C2-Cloud | A Robust Web-Based C2 Framework, Designed To Simplify The Life Of Penetration Testers

image

About The Project

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface.

C2 Cloud is open source. Security analysts can confidently perform simulations, gaining valuable experience and contributing to the proactive defense posture of their organizations.

Reverse shells support:

  1. Reverse TCP
  2. Reverse HTTP
  3. Reverse HTTPS (configure it behind an LB)
  4. Telegram C2

Demo

C2 Cloud walkthrough: https://youtu.be/hrHT_RDcGj8
Ransomware simulation using C2 Cloud: https://youtu.be/LKaCDmLAyvM
Telegram C2: https://youtu.be/WLQtF4hbCKk

Key Features

:lock: Anywhere Access: Reach the C2 Cloud from any location.
:arrows_counterclockwise: Multiple Backdoor Sessions: Manage and support multiple sessions effortlessly.
:computer_mouse: One-Click Backdoor Access: Seamlessly navigate to backdoors with a simple click.
:scroll: Session History Maintenance: Track and retain complete command and response history for comprehensive analysis.

Tech Stack

:hammer_and_wrench: Flask: Serving web and API traffic, facilitating reverse HTTP(s) requests.
:link: TCP Socket: Serving reverse TCP requests for enhanced functionality.
:globe_with_meridians: Nginx: Effortlessly routing traffic between web and backend systems.
:incoming_envelope: Redis PubSub: Serving as a robust message broker for seamless communication.
:rocket: Websockets: Delivering real-time updates to browser clients for enhanced user experience.
:floppy_disk: Postgres DB: Ensuring persistent storage for seamless continuity.

Architecture

c2_cloud_architecture_diagram

Application setup

  • Management port: 9000

  • Reversse HTTP port: 8000

  • Reverse TCP port: 8888

  1. Clone the repo
  2. Optional: Update chait_id, bot_token in c2-telegram/config.yml
  3. Execute docker-compose up -d to start the containers Note: The c2-api service will not start up until the database is initialized. If you receive 500 errors, please try after some time.

Credits

Inspired by Villain, a CLI-based C2 developed by Panagiotis Chartas.

License

Distributed under the MIT License. See LICENSE for more information.

Contact

GitHub:

3 Likes