A streamlined, modular Command-and-Control framework designed for managing CMS and Apache environments with precision.
Horizon is a lightweight C2 (Command and Control) framework written in Python. It focuses on efficiency and stealth, offering a fully functional HTTP-based interface for remote administration, monitoring, and exploit delivery.
It is specifically designed to target various Content Management Systems (WordPress, Joomla, etc.) and Apache servers without the need for heavy API warming or complex backend setups.
help - Display this help menu to see available commands.
create_target - Add/Create your target. This command prompts you for host, password, shell name, and SSL option.modules - Show all available modules. Lists modules available for different functionalities.
plugins - Shows all loaded plugins. You can interact with available plugins here.
exploits - Shows all loaded exploits. Use: exploit <exploit>
targets - Load targets and display their details, such as host and credentials.
connect - Connect to a specified target. Input the host to establish a connection.
back - Go back to the previous menu or context.
exit - Close down the application. Ensure any cleanup tasks are handled before exit.
shell - Load an interactive shell for executing commands in the target's context.
upload - Upload a file to the webserver. Use this command followed by the file path.
use - Specify a plugin for execution, e.g., 'use plugin/wp_dump_logins'.
generate - Generate FUD(Fully Undetected) implant e.g, 'generate.
wpinject - Create a persistent ghost account in WordPress, enabling unauthorized access to admin without detection.
load_fish - Deploy deploy phishing websites aimed at capturing sensitive information on the targets host.
wordpress_user_enumeration - Wordpress username basic enumeration.
peas - Privilege Escalation: E.g: peas <target> run <shellname>
peas <target> read <log_name.log> <shellname>
Total plugins: 2
1. plugins/linux_basic_enum
2. plugins/windows_basic_enum
- Mutual TLS (mTLS) encryption between Client and Server
- User Account Control (UAC) Privilege Escalation
- More modules/plugins and exploits
Clone the repository with git:
git clone https://github.com/PukkaPie/Horizon.git
To install Horizon clone the github repo and run:
pip install -r requirements.txt
Once you run this you will be able to run:
./__main__.py
Deploy a file with (codename).plugin into plugins folder/
Each line will be ran under exec()
systeminfo
ipconfig
netstat -ano
wmic useraccount get name
uname -a; hostname; ip a; netstat -tuln; ps aux; whoami; id; df -h; free -m
cat /etc/passwd
lsof -i
This tool is developed for educational purposes and authorized security auditing only. The developer (PukkaPie) assumes no liability for misuse or damage caused by this software. Always obtain explicit written consent before testing on any network or system.