Redcrox is a browser extension built for browser-based command & control and reconnaissance. It supports both Chromium-based browsers (Chrome, Edge, etc.) and Firefox. Redcrox collects browser data such as keystrokes, cookies, history, clipboard content, and more — all manageable through a secure, self-hosted panel with command-based control over connected clients.
⚠️ This tool is intended strictly for educational purposes, research, and authorized security assessments. Unauthorized use is strictly prohibited.
Redcrox includes multiple telemetry modules and actions, triggered via the web-based admin panel:
- Keylogger – Logs keystrokes with associated URL and page title
- Form Input Capture – Extracts submitted form fields
- Cookie Collection – Gathers available cookies from active pages
- Screenshot Capture – Triggers a snapshot of the browser view
- History & Bookmark Dump – Reads browsing history and saved bookmarks
- Download History – Lists recent downloads
- Clipboard Monitoring – Captures clipboard text
- System Info Collection – Gathers OS, architecture, and browser info
- Download Intercept – Replaces downloads based on file extension
Redcrox is composed of three core components:
- Server (Go): Handles client communication, stores data in SQLite, and provides a browser-based admin panel.
- Chromium Extension: Built using Manifest V3 APIs; collects data via content scripts and background service worker.
- Firefox Extension: WebExtension-compatible version with the same capabilities as the Chrome variant.
+---------------------------+ +-------------------+ +--------------------+
| Browser (Redcrox Ext.) | <────> | Redcrox Server | <────> | SQLite Database |
+---------------------------+ +-------------------+ +--------------------+
▲ │
│ ▼
Command Flow Admin Web Panel
go install [email protected] # or later
git clone https://github.com/BEND0US/redcrox.git
cd redcrox/server
go mod init redcrox-server
go build
./redcrox-serverAdmin panel will be available at: http://localhost:8080
🔐 Note: The default admin password is
password. You should change it immediately after your first login to ensure the security of the admin panel.
- Open
chrome://extensions/ - Enable Developer Mode
- Load unpacked → Select
chrome/
- Go to
about:debugging#/runtime/this-firefox - Load Temporary Add-on → Select
firefox/manifest.json
| Clients | Commands | Download Intercept | Builder |
|---|---|---|---|
 |
 |
 |
 |
✅ Trigger modules for a connected client:
- Log in to the admin panel
- Select a client from the dashboard
- Send available commands (screenshot, history, etc.)
✅ Monitor all collected data in the admin panel:
- Access keystrokes, clipboard data, cookies, history, and more from a single interface
- Filter, view, and manage data in real time across all connected clients
✅ Intercept .exe downloads:
- Configure interception rule in the panel
- Replace requested file with custom URL
All captured data is stored per-client under the SQLite database. Examples:
- Keylogger
- Form submissions (username/password)
- Screenshots
- Clipboard content
- History
- Bookmark
- Download History
- Cookies
- Browser and OS metadata
Redcrox is developed for ethical security research and authorized red teaming engagements only. You are solely responsible for how this tool is used. Misuse or unauthorized deployment may violate local, national, or international laws.
The authors disclaim any responsibility for misuse.
By using this project, you agree to operate within legal and ethical boundaries.
This project is licensed under the MIT License. Usage must always comply with applicable laws and regulations.
Created by BEND0US