This project is only meant for educational purposes and should not be used for malicious activities! Use at your own risk!
- apps => server_django/apps (api, authentication, webui)
- modules => server_django/apps/api/modules
C2 Server
The default username is admin. The default password is password
cd server_django
python manage.py migrate # to initialise and migrate database
python manage.py createsuperuser <username> # to create a new superuser (optional)
python manage.py runserver
Agent
to be completed
C2 Server (webui)
- Login
- Dashboard
- List of known compromised machines
- Sessions
- Select target agent(s)
- Send Instruction
- Wait and receive output (if necessary)
- Viewing other sessions
- Executing commands on individual agents
- Style sheets
- Support for nmap reports
- Build a network tree that showcases compromised machines
C2 Server (api)
- Job Balancing
- Testing Connectivity with all known Agents
- Sending Instructions
- Receiving Output of Instructions (tagging must be done to identify the 'session' or specific instruction sent, the computer it came from)
- Modules hosting for agents
- Gathering a location heatmap of all the agents and target (https://ipinfo.io/)
Agent
- Callback to server (every 5 seconds)
- Dropper (downloads file from C2)
- Execution of files
- Persistency
- Self-Removal
- nmap
load module nmap
nmap -sS 192.168.1.1 1-65535
- dns_tunnelling
# on the agent side
sudo dns2tcpc -f dns2tcpc.conf <server_ip>
# on the server side
sudo dns2tcpd -f dns2tcpd.conf