C3 is a framework developed by WithSecureLabs that enables security professionals to create custom command and control (C2) channels for offensive security operations. The framework provides a foundation for rapid prototyping of C2 communication mechanisms, allowing users to develop tailored command and control infrastructure based on specific operational requirements. C3 integrates with existing offensive security toolkits, enabling security teams to incorporate custom C2 channels into their current testing workflows and methodologies. The framework supports the development of various communication protocols and channels, providing flexibility in how command and control operations are conducted during security assessments and penetration testing activities.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
A digital archive of the internet, allowing users to capture and browse archived web pages.
An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
SharpEDRChecker scans system components to detect security products and tools.
SharpShares efficiently enumerates and maps network shares and resolves names within a domain.
A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.