⛧ Church of Malware / GHOSTMODE

GHOSTMODE

Anti-Surveillance QR Payload Jammer
A weaponized Flask + HTML payload system to confuse, overwhelm, and disrupt using links, qr codes or nfc tags.

Screenshot_2025-07-29_23_18_32(2)

Installation

1. Clone the repo:

git clone https://github.com/ekomsSavior/ghostmode.git
cd ghostmode

2. Install Dependencies

sudo apt update && sudo apt install -y python3 python3-pip unzip
pip3 install flask requests python-whois qrcode --break-system-packages

3. Install & Set Up Ngrok

wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz
tar -xvzf ngrok-v3-stable-linux-amd64.tgz
sudo mv ngrok /usr/local/bin/

4. Authenticate Ngrok

ngrok config add-authtoken YOUR_AUTHTOKEN_HERE

Usage

Launch GhostMode like this:

cd ghostmode
python3 ghost_cli.py

GhostMode will:

  • Start the Flask server (ghost_server.py)
  • Tunnel it through Ngrok
  • Let you choose a payload
  • Shorten the URL with is.gd
  • Generate and save a QR code in ghost_qr/

Screenshot_2025-07-29_23_18_32(1)

Payload Descriptions

All payloads are stored in ghost_payloads/:

Filename Description
noise_bomb.html Visual and auditory overload. Disrupts attention and device focus.
sensor_scrambler.html Uses ek0ms or user-supplied art to visually confuse.
identity_mask.html Canvas fingerprint obfuscation and identity spoofing.
identity_reveal.html Baits scanners with transparent metadata logging.
intent_storm.html Fires off deep app-linking Android intents to trigger security prompts or app opens.
signal_jammer.html High-aggression browser disruptor — locks tabs, spams connections, and overloads the UI.
ghost_flash.html Blinking, flashing canvas to overload visual sensors.
chained_payload.html Combines multiple payloads into a single chained attack.

Customizing sensor_scrambler.html

If you use the sensor scrambler, you can customize the artwork shown in the payload.

  1. Replace your_art.png inside the ghost_payloads/ folder.

  2. Your image must be:

  3. Named exactly: your_art.png

  4. Dimensions: 500x500 px
  5. Format: PNG only

This image will be embedded in the page.

Adding New Payloads

To add your own HTML payload:

  1. Drop it into the ghost_payloads/ folder.
  2. It will auto-load into the menu next time you run ghost_cli.py.

Logging

GhostMode logs all browser interaction data to:

logs/ghost_events.log

If a payload like identity_reveal.html is scanned and activated, any fingerprinting or metadata it collects will show up in that log.

Advanced Tools

QR Code Rotator

You can rotate payload QR codes on a timer using:

python3 ghost_qr_rotator.py

This cycles through payloads at a set interval — useful for public installations or protest droppoints.

DISCLAIMER:

Only use on devices and networks you have permission to test on.

Screenshot_2025-07-29_23_18_32(3)

Untitled_Artwork