Nuages : A Modular C2 Framework 2019

Nuages aims at being a C2 framework in which back end elements are open source, whilst implants and handlers must be developed ad hoc by users. As a result, it does not provide a way to generate implants, but an open source framework to develop and manage compatible implants that can leverage all the back end resources already developed.

This design hopes to facilitate penetration testing by facilitating the development of custom implants and reducing the likelihood of implants being detected by defensive solutions.

Although Nuages is functioning, it is still a work in progress and contribution are welcome, whether it is solely testing, or development of new modules and compatible clients.

For testing and refererence, an example implant and handler are provided on this repo.

Architecture

Nuages C2: It is the core of the C2 and manages the implants, it is open source and should not need to be customized. It exposes the Nuages API, accessible over REST or Socket.io.

Implants: Custom code to run on the target devices, they can communicate with handlers over custom protocol or directly with the Nuages API.

Handlers: Custom code acting as a proxy between Implants and the Nuages API, to implemenet custom communication protocols (DNS tunneling, domain fronting, IRC etc…).

Clients: Clients rely on the Nuages API and can be implemented in any form such as cli or web application.

Disclaimer

This project is intended for security researchers and penetration testers and should not be used for any illegal activities.

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

20 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

20 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

20 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago