Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cbrnrd/maliketh

🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
https://github.com/cbrnrd/maliketh

c2 cybersecurity framework malware penetration-testing pentest-tool redteam-tools redteaming windows

Last synced: about 3 hours ago
JSON representation

🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python

Host: GitHub
URL: https://github.com/cbrnrd/maliketh
Owner: cbrnrd
License: gpl-3.0
Created: 2023-02-11T17:02:37.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2024-03-03T20:24:44.000Z (11 months ago)
Last Synced: 2024-05-02T01:46:36.944Z (9 months ago)
Topics: c2, cybersecurity, framework, malware, penetration-testing, pentest-tool, redteam-tools, redteaming, windows
Language: C++
Homepage: https://malikethframework.com
Size: 10.6 MB
Stars: 31
Watchers: 6
Forks: 3
Open Issues: 2
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        


  





  A multi-user, customizable C2 framework.

  


  Visit the website »

  


  


  

  

  

  

  



---

The goal of Maliketh is to provide a flexible, easy to use C2 framework that can be customized to fit the needs of the operator. The poster used in the initial presentation is located [here](./data/Maliketh%20C2%20Poster.png).

## Implant features

The initial implant was written in C++ and targeted for Windows. A Golang implant has also been implemented and supports all major platforms, however it is not feature complete.

The main feature of the implant is its ability to change its behavior based on the configuration file it receives from the server. This allows the operator to customize the implant to fit their needs. The implant also has the following features (see [here](./design/opcodes.md) for more info):

* File upload/download

* Command execution

* Shellcode injection

* Update configuration

* Send system information

* Self-destruct

* Sleep

* Basic Anti-debugging

* *Very* Basic Anti-VM

* Sleep skipping detection

## Future work

- [x] Implement Golang client ([0639f87](https://github.com/cbrnrd/maliketh/commit/0639f8797838469a068d91f095e3307d2d73ecc4))

* [x] Per-operator builder in-server ([917d514](https://github.com/cbrnrd/maliketh/commit/917d514fc6075cc15d0e45b4a1a546e6217e4139))

* [ ] Stealer/basic looter

* [x] AV Disable ([0aeec4c](https://github.com/cbrnrd/maliketh/commit/0aeec4c4be8f1efaeaf15ee3d289507036c691df))

* [ ] Change design of config to be protocol agnostic.

  * ie Define an HTTPS layer/adapter and separate out the code better.

* [ ] Keylogger

* [x] Allow implant aliasing/renaming

  * This shouldn't change the actual ID, just create a mapping table

* [ ] More fine grained backend roles and actions (blocking users, % bot allocation)

* [x] Add ability to send command to every bot

* [ ] Floods

* [ ] Route RabbitMQ traffic through Admin listener instead of directly connecting

* [ ] Improved anti-vm (check BIOS information)

  * [x] Not bad in golang implant

* [x] More stable file uploads/downloads ([91a40f2](https://github.com/cbrnrd/maliketh/commit/91a40f2ba1cded5a025004a6143578fa84baec66))

* [x] Basic OS functions built in ([91a40f2](https://github.com/cbrnrd/maliketh/commit/91a40f2ba1cded5a025004a6143578fa84baec66))

* [x] Situational Awareness ([91a40f2](https://github.com/cbrnrd/maliketh/commit/91a40f2ba1cded5a025004a6143578fa84baec66))

## Star History