Adversary Emulation Framework

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Covenant is a collaborative .NET C2 framework for red teamers.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

A post exploitation framework designed to operate covertly on heavily monitored environments

RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Starkiller is a Frontend for PowerShell Empire.

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

DeimosC2 is a Golang command and control framework for post-exploitation.

渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理

Some notes and examples for cobalt strike's functionality

牛屎花 一款基于WEB界面的远程主机管理工具

去中心化远程控制工具（Decentralized Remote Administration Tool），通过ENS实现了配置文件分发的去中心化，通过Telegram实现了服务端的去中心化

🕳 godoh - A DNS-over-HTTPS C2

Open source pre-operation C2 server based on python and powershell

the c2 programming language