35 tools and resources
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A company that helps organizations create security-aware teams and produce bug-free software.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
A specification/framework for extending default C2 communication channels in Cobalt Strike
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
A comprehensive guide for customizing Cobalt Strike's C2 profiles to enhance stealth and operational security.
A free and open source C2 and proxy for penetration testers
A C2 profile generator for Cobalt Strike designed to enhance evasion.
A lightweight, first-stage C2 implant written in Nim for remote access and control.
A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
A framework for creating and executing pynids-based decoders and detectors of APT tradecraft
A C#-based Command and Control Framework for remote access and control of compromised systems.
Covenant is a .NET C2 framework for red teamers, facilitating collaborative and efficient management of red team operations.
Generates randomized C2 profiles for Cobalt Strike to evade detection.
A tool for injecting and loading executables with a focus on stealth techniques.
RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.
CobaltBus enables Cobalt Strike C2 traffic via Azure Servicebus for enhanced covert operations.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
RedWarden is a Cobalt Strike C2 Reverse proxy that evades detection by Blue Teams, AVs, EDRs, and scanners through packet inspection and malleable profile correlation.
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
Pupy is a cross-platform C2 and post-exploitation framework for remote access and control of compromised systems across various operating systems.
AzureC2Relay enhances security by validating and relaying Cobalt Strike beacon traffic through Azure Functions.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Full-featured C2 framework for stealthy communication and control on web servers.
CrossC2 enables generation of cross-platform payloads for CobaltStrike, enhancing operational flexibility.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
