{"id":21469903,"url":"https://github.com/dobin/antnium","last_synced_at":"2025-08-21T01:32:01.616Z","repository":{"id":37015788,"uuid":"386716789","full_name":"dobin/antnium","owner":"dobin","description":"A C2 framework for initial access in Go","archived":false,"fork":false,"pushed_at":"2022-07-05T19:51:07.000Z","size":2733,"stargazers_count":188,"open_issues_count":4,"forks_count":39,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-08-09T21:43:15.823Z","etag":null,"topics":["c2","edr-bypass","initial-access","rat","remote-access"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dobin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-16T17:33:11.000Z","updated_at":"2025-08-03T04:36:41.000Z","dependencies_parsed_at":"2022-06-29T08:34:12.945Z","dependency_job_id":null,"html_url":"https://github.com/dobin/antnium","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dobin/antnium","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fantnium","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fantnium/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fantnium/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fantnium/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dobin","download_url":"https://codeload.github.com/dobin/antnium/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fantnium/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271415018,"owners_count":24755628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","edr-bypass","initial-access","rat","remote-access"],"created_at":"2024-11-23T09:19:22.169Z","updated_at":"2025-08-21T01:32:01.150Z","avatar_url":"https://github.com/dobin.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Antnium \n\n```\nAnti Tanium\n```\n\nA C2 framework and RAT written in Go.\n\nThis source code is publicly published as reference for my presentation \n[Develop your own RAT - AV \u0026 EDR Defense](https://docs.google.com/presentation/d/1UZmFo_TvSS2TvPJKlDjIW1kTVjYGGaYO86Buh2UgbaI/mobilepresent#slide=id.g11cdb36f978_1_129). \nAntnium inteded to fulfill my own requirements, and not those of others. Works for the campaigns i performed, but is not necessarily meant to be\na generic C2 framework.\n\nThere are two components: \n* client.exe: The actual RAT / beacon / agent / implant\n* server.exe: C2 server\n\n## Features\n\n* HTTP/S and Websocket communication channel\n* Proxy support (manual, windows, authenticated and kerberos)\n* Command execution\n  * Direct LOLbins\n\t* Copy file first\n\t* Process hollowing\n  * Interactive cmd.exe/Powershell shell\n  * Remote managed and unmanaged code\n\t* Using donut\n\t* PE to shellcode\n\t* Encrypted\n\t* AMSI bypass\n* EDR bypass with Reflexxion (ntdll.dll restore)\n* Encrypted communication\n* Malleable C2\n* File upload / download\n* File browser\n\n\n## Quick How to use\n\nDownload and install go (and git).\n\nWe use `127.0.0.1:8080` as C2 domain here (localhost as we start both client.exe and server.exe\non the same host). This is also the default, no need to change anything. \n\nCheck campaign in `campaign/campaign.go`: \n* `serverUrl = \"http://127.0.0.1:8080\"`\n\nBuild it on windows: \n```\n\u003e .\\makewin.bat deploy\n```\n\nBuild it on linux: \n```\n$ make deploy\n```\n\nStart server, and client: \n```\ncd build\\\n.\\server.exe\n.\\static\\client.exe\n```\n\nAccess the WebUI by opening the following URL in the browser after starting server.exe:\n```\nhttp://localhost:8080/webui/\n```\n\n## Directories\n\n### `static/`: Public directory for tools\n\nPut files there you want to download on other machines. Like `client.exe`, `wingman.exe`. \nAnd your tools, like `mimikatz.exe`, or `seatbelt.exe`. But use more inconspicuous file names. \n\nThe files are also available via the `/secure` API requested with encrypted filenames, and encrypted+base64 encoded file as response.\n\ndotNet files can be execute by using `remote` execution option (accessed via `/secure`).\n\n### `upload/`: Private directory for data exfiltration \n\nFile uploads from the client will be stored there. \n\n\n\n## Detailed build instructions\n\nGo install: \n* Windows: https://golang.org/doc/install\n* Linux: `apt install golang gcc-mingw-w64`\n\nCompile client.exe and server.exe: \n```\n\u003e .\\makewin.bat deploy\n```\n\nThis will create: \n* /build/server.exe\n* /build/server.elf\n* /build/static/client.exe\n* /build/static/client.elf\n* /build/static/wingman.exe\n* /build/upload/\n* /build/webui/\n\nStart server.exe:\n```\n\u003e cd build\n\u003e .\\server.exe\n\nAntnium 0.1\nLoaded 0 packets from db.packets.json\nLoaded 0 clients from db.clients.json \nPeriodic DB dump enabled\nStarting webserver on 127.0.0.1:8080  \n```\n\nStart client.exe:\n```\n\u003e .\\build\\static\\client.exe\n\nAntnium 0.1\ntime=\"2021-09-02T21:48:16+02:00\" level=info msg=\"UpstreamHttp: Use WS\"\ntime=\"2021-09-02T21:48:16+02:00\" level=info msg=\"Connecting to WS succeeded\"\ntime=\"2021-09-02T21:48:16+02:00\" level=info msg=Send 1_computerId=c4oil02sdke2sp3nfngg 2_packetId=0 3_downstreamId=client 4_packetType=ping 5_arguments=\"map[]\" 6_response=...\ntime=\"2021-09-02T21:48:16+02:00\" level=info msg=Send 1_computerId=c4oil02sdke2sp3nfngg 2_packetId=0 3_downstreamId=client 4_packetType=ping 5_arguments=\"map[]\" 6_response=...\n```\n\n## Notes on cross compiling\n\nCompiling the Windows client from Linux works, but requires\nsome manual GO gcc command line fu, because of some\nwindows dependencies. If it doesnt immediately work, compile\nthe windows client on windows itself (`makewin.bat client`).\n\n\n## Notes on Campaign configuration\n\n`pkg/campaign/campaign.go` connects a compiled client.exe with a specific server.exe, which forms a campaign. \nA campaign has individual encryption- and authentication keys, which are shared between\nserver and client. \n\n```\ntype Campaign struct {\n\tApiKey      string  // Key used to access client facing REST\n\tEncKey      []byte  // Key used to encrypt packets between server/client\n\n\tServerUrl   string  // URL of the server, as viewed from the clients\n}\n```\n\nAnd admin UI / operator key in `pkt/server/config.go`:\n```\ntype Config struct {\n\tAdminApiKey string\n}\n```\n\nNote that `ServerUrl` is the URL used by the client for all interaction with the server. \nIt is the public server URL, e.g. `http://totallynotmalware.ch`. The actual server.exe may\nbe behind a reverse proxy, and started with `server.exe --listenaddr 127.0.0.1:8080` (so `ServerUrl` is not necessarily equal `listenaddr`). \n\n## Notes on server access\n\nWhen first connecting to the server, you need to access and configure the UI first. \n\nThe Angular UI files are publicly accessible. Lets assume `ServerUrl=\"http://localhost:8080\"` and `listenaddr=0.0.0.0:8080`. You can either: \n* use the integrated antniumui, available as `http://localhost:8080/webui` on your browser\n* or `ng serve` from antniumui directory, and then open `http://localhost:4200` on your browser\n\nWhen connecting to the UI in the browser, you need first to configure the server IP and its password:\n* AdminApiKey (default: \"Secret-AdminApi-Key\", like in config default)\n* ServerIP (default: \"http://localhost:8080\")\n* User (optional, can be chosen randomly)\n\n\n## Client\n\nTested on: \n* Windows 10\n* Ubuntu 20.04 LTS\n\nCompile on windows:\n```\n\u003e .\\makewin.bat client\n```\n\nDeploy it on your target.\n\n\n## Server\n\nTested on: \n* Works: Ubuntu 20.04 LTS, Go 1.13.8\n* Works: Windows 10, Go 1.16.6\n* Compile FAIL: Ubuntu 16.04 LTS, Go 1.6.2\n\nOn Linux:\n```\n$ make server\n$ mkdir -p static upload\n$ ./server --listenaddr 0.0.0.0:8080\n```\n\nResult is `server.exe`. Make sure to run it in the directory where you have or expect: \n* upload/\n* static/\n* db.*.json\nas working directory.\n\nIt will start a REST server on that port, providing: \n* `/`: REST for the clients\n* `/ws`: Websocket for the clients\n* `/admin`: REST for admin interface (add packet, get clients)\n* `/adminws`: Websocket for admin interface (push packets)\n* `/webui`: HTML files for admin interface (Angular source and html, accesses REST and websocket)\n\nPut a reverse proxy before it (make sure it supports websockets!) or forward ports.\n\n\n## Options\n\nFor manual proxy, use full HTTP url:\n```\nclient.exe -proxy http://proxy:8080\n```\n\nor via environment variables:\n```\nexport PROXY http://localhost:8080\n./client\n```\n\n\n## Wingman\n\nWingman is basically the Client, but without direct connection to the C2. \nIt can connect to an existing client on localhost:50000 (make sure its started, if Campaign.AutoStartDownstreams is false)\n\nConnects to localhost port 50000:\n```\nwingman.exe\n```\n\nOr use rundll32.exe to load the dll (the 64 bit rundll32 version in system32, not the 32 bit version in C:\\Windows\\SysWOW64\\rundll32.exe):\n```\nC:\\Windows\\System32\\rundll32.exe .\\wingman.dll,Start\n```\n\nIt will appear as downstream `net#0`.\n\n\n## Testing\n\n```\ngo test ./...\n```\n\nThere may still be race conditions. If it fails once, just execute it again. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fantnium","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdobin%2Fantnium","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fantnium/lists"}