A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments.

If you’d like to contribute to this list, simply open a PR with your additions.

Maintained by @tcostam. If you have contributions but can’t pull request, give me a shout at twitter.

Table Of Contents


Open Source

  • Apfell: cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI.
  • AsyncRat C#: Remote Access Tool designed to remotely monitor and control other computers through a secure encrypted connection.
  • Baby Shark: basic C2 generic server written in Python and Flask.
  • C3: framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release.
  • Caldera: built on the MITRE ATT&CK™ framework and an active research project at MITRE.
  • CHAOS: PoC that allow payloads generation and control remote operating systems
  • Dali: image-based C2 channel which utilizes Imgur to host images and task agents.
  • Empire: post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent
  • Covenant: .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
  • Silent Trinity: post-exploitation agent powered by Python, IronPython, C#/.NET.
  • Faction C2: C2 framework which use websockets based API that allows for interacting with agents and transports.
  • Flying A False Flag
  • FudgeC2: Powershell C2 platform designed to facilitate team collaboration and campaign timelining.
  • Godoh
  • iBombshell
  • HARS: HTTP/S Asynchronous Reverse Shell.
  • Koadic (or COM Command & Control): is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire.
  • MacShellSwift
  • Ninja: Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs.
  • NorthStarC2: open-source command and control framework developed for penetration testing and red teaming purposes.
  • EvilOSX: An evil RAT (Remote Administration Tool) for macOS / OS X.
  • Nuages
  • Octopus: open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S.
  • PoshC2: proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement
  • Powerhub: convenient post exploitation tool for PowerShell which aids a pentester in transferring data, in particular code which may get flagged by endpoint protection.
  • Prismatica: modular C2 Interface hooked into the Diagon Command and Control Toolkit.
  • QuasarRAT: fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.
  • Merlin: cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
  • Sliver: general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
  • Throwback
  • Trevor C2: legitimate website (browsable) that tunnels client/server communications for covert command execution.
  • Metasploit Framework: computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development
  • Meterpreter
  • Pupy: opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python.
  • PetaQ: malware which is being developed in .NET Core/Framework to use websockets as Command & Control (C2) channels.
  • Pinjectra: C/C++ library that implements Process Injection techniques (with focus on Windows 10 64-bit) in a “mix and match” style.
  • ReverseTCPShell
  • SHAD0W: modular C2 framework designed to use a range of methods to evade EDR and AV.
  • SharpC2
  • Gcat: stealthy Python based backdoor that uses Gmail as a command and control server.
  • DNScat2: tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol.
  • EggShell: post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine.
  • EvilVM
  • Void-RAT: pretty basic RAT written in c#.net.
  • WEASEL: small in-memory implant using Python 3 with no dependencies.


Online Resources



Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *