GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → averagesecurityguy → c2

averagesecurityguy / c2

Licence: other
A simple, extensible C&C beaconing system.

Programming Languages

go
31211 projects - #10 most used programming language

Labels

hackingpenetration-testingpentestingsecurity-toolscommand-and-controlimplants

Projects that are alternatives of or similar to c2

link
link is a command and control framework written in rust
Stars: ✭ 345 (+270.97%)
Mutual labels:  penetration-testing, command-and-control
dark-lord-obama
AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities
Stars: ✭ 61 (-34.41%)
Mutual labels:  penetration-testing, command-and-control
KaliIntelligenceSuite
Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-37.63%)
Mutual labels:  penetration-testing
pwn-pulse
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Stars: ✭ 126 (+35.48%)
Mutual labels:  penetration-testing
BURN
[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-86.02%)
Mutual labels:  penetration-testing
filter-var-sqli
Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
Stars: ✭ 29 (-68.82%)
Mutual labels:  penetration-testing
S3Scan
Script to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-77.42%)
Mutual labels:  penetration-testing
ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…
Stars: ✭ 69 (-25.81%)
Mutual labels:  penetration-testing
urldedupe
Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (+123.66%)
Mutual labels:  penetration-testing
pentest-reports
Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
Stars: ✭ 111 (+19.35%)
Mutual labels:  penetration-testing
huntkit
Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Stars: ✭ 51 (-45.16%)
Mutual labels:  penetration-testing
webrecon
Automated Web Recon Shell Scripts
Stars: ✭ 48 (-48.39%)
Mutual labels:  penetration-testing
reverie
Automated Pentest Tools Designed For Parrot Linux
Stars: ✭ 77 (-17.2%)
Mutual labels:  penetration-testing
boxer
Boxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-83.87%)
Mutual labels:  penetration-testing
disctopia-c2
Windows Remote Administration Tool that uses Discord as C2
Stars: ✭ 216 (+132.26%)
Mutual labels:  command-and-control
peniot
PENIOT: Penetration Testing Tool for IoT
Stars: ✭ 164 (+76.34%)
Mutual labels:  penetration-testing
remote-adb-scan
pure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-79.57%)
Mutual labels:  penetration-testing
DNSExplorer
Bash script that automates the enumeration of domains and DNS servers in the active information gathering.
Stars: ✭ 33 (-64.52%)
Mutual labels:  penetration-testing
OSCP-A-Step-Forward
Opening the door, one reverse shell at a time
Stars: ✭ 126 (+35.48%)
Mutual labels:  penetration-testing
PXXTF
Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨
Stars: ✭ 23 (-75.27%)
Mutual labels:  penetration-testing
View All Similar Projects ➔

C2

The C2 repository seeks to provide a practical implementation of the ideas contained in the Red Team Infrastructure Wike at https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki. In particular, this repository provides two Go packages one for beaconers and another for downloaders. In addition, the repository provides sample implants that use these beaconers and downloaders. Finally, the repository contains backend DNS and HTTP servers for C2 and configuration information for building front-end redirector servers.

Creating Implants

The implants folder has two implants that show how to use the beaconer and downloader packages. These implants can be used as a reference for building your own implants. The general idea is to select a beaconer and a downloader and wrap them in a loop with some type of timing mechanism to control how often the implant will beacon out.

Creating Beacons and Downloaders

To create new beaconers and downloaders you must build a struct that satisfies the appropriate interface. The beaconer and downloader directories contain both HTTP and DNS examples.

Backend Servers

The servers directory contains both a DNS server and an HTTP server that can be used as the backend server for the various beacons and downloaders. These servers were not designed with production use in mind but can be used in production if needed. In addition, the servers folder contains a payload file, which can be built using go build -o payload.bin payload.go. The servers expect to find a payload.bin file in the current directory, which will be served to the downloaders and executed on the client.

Frontend Servers

The docs folder contains configuration information needed to build frontend redirectors for the C2 system. The configuration allows C2 traffic to be redirected to the C2 server based on specific criteria and sends all other traffic to a benign server.

Contributions

I am not a C2 expert. I have been reading the Red Team Infrastructure Wiki and decided to build a practical implementation. With that said, I would love pull requests for new beaconers and downloaders. If you are not comfortable writing the code yourself, let me know what beacon or downloader techniques you would like implemented by submitting an issue.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].