A modern C2 (Command & Control) platform built with Go, React, and Zig.
Warning
Important Disclaimer
This project is intended ONLY for:
- Authorized security testing
- Educational and research purposes
- Red team exercises (with explicit authorization)
Any illegal use is strictly prohibited. Users bear full legal responsibility.
Real-time overview of your infrastructure with key metrics and activity monitoring.
Features:
- Multi-platform support: Linux x64/x86/ARM64/ARM
- Real-time status monitoring with heartbeat tracking
- OS-specific icons (Ubuntu, Debian, CentOS, Arch, Fedora, Alpine, Kali, etc.)
- Batch operations: delete multiple implants, bulk jitter updates
- Advanced filtering, sorting, and pagination
- Root/Admin user highlighting
- Process name masquerading for stealth
Features:
- HTTP/HTTPS listener support
- Stage listener for shellcode delivery
- Start/Stop control with status monitoring
- Configurable host, port, and endpoints
Features:
- Stager: Lightweight downloader that fetches and executes shellcode in memory
- Implant: Full-featured agent with BOF execution capability
- Multiple output formats: ELF, Shellcode (.bin), Shared Library (.so)
- Cross-compilation: x64, x86, ARM64, ARM
- Process name customization for
/proc/pid/cmdlinemasquerading - Real-time build progress with streaming logs
- Language options: Zig (default), C
Built-in BOFs:
shell- Execute shell commands and return outputspawn- Spawn a background process (daemonized, no shell residue)memexec- Execute ELF binary from memory without touching disk (supports stealth mode)revshell- Spawn an interactive reverse shell via HTTP hijacksocks5- Start SOCKS5 proxy tunnel through implanttcpScanner- Scan TCP ports on target hostsifconfig- Display network interface informationcat- Read file contentsls- List directory contentsenv- Display environment variablesuname- System informationwhoami- Current user informationpwd- Print working directory
Features:
- Beacon Object File (BOF) support for post-exploitation
- Task queue with status tracking (pending, running, completed, failed)
- Detailed task output with timestamps
- Support for custom BOF development
Features:
- SOCKS5 proxy tunneling through implant
- Username/password authentication support
- Auto-generated random credentials for security
- Custom process name masquerading (e.g.,
[kworker/u8:2-events_unbound]) - Process isolation: proxy daemon runs with PPID=1 (no association with implant)
- Multiple proxy servers per implant
- One-click proxy URL copy to clipboard
- Remote daemon shutdown via web UI
Features:
- Real-time interactive shell via HTTP hijack
- Multiple shell sessions per implant
- Session history with timestamps
- Syntax highlighting for terminal output
- Minimal footprint (single bash process)
- Process isolation: shell runs with PPID=1 (no association with implant)
- Integrated into implant management panel
| Component | Technology |
|---|---|
| Backend | Go + Gin + GORM + SQLite |
| Frontend | React + TypeScript + Vite + shadcn/ui + TanStack Table |
| Implant | Zig |
| Stager | Zig / C |
| BOF Loader | Zig |
| Component | OS | Architectures |
|---|---|---|
| Implant | Linux | x64, x86, ARM64, ARM |
| Stager | Linux | x64, x86, ARM64, ARM |
| BOFs | Linux | x64, x86, ARM64, ARM |
| BOFs | Windows | x64, x86 |
MIT