Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tcostam/awesome-command-control

A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assignments.
https://github.com/tcostam/awesome-command-control

List: awesome-command-control

Last synced: about 2 months ago
JSON representation

A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assignments.

Host: GitHub
URL: https://github.com/tcostam/awesome-command-control
Owner: tcostam
Created: 2020-07-10T22:15:05.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2021-02-26T06:54:44.000Z (over 3 years ago)
Last Synced: 2024-04-21T04:04:32.974Z (5 months ago)
Homepage:
Size: 178 KB
Stars: 607
Watchers: 11
Forks: 70
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

ultimate-awesome - awesome-command-control - A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assignments. (Other Lists / PowerShell Lists)

README

        ![shall we play a game?](https://github.com/tcostam/awesome-command-control/blob/master/images.jpeg?raw=true)






[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._

Maintained by: @tcostam






# Awesome Command & Control

A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.

If you'd like to __contribute__ to this list, simply open a PR with your additions.

Maintained by [@tcostam](https://twitter.com/tcostam). If you have contributions but can't pull request, give me a shout at twitter.

Table of Contents

=================

   * [Tools](#tools)

      * [Open Source](#open-source)

      * [Commercial](#commercial)

   * [Online Resources](#online-resources)

   * [Articles](#articles)

   * [Videos](#videos)

## Tools

### Open Source

* [Apfell](https://github.com/its-a-feature/Apfell): cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI.

* [AsyncRat C#](https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp): Remote Access Tool designed to remotely monitor and control other computers through a secure encrypted connection.

* [Baby Shark](https://github.com/UnkL4b/BabyShark): basic C2 generic server written in Python and Flask.

* [C3](https://github.com/FSecureLABS/C3): framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release.

* [Caldera](https://github.com/mitre/caldera): built on the MITRE ATT&CK™ framework and an active research project at MITRE.

* [CHAOS](https://github.com/tiagorlampert/CHAOS): PoC that allow payloads generation and control remote operating systems

* [Dali](https://github.com/h0mbre/Dali): image-based C2 channel which utilizes Imgur to host images and task agents.

* [Empire](https://github.com/BC-SECURITY/Empire): post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent

* [Covenant](https://github.com/cobbr/Covenant): .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

* [Silent Trinity](https://github.com/byt3bl33d3r/SILENTTRINITY): post-exploitation agent powered by Python, IronPython, C#/.NET.

* [Faction C2](https://github.com/FactionC2/): C2 framework which use websockets based API that allows for interacting with agents and transports.

* [Flying A False Flag](https://github.com/monoxgas/FlyingAFalseFlag)

* [FudgeC2](https://github.com/Ziconius/FudgeC2): Powershell C2 platform designed to facilitate team collaboration and campaign timelining.

* [Godoh](https://github.com/sensepost/goDoH)

* [iBombshell](https://github.com/ElevenPaths/ibombshell)

* [HARS](https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell): HTTP/S Asynchronous Reverse Shell.

* [Koadic (or COM Command & Control)](https://github.com/zerosum0x0/koadic): is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.

* [MacShellSwift](https://github.com/cedowens/MacShellSwift/)

* [Ninja](https://github.com/ahmedkhlief/Ninja/): Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs.

* [NorthStarC2](https://github.com/EnginDemirbilek/NorthStarC2): open-source command and control framework developed for penetration testing and red teaming purposes.

* [EvilOSX](https://github.com/Marten4n6/EvilOSX): An evil RAT (Remote Administration Tool) for macOS / OS X.

* [Nuages](https://github.com/p3nt4/Nuages)

* [Octopus](https://github.com/mhaskar/Octopus): open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.

* [PoshC2](https://github.com/nettitude/PoshC2): proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement

* [Powerhub](https://github.com/AdrianVollmer/PowerHub): convenient post exploitation tool for PowerShell which aids a pentester in transferring data, in particular code which may get flagged by endpoint protection.

* [Prismatica](https://github.com/Project-Prismatica): modular C2 Interface hooked into the Diagon Command and Control Toolkit.

* [QuasarRAT](https://github.com/quasar/Quasar): fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.

* [Merlin](https://github.com/Ne0nd0g/merlin): cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

* [Sliver](https://github.com/BishopFox/sliver): general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.

* [SK8PARK/RAT](https://github.com/slyd0g/SK8PARK)

* [Throwback](https://github.com/silentbreaksec/Throwback)

* [Trevor C2](https://github.com/trustedsec/trevorc2): legitimate website (browsable) that tunnels client/server communications for covert command execution.

* [Metasploit Framework](https://github.com/rapid7/metasploit-framework): computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development

* [Meterpreter](https://github.com/r00t-3xp10it/meterpeter)

* [Pupy](https://github.com/n1nj4sec/pupy): opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python.

* [PetaQ](https://github.com/fozavci/petaqc2): malware which is being developed in .NET Core/Framework to use websockets as Command & Control (C2) channels.

* [Pinjectra](https://github.com/SafeBreach-Labs/pinjectra): C/C++ library that implements Process Injection techniques (with focus on Windows 10 64-bit) in a "mix and match" style.

* [ReverseTCPShell](https://github.com/ZHacker13/ReverseTCPShell)

* [SHAD0W](https://github.com/bats3c/shad0w): modular C2 framework designed to use a range of methods to evade EDR and AV.

* [SharpC2](https://github.com/SharpC2/SharpC2/tree/dev)

* [Gcat](https://github.com/byt3bl33d3r/gcat): stealthy Python based backdoor that uses Gmail as a command and control server.

* [DNScat2](https://github.com/iagox86/dnscat2): tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol.

* [EggShell](https://github.com/neoneggplant/EggShell): post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine.

* [EvilVM](https://github.com/jephthai/EvilVM)

* [Void-RAT](https://github.com/KadeDev/Void-RAT): pretty basic RAT written in c#.net.

* [WEASEL](https://github.com/facebookincubator/WEASEL): small in-memory implant using Python 3 with no dependencies.

### Commercial

* [Innuendo](https://www.immunityinc.com/products/innuendo/)

* [Scythe](https://github.com/scythe-io)

* [Cobalt Strike](https://www.cobaltstrike.com/): software for Adversary Simulations and Red Team Operations.

* [Red Team Toolkit (or Slingshot)](https://silentbreaksecurity.com/red-team-toolkit/slingshot/)

* [Voodoo](https://www.voodooops.com/)

## Online Resources

* [The C2 Matrix](https://www.thec2matrix.com)

* [C2 Agent Comparison (Aug 2019)](https://threatexpress.com/blogs/2019/c2-agent-comparison/)

## Articles

* [A comparisson of C2 frameworks](https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1574188899.pdf)

* [Flying a False Flag](https://i.blackhat.com/USA-19/Wednesday/\us-19-Landers-Flying-A-False-Flag-Advanced-C2-Trust-Conflicts-And-Domain-Takeover.pdf)

* [MacShellSwift: PoC MacOS post exploitation tool in Swift](https://securityonline.info/macshellswift-poc-macos-post-exploitation-tool-in-swift/)

* [Throwback Thursday – A Guide to Configuring Throwback](https://silentbreaksecurity.com/throwback-thursday-a-guide-to-configuring-throwback/)

* [Voodoo CE Quickstart](https://medium.com/stage-2-security/voodoo-ce-quickstart-ba77eb37eda5)

* [A first look at today’s Command and Control frameworks](https://www.foregenix.com/blog/a-first-look-at-todays-command-and-control-frameworks)

## Videos

* [RedViper](https://www.youtube.com/watch?v=rk4EMhq30-M)

* [Command & Control tools course](https://www.youtube.com/watch?v=bUqu8fh7xUg), in Pt-Br language.

* [How Hackers Use Discord To Control Victim PC’s](https://www.youtube.com/watch?v=_OXyb_Oxmjg)