Submit your favorite resources for free.

Recent
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

The Ultimate Directory for Offensive Security

Resources

Recent
Category

Home
Items
Evil QR

Evil QR

Evil QR is a toolkit demonstrating how attackers can take over accounts by convincing users to scan supplied QR codes through phishing.

Visit Website Share on X

image of Evil QR

Introduction

Information

Publisher
Admin
Websitebreakdev.org
Created date04/20/2025
Published date04/20/2025

Categories

Social Engineering
Red Team Operations

Tags

Phishing

More Resources

Listing

Pricing
FAQ
Submit

Pages

Home
Support
Sitemap
llms.txt

Company

About Us
Privacy Policy
Terms of Service

Copyright © 2026 All Rights Reserved.

image of GeoEvident

ReconnaissanceReportingSocial Engineering

Featured

GeoEvident

AI geolocation platform identifying indoor/outdoor photo locations like hotel rooms and street views with verifiable evidence for OSINT and recon.

OSINT AI Report External

image of IronPE

Exploit DevelopmentInfrastructure SecurityRed Team Operations

IronPE

Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.

image of Black Hat Ethical Hacking

TrainingSocial EngineeringSecurity Firms

Black Hat Ethical Hacking

Adversary simulation provider offering manual penetration testing, phishing assessments, offensive security training, and technical tool development.

Training Phishing

Evil QR: Phishing with QR Codes

Evil QR is a proof-of-concept toolkit designed to demonstrate QRLJacking, a phishing technique that exploits QR code-based login systems. It allows attackers to potentially gain control of user accounts by tricking them into scanning malicious QR codes.

Key Features:

QR Code Extraction: The Evil QR browser extension can extract QR codes from various web elements (CANVAS, IMG, SVG, DIV) on login pages.
Dynamic Phishing Pages: The Evil QR server hosts phishing pages that dynamically display attacker-controlled QR codes.
Customizable Pre-text: Phishing pages can be customized with personalized text to enhance social engineering.
HTTP Long Polling: Uses HTTP Long Polling for near real-time updates of QR codes on the phishing page.
Account Takeover Detection: The extension can detect successful logins on the victim's account.

Use Cases:

Demonstration of QRLJacking: Illustrates the potential risks associated with QR code-based login systems.
Red Team Exercises: Can be used in red team operations to simulate phishing attacks and assess security awareness.
Security Research: Provides a platform for researching and developing countermeasures against QRLJacking attacks.

Target Users:

Security researchers
Red team operators
Penetration testers
Security enthusiasts

Evil QR - HackDB