As a red teamer, you have probably sat in front of your computer more than once, staring at the screen, waiting for that sweet beacon callback. It’s even worse when it comes to phishing, where it could happen in minutes, hours, or even days.

But instead of waiting around you can use Havoc’s Python API and ntfy.sh to get notified about new beacon callbacks.

ntfy.sh is a service for sending and receiving notifications using topics. On their website, they have the following example for sending a notification to a topic called mytopic:

curl -d "Backup successful πŸ˜€" ntfy.sh/mytopic

A simple POST request can be used to send a notification. To receive a notification, you can use the mobile app and subscribe to a topic, such as MyHavocBeacons:

Inside the mobile app you can subscribe to topics.

Inside the mobile app you can subscribe to topics.

Of course, you should change the topic name to something that is not easily guessable, otherwise everyone will be able to read your notifications.

To send notifications with Python, we only need two lines of code:

import requests

requests.post('https://ntfy.sh/MyHavocBeacons', data=f"πŸ₯“πŸ₯“πŸ₯“ New Beacon! πŸ₯“πŸ₯“πŸ₯“".encode('utf-8'))

Next, let’s turn the above code into an extension that can be loaded within Havoc:

import requests
from havoc import Demon, RegisterCallback

webhook_url = 'https://ntfy.sh/MyHavocBeacons'

def alert_new_demon(demonID):
    # Send notification
    requests.post(webhook_url, data=f"πŸ₯“πŸ₯“πŸ₯“ New Beacon! πŸ₯“πŸ₯“πŸ₯“".encode('utf-8'))

RegisterCallback(alert_new_demon)

Now we can use Havoc’s Script Manager to load our small Python extension:

Under Scripts > Script Manager you can load and unload Python scripts.

Under Scripts > Script Manager you can load and unload Python scripts.

From now on, you can enjoy your new-beacon-arrived notifications on your phone! But beware, every notification on your phone will make your heart race if you don’t change the notification sound 🫠.