Command And Control

Real-time C2 infrastructure detection and disruption threat intelligence feed

InSights by InQuest is a threat intelligence platform that delivers curated feeds of IOCs and C2 information to help security teams detect and respond to emerging threats.

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.

Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.

A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.

A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.

A comprehensive guide for customizing Cobalt Strike's C2 profiles to enhance stealth and operational security.

Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.

SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.

A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.

A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.

Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.

A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.

CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.

MITRE Caldera™ is an automated adversary emulation platform built on the MITRE ATT&CK framework that supports red team operations and incident response activities through a modular C2 server and plugin architecture.

RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.

SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.