Awesome Command And Control

A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.

If you’d like to contribute to this list, simply open a PR with your additions.

Maintained by @tcostam. If you have contributions but can’t pull request, give me a shout at twitter.

Table Of Contents

• Tools
  • Open Source
  • Commercial
• Online Resources
• Articles
• Videos

Tools

Open Source

• Apfell: cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI.
• AsyncRat C#: Remote Access Tool designed to remotely monitor and control other computers through a secure encrypted connection.
• Baby Shark: basic C2 generic server written in Python and Flask.
• C3: framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release.
• Caldera: built on the MITRE ATT&CK™ framework and an active research project at MITRE.
• CHAOS: PoC that allow payloads generation and control remote operating systems
• Dali: image-based C2 channel which utilizes Imgur to host images and task agents.
• Empire: post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent
• Covenant: .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
• Silent Trinity: post-exploitation agent powered by Python, IronPython, C#/.NET.
• Faction C2: C2 framework which use websockets based API that allows for interacting with agents and transports.
• Flying A False Flag
• FudgeC2: Powershell C2 platform designed to facilitate team collaboration and campaign timelining.
• Godoh
• iBombshell
• HARS: HTTP/S Asynchronous Reverse Shell.
• Koadic (or COM Command & Control): is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
• MacShellSwift
• Ninja: Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs.
• NorthStarC2: open-source command and control framework developed for penetration testing and red teaming purposes.
• EvilOSX: An evil RAT (Remote Administration Tool) for macOS / OS X.
• Nuages
• Octopus: open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.
• PoshC2: proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement
• Powerhub: convenient post exploitation tool for PowerShell which aids a pentester in transferring data, in particular code which may get flagged by endpoint protection.
• Prismatica: modular C2 Interface hooked into the Diagon Command and Control Toolkit.
• QuasarRAT: fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.
• Merlin: cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
• Sliver: general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
• SK8PARK/RAT
• Throwback
• Trevor C2: legitimate website (browsable) that tunnels client/server communications for covert command execution.
• Metasploit Framework: computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development
• Meterpreter
• Pupy: opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python.
• PetaQ: malware which is being developed in .NET Core/Framework to use websockets as Command & Control (C2) channels.
• Pinjectra: C/C++ library that implements Process Injection techniques (with focus on Windows 10 64-bit) in a “mix and match” style.
• ReverseTCPShell
• SHAD0W: modular C2 framework designed to use a range of methods to evade EDR and AV.
• SharpC2
• Gcat: stealthy Python based backdoor that uses Gmail as a command and control server.
• DNScat2: tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol.
• EggShell: post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine.
• EvilVM
• Void-RAT: pretty basic RAT written in c#.net.
• WEASEL: small in-memory implant using Python 3 with no dependencies.

Commercial

• Innuendo
• Scythe
• Cobalt Strike: software for Adversary Simulations and Red Team Operations.
• Red Team Toolkit (or Slingshot)
• Voodoo

Online Resources

• The C2 Matrix
• C2 Agent Comparison (Aug 2019)

Articles

• A comparisson of C2 frameworks
• Flying a False Flag
• MacShellSwift: PoC MacOS post exploitation tool in Swift
• Throwback Thursday – A Guide to Configuring Throwback
• Voodoo CE Quickstart
• A first look at today’s Command and Control frameworks

Videos

• RedViper
• Command & Control tools course, in Pt-Br language.
• How Hackers Use Discord To Control Victim PC’s