Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:2422240731843545994
HistoryMay 02, 2024 - 12:30 p.m.

C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The Life Of Penetration Testers

2024-05-0212:30:00
www.kitploit.com
17
c2 cloud
web-based framework
penetration testers
backdoors
ec2
aws
simultaneous sessions
open source
security simulations
reverse shells
tcp
http
https
telegram
real-time
flask
nginx
redis
postgres
architecture
management port
demo
ransomware
telegram
tech stack
villain
mit license
linkedin
twitter

7.4 High

AI Score

Confidence

Low

JSON

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface.

C2 Cloud is open source. Security analysts can confidently perform simulations, gaining valuable experience and contributing to the proactive defense posture of their organizations.

Reverse shells support:

  1. Reverse TCP
  2. Reverse HTTP
  3. Reverse HTTPS (configure it behind an LB)
  4. Telegram C2

Demo

C2 Cloud walkthrough: https://youtu.be/hrHT_RDcGj8 **Ransomware simulation using C2 Cloud:**https://youtu.be/LKaCDmLAyvM Telegram C2: https://youtu.be/WLQtF4hbCKk

Key Features

šŸ”’ Anywhere Access: Reach the C2 Cloud from any location.
šŸ”„ Multiple Backdoor Sessions: Manage and support multiple sessions effortlessly.
šŸ–±ļø One-Click Backdoor Access: Seamlessly navigate to backdoors with a simple click.
šŸ“œ Session History Maintenance: Track and retain complete command and response history for comprehensive analysis.

Tech Stack

šŸ› ļø Flask: Serving web and API traffic, facilitating reverse HTTP(s) requests.
šŸ”— TCP Socket: Serving reverse TCP requests for enhanced functionality.
šŸŒ Nginx: Effortlessly routing traffic between web and backend systems.
šŸ“Ø Redis PubSub: Serving as a robust message broker for seamless communication.
šŸš€ Websockets: Delivering real-time updates to browser clients for enhanced user experience.
šŸ’¾ Postgres DB: Ensuring persistent storage for seamless continuity.

Architecture

Application setup

  • Management port: 9000

  • Reversse HTTP port: 8000

  • Reverse TCP port: 8888

  • Clone the repo

  • Optional: Update chait_id, bot_token in c2-telegram/config.yml

  • Execute docker-compose up -d to start the containers Note: The c2-api service will not start up until the database is initialized. If you receive 500 errors, please try after some time.

Credits

Inspired by Villain, a CLI-based C2 developed by Panagiotis Chartas.

License

Distributed under the MIT License. See LICENSE for more information.

Contact

Download C2-Cloud

7.4 High

AI Score

Confidence

Low

JSON