{"id":28415762,"url":"https://github.com/zarkones/onionc2","last_synced_at":"2026-03-08T12:37:04.304Z","repository":{"id":295476198,"uuid":"990219233","full_name":"zarkones/OnionC2","owner":"zarkones","description":"C2 writen in Rust \u0026 Go powered by Tor network.","archived":false,"fork":false,"pushed_at":"2025-06-21T14:05:20.000Z","size":260,"stargazers_count":82,"open_issues_count":0,"forks_count":9,"subscribers_count":0,"default_branch":"production","last_synced_at":"2025-06-21T15:21:34.491Z","etag":null,"topics":["adversary-simulation","botnet","c2","hacking","onion","pentesting","red-team","remote-access","remote-control","tor","xena"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zarkones.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-25T18:32:34.000Z","updated_at":"2025-06-21T14:16:05.000Z","dependencies_parsed_at":"2025-06-12T21:38:54.692Z","dependency_job_id":"2befdedc-9931-48db-a7e2-7769b3ab20c2","html_url":"https://github.com/zarkones/OnionC2","commit_stats":null,"previous_names":["zarkones/onionc2"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zarkones/OnionC2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zarkones%2FOnionC2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zarkones%2FOnionC2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zarkones%2FOnionC2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zarkones%2FOnionC2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zarkones","download_url":"https://codeload.github.com/zarkones/OnionC2/tar.gz/refs/heads/production","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zarkones%2FOnionC2/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261930570,"owners_count":23231902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversary-simulation","botnet","c2","hacking","onion","pentesting","red-team","remote-access","remote-control","tor","xena"],"created_at":"2025-06-03T18:44:40.325Z","updated_at":"2026-03-08T12:37:04.299Z","avatar_url":"https://github.com/zarkones.png","language":"Rust","funding_links":["https://www.patreon.com/zarkones"],"categories":[],"sub_categories":[],"readme":"![Promo Image 1](https://raw.githubusercontent.com/zarkones/OnionC2/production/promo/promo1.png)\n\n# INTRODUCTION\nOnionC2 is a command and control (C2) framework with communications over Tor network. It's packed with privacy \u0026 security features, and operational capabilities. It is simple to setup, and has a friendly user interface. It is cross-platform and supports collaboration between operators.\n\n# AGENT'S FEATURES\n- Tor integration (allows for end to end encryption, hiding the C2's IP address)\n- Execution of shell commands.\n- Obfuscating C2 configuration in the agent's binary.\n- Registry based persistence on Windows.\n- Shortcut takeover based persistence on Windows.\n- Active hours, allowing an agent to communicate only within specific time frames.\n- Command \"/system-details\" makes an agent return information about CPU, RAM, networks, etc...\n- Command \"/find-files|\u003cSTARTING_DIR_PATH\u003e|\u003cCOMMA_SEPARATED_SEARCH_TERMS\u003e\" which based on criteria returns absolute path of files/directories of interest.\n- Command \"/upload-file|\u003cFILE_PATH\u003e\" which uploads a file via Tor.\n- Command \"/download-file|\u003cFILE_NAME_IN_C2s_DOWNLOAD_DIRECTORY\u003e\" which downloads a file via Tor.\n- Command \"/run|\u003cSHELL_COMMAND\u003e\" which executes shell command without awaiting it. \n- Command \"/read-clipboard\" which returns clipboard data.\n\n# WIKI\nhttps://deepwiki.com/zarkones/OnionC2\n\n# SETUP\nThis guide assumes you have Go, Rust, and Node ready.\n\n## Back-end Setup\n\n### Administrator Account\nOnionC2 supports multiple operator accounts. In this setup guide, you'll learn how to create an over-powered administrator account. You should use this administrator account only when required. During day-to-day operations it is recommended to use an account with less permissions.\n\nNavigate to \"api\" directory and run the following command: go run . --create-admin --username \u003cYOUR_USERNAME\u003e\n\nThis command would print out your account's recovery word phrase and its private key. Save it somewhere secure, as without the private key you won't be able to authenticate with the C2 API, and without the recovery word phrase you won't be able to recover your private key in case you lose it.\n\n### API Setup\nBack-end service is composed of two APIs. Agents-facing API is listening on a Unix socket, while the Operator-facing API is listening by default on port 8080. To see additional configuration possibilities run the API with \"-h\" argument.\n\nTo run the API navigate into the \"api\" directory an execute: go run .\n\nThis would automatically create SQLite database and perform all the needed database migrations. Also, it would create a file named \"torrc\", this file describes out Onion service and allows Tor to route traffic to our agents-facing API.\n\nTo run the Onion service run the following command inside of the \"api\" directory: tor -f torrc\n\n## Front-End Setup\n\n### Build Process \u0026 Serving The UI\nFirst you need to build the user interface, prior to serving it, in order to do so, execute the following command inside of the \"ui\" directory: npm install \u0026\u0026 npm run build\n\nThis would generate static HTML/JS/CSS files in directory \".output/public\"\n\nYou can serve files from that directory using a web server of your choice, or use the one provided by the OnionC2 by running the following command inside of the \"ui\" directory: go run serve.go\n\n### Authentication\nNavigate to the Settings page -\u003e Authentication tab. There enter the C2's host URL, your username and the private key.\n\n## Agent Setup\nAll configuration related to the behavior of agents is located in a file \"agent/src/config.rs\". Basic configuration requires you to set at least the Onion domain in the function named \"get_address\". Domain of your Onion service is located in \"api/onionservice/hostname\".\n\nTo build an agent run the following script inside of the \"agent\" directory: sh build.sh\n\nTo configure persistence or any other option refer to comments inside of the \"config.rs\" file. It's well documented with code comments. If something isn't clear reach out to our Discord server.\n\n# SOCIAL\n[Patreon](https://www.patreon.com/zarkones) |\n[Discord](https://discord.gg/qjJwSh2TF9) |\n[X.com](https://x.com/zarkones) |\n[YouTube](https://www.youtube.com/channel/UCn-7I-L-ZpiELb8-6z7z_Ug) |\n[Itch.io](https://zarkones.itch.io) |\n[GitHub](https://github.com/zarkones)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzarkones%2Fonionc2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzarkones%2Fonionc2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzarkones%2Fonionc2/lists"}