even Fast API are perfectly viable.

What you need is not in my area of expertise, but here are some ideas that I would do:

Regarding the port, avoid taking something with 5 digits, move between 3 and 4 digits. Just something that doesn't attract much attention.

You must consider what protocol and how you are going to send the information in the backend. Perhaps some type of HTTP/S POST with a payload in the form of JSON, encrypted, so that neither point has to maintain the connection and it is easier to go unnoticed with the rest of the victim's traffic.

Also add a "panic" button to the panel. Just in case something gets out of hand, make sure it does a good wipe of all your shit if you need it.

 

[Умикуд]

fastapi

 

[Tr0jan_Horse]

I use flask for this. Easy and simple, but I recommend read this https://escape.tech/blog/best-practices-protect-flask-applications/