Conquest is a feature-rich, extensible and malleable command & control/post-exploitation framework developed for penetration testing and adversary simulation. Conquest's team server, operator client and agent have all been developed using the Nim programming language and are designed with modularity and flexibility in mind. It features an advanced malleable profile system for customizing network traffic, a multi-user client GUI developed using Dear ImGui, a powerful Python Scripting API and the Monarch agent, an extensible C2 implant aimed at Windows targets.
Caution
Conquest is designed to be only used for educational purposes, research and authorized security testing of systems that you own or have an explicit permission to attack. The author provides no warranty and accepts no liability for misuse.
The Conquest team server and operator client are currently meant to be compiled and used on a Ubuntu/Debian-based operating system. For getting the framework up and running, follow the installation instructions.
For more information about architecture, usage and features, check out the documentation!
- Different listener types: HTTP, SMB
- Advanced malleable C2 profile system for configuring network traffic (TOML v1.1)
- Encrypted C2 communication leveraging AES256-GCM and X25519 key exchange
- Logging of all operator activity
- Loot management:
- Downloads
- Screenshots
- Credentials
- Websocket-based GUI developed using Dear ImGui
- Multi-client support and password-based user authentication
- Flexible payload generation with module selection
- Graph view for agent sessions
- File and process browser components
- Console history and auto-complete for agent commands
- Powerful console search functionality with Regex support
- Powerful and extensible Python Scripting API for creating commands
- Battle-tested module ecosystem
- Different payload types: .exe, .dll, .svc.exe
- Sleep obfuscation via Ekko, Zilean or Foliage with support for call stack spoofing
- Asynchronous job system for long-running tasks
- Stable COFF/BOF Loader
- Support for Async BOFs
- In-memory execution of .NET assemblies
- In-memory execution of DLLs
- Token manipulation & token vault
- AMSI/ETW patching via hardware breakpoints
- Compile-time string obfuscation
- Self-destruct functionality
- Execution guardrails
- Agent kill date & working hours
The following projects and people have significantly inspired and/or helped with the development of this framework.
- Inspiration:
- Development:
- imguin by dinau (ImGui Wrapper for Nim)
- MalDev Academy
- Creds by S3cur3Th1sSh1t
- malware by m4ul3r
- winim
- OffensiveNim
- Existing C2's written (partially) in Nim