https://github.com/1birdo/gostress-tor-v2

Gostress-Tor: Designed more for anonymity and hidden operations via Tor.
https://github.com/1birdo/gostress-tor-v2

audited bot botnet c2 command command-control csrf-protection ddos ddos-attacks devices i2p onion onion-services proxy secure stress-testing stressersource tor user-management webdashboard

Last synced: 5 months ago
JSON representation

Gostress-Tor: Designed more for anonymity and hidden operations via Tor.

• Host: GitHub
• URL: https://github.com/1birdo/gostress-tor-v2
• Owner: 1Birdo
• License: mit
• Created: 2025-04-18T17:11:56.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-04-19T15:14:00.000Z (about 1 year ago)
• Last Synced: 2025-06-26T04:35:58.598Z (12 months ago)
• Topics: audited, bot, botnet, c2, command, command-control, csrf-protection, ddos, ddos-attacks, devices, i2p, onion, onion-services, proxy, secure, stress-testing, stressersource, tor, user-management, webdashboard
• Language: HTML
• Homepage: https://birdo.uk
• Size: 84 KB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Tor C2 Framework

* Tor C2 Framework with Tor Support* + Bot / CLient 

## 📌 Overview

> This does not require or support proxies by default. However, you can configure a proxy for the bot to connect through and then route all traffic through Tor to reach the domain. This adds an extra layer of anonymity, while also protecting the server's infrastructure from being directly exposed.

> 

>  On the downside, it introduces slower connection times, potential instability due to Tor exit node changes, and added complexity during setup and debugging. It may also cause some services to block traffic or flag it as suspicious. So while it enhances privacy and makes tracking harder, it also comes with trade-offs in terms of performance and reliability.

- **Encrypted TLS Communication** with client agents

- **Tor Hidden Service** integration for anonymous operation

- **Multi-user Role-Based Access Control**

- **Real-time Dashboard** with performance metrics

- **Multiple Network Testing Vectors** with adaptive rate limiting

- **Client Health Monitoring** with heartbeat system

> ⚠️ **Important**: This framework is intended solely for authorized security testing, educational purposes, and legitimate security research. Always obtain proper authorization before testing any system. Unauthorized use may violate laws and regulations.

| Startup | 

|---------|

| ![Startup](https://github.com/user-attachments/assets/9ff3101e-cea6-4a7c-8d13-af54f8c891cc) | 

| Login | Dashboard |

|-------|----------|

| ![Login](https://github.com/user-attachments/assets/26734671-aae5-4240-a7e6-ee6ed836e5f8) | ![Dashboard](https://github.com/user-attachments/assets/e7872d5c-e78b-47d8-b580-8dcf16b7a79a) |

| Users | Commands | Sys-Settings |

|-------|----------|--------------|

| ![Users](https://github.com/user-attachments/assets/5937982b-fe99-4e0f-a859-54ff94b187cd) | ![Commands](https://github.com/user-attachments/assets/092f24e0-f332-4496-b399-2b00b76908c9) | ![Sys-Setting](https://github.com/user-attachments/assets/50c66a61-8ca4-4def-b28c-cce4e08909c4) |

## 🔥 Features

### Core Architecture

- **Asynchronous Design**: Non-blocking I/O for 10,000+ concurrent clients

- **Modular Testing System**: Pluggable test modules with runtime validation

- **Ephemeral Clients**: Auto-cleanup of stale connections

- **HMAC Challenge-Response**: For client authentication

```mermaid

sequenceDiagram

    Client->>Server: TCP Handshake (TLS 1.3)

    Server->>Client: CHALLENGE:nonce

    Client->>Server: HMAC-SHA256(nonce)

    Server->>Client: AUTH_SUCCESS

    loop Heartbeat

        Client->>Server: PONG (30s interval)

    end

```

### Network Testing Capabilities

| Method | Layer | Description | Max Duration |

|--------|-------|-------------|--------------|

| UDP Test | 4 | High-volume UDP packet testing | 3600s |

| TCP Smart | 4 | Stateful TCP session analysis | 1800s |

| GRE Test | 3 | Protocol examination with GRE packets | 600s |

| HTTP Connection Test | 7 | Partial HTTP requests with keepalive | 300s |

### Security Features

- **Argon2id Password Hashing**: 128MB memory / 4 threads

- **JWT Authentication**: 15-minute expiry with refresh

- **CSRF Protection**: Per-session tokens

- **CSP Headers**: Strict Content Security Policy

- **WebRTC Disabled**: Prevents IP leakage

## 🛠️ Installation

### Prerequisites

```bash

sudo apt install tor golang-go postgresql

```

### Setup

Generate certificates:

```bash

go run main.go -gencert

```

Configure Tor (automatically done by server):

```bash

cat > /etc/tor/torrc < B{Rate Limited?}

    B -->|No| C[HMAC Validation]

    B -->|Yes| D[Drop Connection]

    C --> E[Command Whitelist Check]

    E --> F[Execute Command]

```

## 🚨 Legal & Ethical Considerations

This tool is provided for **educational and authorized security testing purposes only**. It is your responsibility to:

1. Obtain proper authorization before testing any system

2. Comply with all applicable laws and regulations

3. Use this tool only in environments you own or have explicit permission to test

4. Understand that the developers assume no liability for misuse

## 📜 License

GNU General Public License v3.0