Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.
Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration.
Also Read – Hacktronian : All in One Hacking Tool for Linux & Android
Installation
Be sure to clone Covenant recursively to initialize the git submodules:
git clone –recurse-submodules https://github.com/cobbr/Covenant
The easiest way to use Covenant is by installing dotnet core. You can download dotnet core for your platform from here.
Once you have installed dotnet core, we can build and run Covenant using the dotnet CLI:
$ ~ > git clone –recurse-submodules https://github.com/cobbr/Covenant
$ ~ > cd Covenant/Covenant
$ ~/Covenant/Covenant > dotnet build
$ ~/Covenant/Covenant > dotnet run
Covenant can also be run with Docker. There are a couple of gotchas with Docker, so we only recommend using docker if you are familiar with docker or are willing to learn the subtle gotchas.
First, build the docker image:
$ ~ > git clone –recurse-submodules https://github.com/cobbr/Covenant
$ ~ > cd Covenant/Covenant
$ ~/Covenant/Covenant > docker build -t covenant
Now, run Covenant within the Docker container (be sure to replace the “</absolute/path/to/Covenant/Covenant/Data>” with your own absolute path!):
$ ~/Covenant/Covenant > docker run -it -p 7443:7443 -p 80:80 -p 443:443 –name covenant -v :/app/Data covenant
The -it
parameter is a Docker parameter that indicates that we should begin Covenant in an interactive tty, and can be excluded if you would not like to attach to the tty.
The -p
parameters expose ports to the Covenant Docker container. You must expose port 7443 and any other ports you would like to start listeners on.
The -v
parameter creates a shared Data directory between the host and the container. Be sure to specify an absolute path to your data directory, a relative path will not work.
Once Covenant has been started, you can disconnect from the interactive interface at any time by pressing Ctrl+p
and Ctrl+q
consecutively.
To stop the container, you can run:
$ ~/Covenant/Covenant > docker stop covenant
And to restart Covenant interactively (with all data saved), you can run:
$ ~/Covenant/Covenant > docker start covenant -ai
Alternatively, to remove all Covenant data and restart fresh, you can remove and run again (again, be sure to replace the “</absolute/path/to/Covenant/Covenant/Data>” with your own absolute path!):
$ ~/Covenant/Covenant > docker rm covenant
$ ~/Covenant/Covenant > docker run -it -p 7443:7443 -p 80:80 -p 443:443 –name covenant -v :/app/Data covenant –username AdminUser –computername 0.0.0.0
After starting Covenant, you must register an initial user through the web interface. Navigating to the web interface will allow you to register the initial user:
Once the initial user has been registered, open registration will be closed, and new users will have to be created by an Administrative user.
Covenant has several key features that make it useful and differentiate it from other command and control frameworks:
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…