A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | AC | AD | AE | AF | AG | AH | AI | AJ | AK | AL | AM | AN | AO | AP | AQ | AR | AS | AT | AU | AV | AW | AX | AY | AZ | BA | BB | BC | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | C2 Info | C2 Matrix Info | Language | UI | Implant | Channel | Capabilities | Detection | Support | |||||||||||||||||||||||||||||||||||||||||||||||
2 | Name | License | Price | GitHub | Site | Evaluator | Date | Version | Implementation | How-To | Slingshot | Kali | Server | Implant | Multi-User | UI | Dark Mode | API | Windows | Linux | macOS | TCP | HTTP | HTTP2 | HTTP3 | DNS | DoH | ICMP | FTP | IMAP | MAPI | SMB | LDAP | Key Exchange | Stego | Proxy Aware | DomainFront | Custom Profile | Jitter | Working Hours | Kill Date | Chaining | Logging | In Wild | ATT&CK Mapping | Dashboard | Blog | C2-Matrix Indicators | JARM | Actively Maint. <12 mo | Slack | Slack Members | GH Issues | Notes | ||
3 | Alan | Created Commons | NA | https://github.com/enkomio/AlanFramework | @s4tan | @s4tan | 9/10/2021 | 4 | binary | .NET | C/Asm | No | No | No | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | No | Yes | No | No | No | Yes | Yes | No | No | No | Yes | Yes | No | No | All code is executed in memory | ||||||||||||
4 | Ares | NA | NA | https://github.com/sweetsoftware/Ares | @nas_bench | 5/27/2021 | N/A | Python | Python | Python | No | Web | Yes and only dark mode | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | No | None | No | No | No | Yes | Yes | No | No | No | Yes | No | Yes | Yes | Yes | No | ||||||||||||
5 | AsyncRAT-C# | MIT | NA | https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp | Contribute | 1dd40d40d00040d1dc1dd40d1dd40d3df2d6a0c2caaa0dc59908f0d3602943 | No | NA | 158 | |||||||||||||||||||||||||||||||||||||||||||||||
6 | AtlasC2 | MIT | NA | https://github.com/Gr1mmie/AtlasC2 | https://grimmie.net/atlasc2-carrying-the-weight-of-net-assemblies/ | @gr1mmie | @Adam_Mashinchi | 3/20/2022 | C# | Yes | C# | C# | CLI | Yes | ||||||||||||||||||||||||||||||||||||||||||
7 | BabyShark | NA | NA | https://github.com/UnkL4b/BabyShark | @UnkL4b | @nas_bench | 6/8/2021 | Beta 1.0 | Python | Bash | No | Web | Yes and only dark mode | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | None | No | No | No | No | No | No | No | No | Yes | No | Yes | Yes | ||||||||||||||
8 | Badrats | GNU GPL3 | NA | https://gitlab.com/KevinJClark/badrats | @GuhnooPlusLinux | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
9 | BlackMamba | MIT | NA | https://github.com/loseys/BlackMamba | Contribute | Yes | ||||||||||||||||||||||||||||||||||||||||||||||||||
10 | Brute Ratel | Commercial | $2,500 | https://bruteratel.com/ | @NinjaParanoid | @NinjaParanoid | 3/19/2021 | 0.3 | binary | Golang | C, x64 Asm | Yes | GUI | Yes | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | |||||||||||||
11 | Bunraku | Apache 2 | NA | https://github.com/theshadowboxers/bunraku | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
12 | C3 | BSD3 | NA | https://github.com/FSecureLABS/C3 | https://labs.f-secure.com/tools/c3/ | @FSecureLabs | @ajpc500 | 6/30/2021 | 1.3 | .NET Core | C++ | Yes | GUI | Yes | Yes | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | Yes | Yes | Yes | No | Yes | No | No | Yes | No | No | Yes | Yes | No | No | Yes | - hunting for C3 - https://labs.f-secure.com/blog/hunting-for-c3/ - dropbox channel - https://labs.f-secure.com/blog/attack-detection-fundamentals-c2-and-exfiltration-lab-3 - UNC share file detection - https://labs.f-secure.com/blog/attack-detection-fundamentals-discovery-and-lateral-movement-lab-3/ - Printer C2 detection - https://labs.f-secure.com/blog/print-c2/ - Yara Rule from FireEye - https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html - Yara rule for C3 in-memory shellcode - https://gist.github.com/ajpc500/9ae6eb427375438f906b0bf394813bc5 - C3 DLL usage (sigma rule) - https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/process_creation_c3_load_by_rundll32.yml | Yes | #c3 bloodhoundgang.herokuapp.com | 320 | 6 | Asana - Dropbox - GoogleDrive - GitHub - Slack - O365 - LDAP - Printer - Unc Share File - MSSQL | |||||||
13 | CALDERA | Apache 2 | NA | https://github.com/mitre/caldera | @jorgeorchilles | 10/6/2019 | 2 | pip3 | Yes | Python | Go | Yes | Web | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | None | No | Yes | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | Yes | Yes | http://mitre-caldera.slack.com/ | 181 | |||||||||||
14 | Callidus | GNU GPL3 | NA | https://github.com/3xpl01tc0d3r/Callidus | @chiragsavla94 | @chiragsavla94 | 5/8/2020 | Yes | .Net Core | .Net Core | No | CLI | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | None | No | No | No | No | No | No | No | No | No | No | No | No | O365 services: Outlook, OneNote, Teams | ||||||||||||||||
15 | CHAOS | BSD3 | NA | https://github.com/tiagorlampert/CHAOS | @tiagorlampert | @leekirkpatrick4 | 5/14/2020 | 3 | Go | No | Go | Go | No | CLI | No | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes | Yes | No | NA | 13 | ||||||||||
16 | Cobalt Strike | Commercial | $5,900 | https://www.cobaltstrike.com/ | @TimMedin | 11/20/2019 | 3.14 | binary | Java | C | Yes | GUI | No | Yes | No | No | Yes | Yes | No | No | Yes | Yes | No | No | No | No | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 07d14d16d21d21d07c42d41d00041d24a458a375eef0c576d23a7bab9a9fb1 | Yes | No | NA | NA | ||||||||||
17 | Covenant | GNU GPL3 | NA | https://github.com/cobbr/Covenant | https://cobbr.io/tags#covenant | @cobbr_io | @jorgeorchilles | 10/6/2019 | 0.3 | Docker | Yes | Yes | Yes | C# | C# | Yes | Web | Yes | Yes | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | Yes | Encrypted Key Exchange | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | Yes | #covenant bloodhoundhq.slack.com | 665 | 108 | ||||||
18 | DaaC2 | NA | NA | https://github.com/crawl3r/DaaC2 | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
19 | Dali | MIT | NA | https://github.com/h0mbre/Dali | https://h0mbre.github.io/Image_Based_C2_PoC/ | @h0mbre_ | @jorgeorchilles | 12/24/2019 | POC | pip3 | Python | Python | No | CLI | No | BYOI | BYOI | BYOI | No | Yes | No | No | No | No | No | No | No | No | No | AES | Yes | No | No | No | No | No | No | No | No | No | No | Yes | No | NA | 0 | Uses Imgur | ||||||||||
20 | DarkFinger | MIT | NA | https://github.com/hyp3rlinx/DarkFinger-C2 | @hyp3rlinx | @nas_bench | 7/4/2021 | POC | Python | Python | Batch | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | Yes | ||||||||||||
21 | DBC2 | NA | NA | https://github.com/Arno0x/DBC2 | Contribute | No | Dropbox | |||||||||||||||||||||||||||||||||||||||||||||||||
22 | DcRat | MIT | NA | https://github.com/qwqdanchun/DcRat | @qwqdanchun | Contribute | Yes | No | No | |||||||||||||||||||||||||||||||||||||||||||||||
23 | DeimosC2 | MIT | NA | https://github.com/DeimosC2/DeimosC2 | @CharlesDardaman | @jasc22 | 9/17/2020 | 1.1.0 Beta | Golang | Golang | Golang | Yes | Web | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes | No | No | No | No | No | Encrypted Key Exchange | No | Yes | No | No | Yes | No | Yes | Yes | Yes | No | No | Yes | 00000000000000000041d00000041d9535d5979f591ae8e547c5e5743e5b64 | Yes | No | NA | 9 | |||||||||
24 | Disctopia | GNU GPL3 | NA | https://github.com/3ct0s/disctopia-c2 | Contribute | Yes | Yes | |||||||||||||||||||||||||||||||||||||||||||||||||
25 | Eggshell | GNU GPL2 | NA | https://github.com/neoneggplant/EggShell | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
26 | emp3r0r | MIT | NA | https://github.com/jm33-m0/emp3r0r | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
27 | Empire | BSD3 | NA | https://github.com/BC-SECURITY/Empire | @BCSecurity1 | @jorgeorchilles | 1/30/2020 | 3.0.5 | install.sh | Yes | Yes | Yes | Python | PowerShell | Yes | GUI | Yes | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | Encrypted Key Exchange | No | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | 0ad0ad0000ad0ad22c42d42d000000088658245da669bb571fc2a62dd80912 | Yes | #psempire bloodhoundhq.slack.com | 1299 | 61 | Dropbox, OneDrive | ||||
28 | EvilOSX | GNU GPL3 | NA | https://github.com/Marten4n6/EvilOSX | @cabbagesalad2 | 11/12/2019 | 7.2.1 | pip3 | Yes | Python | Python | No | GUI | No | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | AES | No | No | No | Yes | No | No | No | No | No | No | No | Yes | No | NA | 89 | ||||||||||||
29 | Faction C2 | BSD3 | NA | Taken down | https://c2lol.blob.core.windows.net/text/faction.txt | @jorgeorchilles | 10/30/2019 | NA | install.sh | Yes | Yes | Yes | .NET | .NET | Yes | Web | Yes | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | TLS | No | Yes | No | Yes | Yes | No | Yes | No | Yes | No | Yes | No | #factionc2 bloodhoundhq.slack.com | 203 | 38 | |||||||||
30 | FlyingAFalseFlag | GNU GPL3 | NA | https://github.com/monoxgas/FlyingAFalseFlag | @jorgeorchilles | 11/12/2019 | POC | pip3 | Python | C++ | No | CLI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | None | No | No | No | No | No | No | No | No | No | No | No | Yes | No | NA | 1 | PostOffice EWS SendGrid & Addendum VirusTotal | ||||||||||||
31 | FudgeC2 | GNU GPL3 | NA | https://github.com/Ziconius/FudgeC2 | @Ziconius | @jorgeorchilles | 2/11/2020 | Beta | pip3 | Yes | Python | Powershell | Yes | Web | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | None | No | No | No | Yes | No | No | Yes | No | No | No | Yes | Yes | #fudgec2 bloodhoundhq.slack.com | NA | 3 | |||||||||||
32 | GC2-sheet | NA | NA | https://github.com/looCiprian/GC2-sheet | @loogrz | Google Sheets and Drive | ||||||||||||||||||||||||||||||||||||||||||||||||||
33 | GoBot2 | MIT | NA | https://github.com/SaturnsVoid/GoBot2 | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
34 | godoh | GNU GPL3 | NA | https://github.com/sensepost/goDoH | @leonjza | @cabbagesalad2 | 10/31/2019 | 1.6 | binary | Yes | Go | Go | No | CLI | No | Yes | Yes | Yes | No | No | No | No | Yes | Yes | No | No | No | No | No | None | No | No | No | No | Yes | No | No | No | No | No | No | Yes | Yes | No | NA | 1 | ||||||||||
35 | GRAT2 | GNU GPL3 | NA | https://github.com/r3nhat/GRAT2 | @r3n_hat | @r3n_hat | 9/1/2021 | Beta | No | No | Python | C# | No | CLI | No | No | Yes | No | No | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | Yes | Yes | No | No | No | No | No | No | No | Yes | No | NA | 0 | Encrypted Communication using XOR | |||||||
36 | HARS | MIT | NA | https://github.com/onSec-fr/Http-Asynchronous-Reverse-Shell | @leekirkpatrick4 | 3/24/2020 | POC | python | Python | C# | No | CLI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | None | No | Yes | No | Yes | Yes | No | No | No | Yes | No | No | Yes | Yes | No | NA | 2 | ||||||||||||
37 | Haven | Commercial | Contact Sales | https://pivotlabs.dev/haven/ | https://docs.pivotlabs.dev/index.html | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
38 | HTTP-RevShell | GNU GPL3 | NA | https://github.com/3v4Si0N/HTTP-revshell | @3v4Si0N | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
39 | ibombshell | GNU GPL3 | NA | https://github.com/ElevenPaths/ibombshell | @jorgeorchilles | 11/12/2019 | 0.0.3b | pip3 | Yes | Yes | Python | PowerShell | No | GUI | No | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | None | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | NA | 5 | |||||||||||
40 | INNUENDO | Commercial | Contact Sales | https://www.immunityinc.com/products/innuendo/ | @daveaitel | 11/11/2019 | 1.7 | install.sh | Python | Python | Yes | Web | Yes | Yes | Yes | Yes | No | Yes | No | No | Yes | No | Yes | Yes | Yes | Yes | Yes | Encrypted Key Exchange | No | Yes | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | NA | NA | |||||||||||||
41 | Khepri | Apache 2 | NA | https://github.com/geemion/Khepri | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
42 | Koadic C3 | Apache 2 | NA | https://github.com/zerosum0x0/koadic | @jorgeorchilles | 9/27/2019 | 0xA (10) | pip3 | Yes | Yes | Yes | Python | JScript/VBScript | No | GUI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | None | No | No | No | No | No | No | Yes | No | Yes | Yes | Yes | No | Yes | Yes | No | NA | 94 | Requires valid cert for HTTPS | |||||||
43 | Link | GNU GPL3 | NA | https://github.com/postrequest/link | ||||||||||||||||||||||||||||||||||||||||||||||||||||
44 | LOLBITS | GNU GPL3 | NA | https://github.com/Kudaes/LOLBITS | @Kurosh2907 | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
45 | MacC2 | BSD3 | NA | https://github.com/cedowens/MacC2 | Contribute | 2ad2ad0002ad2ad22c42d42d000000faabb8fd156aa8b4d8a37853e1063261 | ||||||||||||||||||||||||||||||||||||||||||||||||||
46 | MacShellSwift | NA | NA | https://github.com/cedowens/MacShellSwift | @cedowens | @Adam_Mashinchi | 11/13/2019 | N/A | python | Yes | Python | Swift | No | CLI | No | No | No | Yes | No | Yes | No | No | No | No | No | No | No | No | No | TLS | No | No | No | No | No | No | No | No | No | No | No | 2ad000000000000000000000000000eeebf944d0b023a00f510f06a29b4f46 | Yes | No | NA | 0 | ||||||||||
47 | MACE | NA | NA | https://github.com/nickvangilder/most-average-c2-ever | Contribute | Python | No | CLI | ||||||||||||||||||||||||||||||||||||||||||||||||
48 | MeetC2 | NA | NA | https://github.com/CMatri/MeetC2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
49 | Merlin | GNU GPL3 | NA | https://github.com/Ne0nd0g/merlin | https://merlin-c2.readthedocs.io/en/latest/ | @merlin_c2 | @jorgeorchilles | 11/4/2019 | 0.8.0 | Binary | Yes | Yes | Yes | Go | Go | No | CLI | No | Yes | Yes | Yes | No | Yes | Yes | Yes | No | No | No | No | No | No | No | aPAKE OPAQUE | No | No | No | No | Yes | No | Yes | No | Yes | No | No | 29d21b20d29d29d21c41d21b21b41d494e0df9532e75299f15ba73156cee38 | Yes | #merlin bloodhoundhq.slack.com | 278 | 57 | Gandalf: https://github.com/r00t0v3rr1d3/merlin/tree/dev | ||||||
50 | Metasploit | BSD3 | NA | https://github.com/rapid7/metasploit-framework | https://metasploit.com | @metasploit | @busterbcook | 12/4/2019 | 5.0.62 | Ruby | Ruby | C/Java/PHP/Python | Yes | CLI | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No | No | Yes | RSA | No | Yes | Yes | No | No | No | No | Yes | Yes | No | No | Yes | 07d14d16d21d21d00042d43d000000aa99ce74e2c6d013c745aa52b5cc042d | Yes | metasploit.slack.com | 4653 | 3953 | |||||||||
51 | Meteor | GNU GPL3 | NA | https://github.com/degenerat3/meteor | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
52 | Meterpeter | NA | NA | https://github.com/r00t-3xp10it/meterpeter | Contribute | No | Yes | No | NA | 0 | ||||||||||||||||||||||||||||||||||||||||||||||
53 | MicroBackdoor | GNU GPL3 | NA | https://github.com/Cr4sh/MicroBackdoor | @d_olex | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
54 | MikeC2 | MIT | NA | https://github.com/mlgualtieri/PurpleTeamSummit/tree/main/Summit-May2021 | @mlgualtieri | Contribute | 5/25/2021 | C# / PHP | No | No | No | PHP | C# | No | CLI | No | No | Yes | No | No | Yes | Yes | No | No | No | No | No | No | No | No | No | No | No | No | No | No | Yes | No | Yes | No | No | No | No | No | No | No | No | No | The MikeC2 agent is best loaded with MikeDrop | |||||||
55 | Mistica | GNU GPL3 | NA | https://github.com/IncideDigital/Mistica | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
56 | Mythic | BSD3 | NA | https://github.com/its-a-feature/Mythic | https://docs.mythic-c2.net/ | @its_a_feature_ | @jorgeorchilles | 10/6/2019 | 1.3 | Docker | Yes | Python | Python | Yes | Web | Yes | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | Encrypted Key Exchange | No | No | Yes | Yes | No | No | No | No | Yes | No | Yes | 2ad2ad0002ad2ad00042d42d000000ad9bf51cc3f5a1e29eecb81d0c7b06eb | Yes | #ApFell bloodhoundgang.herokuapp.com | 180 | 14 | |||||||||
57 | Mythic-Apollo | BSD3 | NA | https://github.com/MythicAgents/Apollo | @djhohnstein | Contribute | Implant for Mythic | |||||||||||||||||||||||||||||||||||||||||||||||||
58 | Mythic-Medusa | NA | NA | https://github.com/MythicAgents/Medusa | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
59 | Nebula | MIT | NA | https://github.com/gl4ssesbo1/Nebula | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
60 | Nighthawk | Commercial | £22,500 | https://www.mdsec.co.uk/nighthawk/ | @MDSecLabs | @domchell | 12/16/2021 | 0.1 | Binary | Python | C++ | Yes | GUI | No | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | Yes | No | Yes | Yes | NA | NA | ||||||||
61 | Ninja | GNU GPL3 | NA | https://github.com/ahmedkhlief/Ninja/ | https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/ | @leekirkpatrick4 | 4/3/2020 | Beta | python | Python | C#/PowerShell | Yes | CLI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | AES | No | Yes | No | Yes | No | No | No | No | Yes | No | No | Yes | Yes | No | NA | 4 | Built on top of leaked MuddyC3 | ||||||||||
62 | NorthStarC2 | GNU GPL3 | NA | https://github.com/EnginDemirbilek/NorthStarC2 | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
63 | Nuages | NA | NA | https://github.com/p3nt4/Nuages | @xp3nt4 | @xp3nt4 | 11/12/2019 | 1 | Node.Js | Yes | Python | C# | Yes | Cli | Yes | Yes | Yes | Yes | No | Yes | No | No | Yes | No | No | No | No | No | No | AES | No | Yes | No | No | No | No | No | No | No | No | No | Yes | No | NA | 0 | Implants can be built and customized easily | ||||||||||
64 | Octopus | GNU GPL3 | NA | https://github.com/mhaskar/Octopus | https://shells.systems/unveiling-octopus-the-pre-operation-c2-for-red-teamers/ | @mohammadaskar2 | @jorgeorchilles | 12/12/2019 | v1.0 Beta | pip3 | Python | PowerShell | No | GUI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | AES | No | No | No | Yes | No | No | No | No | No | Yes | Yes | No | Yes | No | NA | 3 | ||||||||||
65 | OffensiveNotion | MIT | NA | https://github.com/mttaggart/OffensiveNotion | @mttaggart @huskyhacksmk | |||||||||||||||||||||||||||||||||||||||||||||||||||
66 | OST Stage 1 | Commercial | Check Site | https://outflank.nl/services/outflank-security-tooling/ | @OutflankNL | @MarcOverIP | 11/5/2021 | SaaS | Python | C++ | Yes | GUI | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes, private | Focus on Stage 1 type of functionality. Available as part of larger OST offering with multiple initial access and post-ex capabilities | ||||||||||||||||||||||||||||
67 | Oyabun C2 | Commercial | $200 | https://redcodelabs.io/oyabun/ | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
68 | Palinka | NA | NA | https://github.com/lapolis/palinka_c2 | @l4p0lis | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
69 | PetaQ | MIT | NA | https://github.com/fozavci/petaqc2 | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
70 | PickleC2 | NA | NA | https://github.com/xRET2pwn/PickleC2 | https://picklec2.readthedocs.io/en/latest/ | @RET2_pwn | Contribute | Python | PowerShell | |||||||||||||||||||||||||||||||||||||||||||||||
71 | PoshC2 | BSD3 | NA | https://github.com/nettitude/PoshC2/ | https://poshc2.readthedocs.io/en/latest/ | @Nettitude_Labs | @jorgeorchilles | 9/11/2021 | 7.4.0 | install.sh | Yes | Yes | Yes | Python | PowerShell/C#/Python | Yes | CLI | Yes | No | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | Yes | TLS | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | 2ad2ad0002ad2ad22c42d42d000000faabb8fd156aa8b4d8a37853e1063261 | Yes | poshc2.slack.com | https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/ | 44 | https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/ | |||
72 | PowerHub | MIT | NA | https://github.com/AdrianVollmer/PowerHub | @mr_mitm | @jorgeorchilles | 11/15/2019 | 1.3 | pip3 | Yes | Yes | Python | PowerShell | Yes | Web | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | TLS | No | Yes | No | No | No | No | No | No | Yes | No | No | Yes | No | NA | 38 | ||||||||||
73 | Prelude | Commercial | Check Site | https://github.com/preludeorg/ | https://www.prelude.org/ | @preludeorg | @bfuzzy1 | 1/15/2021 | 0.9.12 | Binary | No | No | No | NodeJS | Go/Python/JS | No | GUI | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No | No | No | No | Pre-shared key/TLS | No | No | No | No | Yes | Yes | No | Yes | Yes | No | Yes | Yes | No | No | Yes | No | N/A | 6 | Community is free, Professional $50 per user, Enterprise $1,000 a month up to 10 users | ||
74 | Prismatica | MIT | NA | https://github.com/Project-Prismatica | http://prismatica.io/ | @PPrismatica | @0sm0s1z | 11/13/2019 | 0.01 | Docker | Javascript/Python | JScript/.NET/Rust | Yes | GUI | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No | No | No | None | No | Yes | No | Yes | Yes | No | No | Yes | Yes | No | Yes | Yes | No | NA | 1 | |||||||||||
75 | Proton | GNU GPL3 | NA | https://github.com/entynetproject/proton | @enty8080 | Contribute | 5 | install.sh | Python | JScript/VBScript | No | Yes | No | No | No | No | No | No | No | No | No | No | NA | 4 | ||||||||||||||||||||||||||||||||
76 | Pupy | BSD3 | NA | https://github.com/n1nj4sec/pupy | @n1nj4sec | Contribute | Python | Python | No | CLI | No | Yes | Yes | Yes | No | NA | 596 | |||||||||||||||||||||||||||||||||||||||
77 | QuasarRAT | MIT | NA | https://github.com/quasar/QuasarRAT | @leekirkpatrick4 | 5/20/2020 | 1.3.0.0 | C# | C# | C# | No | GUI | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | TLS | No | No | No | No | No | No | No | No | No | Yes | Yes | No | Yes | Yes | No | NA | 529 | |||||||||||
78 | RATel | MIT | NA | https://github.com/FrenchCisco/RATel | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
79 | Red Team Toolkit | Commercial | $7,000 | https://www.netspi.com/technology/red-team-toolkit/ | @SilentBreakSec | @dmay3r | 11/22/2019 | 2.63 | install.sh | Python | C++ | No | CLI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | Yes | Encrypted Key Exchange | No | Yes | Yes | Yes | No | No | No | Yes | Yes | No | No | Yes | No | NA | NA | ||||||||||||
80 | RedHerd Framework | MIT | NA | https://github.com/redherd-project/redherd-framework | https://redherd.readthedocs.io | @RedHerdProject | 9/29/2021 | 0.0.4 | JavaScript / Docker | Node.js | NA | Yes | Web | Yes | Yes | Yes* | Yes* | Yes* | Yes (SSH) | NA | NA | NA | NA | NA | NA | NA | NA | No | Yes** | Yes | No | No | (*) Implant refers to the supported OS for the assets. (**) ATT&CK Mapping is easly integrated through custom topics, the default is CKC Mapping. | |||||||||||||||||||||||
81 | redViper | NA | NA | https://github.com/itsKindred/redViper | Contribute | No | Yes | No | NA | 0 | ||||||||||||||||||||||||||||||||||||||||||||||
82 | ReverseTCPShell | NA | NA | https://github.com/ZHacker13/ReverseTCPShell | @ZHacker13 | @jorgeorchilles | 12/19/2019 | NA | PowerShell | PowerShell | PowerShell | No | CLI | No | Yes | No | No | Yes | No | No | No | No | No | No | No | No | No | No | None | No | No | No | No | No | No | No | No | No | No | No | Yes | No | No | NA | 0 | Direct, constant TCP connection | ||||||||||
83 | sak1to-shell | NA | NA | https://github.com/d4rk007/sak1to-shell | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
84 | SCYTHE | Commercial | Contact Sales | https://github.com/scythe-io | https://scythe.io | @scythe_io | @Adam_Mashinchi | 7/7/2020 | 3 | Binary | Python | C | Yes | Web | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No | No | No | No | Yes | Curve25519 | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | 2ad2ad16d2ad2ad22c42d42d0000006f254909a73bf62f6b28507e9fb451b5 | Yes | No | NA | NA | |||||||||
85 | Serpentine | MIT | NA | https://github.com/jafarlihi/serpentine | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
86 | Shad0w | MIT | NA | https://github.com/bats3c/shad0w | @_batsec_ | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
87 | Shadow Workers | MIT | NA | https://github.com/shadow-workers/shadow-workers | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
88 | SharpC2 | GNU GPL3 | NA | https://github.com/SharpC2/SharpC2/tree/dev | https://rastamouse.me/2020/05/sharpc2/ | @_RastaMouse @_xpn_ | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||
89 | SilentTrinity | GNU GPL3 | NA | https://github.com/byt3bl33d3r/SILENTTRINITY | @byt3bl33d3r | @0sm0s1z | 11/13/2019 | 0.4.6dev | Binary | Yes | Yes | Yes | Python | Boolang | Yes | CLI | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | ECDHE | No | No | Yes | No | Yes | No | No | No | Yes | No | No | Yes | #silenttrinity bloodhoundhq.slack.com | 489 | 67 | |||||||||
90 | SK8PARK/RAT | NA | NA | https://github.com/slyd0g/ | @slyd0g | Contribute | Yes | Python | C++ | Yes | No | Yes | No | No | No | No | No | No | No | No | No | Encrypted Key Exchange | No | Yes | No | No | No | NA | 0 | SK8PARK is server and SK8RAT is implant | ||||||||||||||||||||||||||
91 | Slack-C2Bot | NA | NA | https://github.com/praetorian-inc/slack-c2bot | Contribute | Yes | Yes | Slack | ||||||||||||||||||||||||||||||||||||||||||||||||
92 | Slackor | GNU GPL3 | NA | https://github.com/n00py/Slackor | Contribute | No | ||||||||||||||||||||||||||||||||||||||||||||||||||
93 | Sliver | GNU GPL3 | NA | https://github.com/BishopFox/sliver | @LittleJoeTables @rkervell @bishopfox | @jorgeorchilles | 11/5/2019 | 0.0.6 | Binary | Yes | Yes | Yes | Go | Go | Yes | CLI | No | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | No | No | No | No | No | mTLS | No | No | No | No | No | No | No | No | No | Yes | No | 2ad2ad0002ad2ad00041d2ad2ad41da5207249a18099be84ef3c8811adc883 | Yes | No | NA | 131 | Good for evasion | |||||||
94 | SQLC2 | BSD3 | NA | https://github.com/NetSPI/SQLC2 | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
95 | Throwback | GNU GPL2 | NA | https://github.com/silentbreaksec/Throwback | @SilentBreakSec | @malcomvetter | 2/24/2020 | Aug 2017 | shell script | Yes | php | C++ | Yes | Web | No | Yes | No | No | No | Yes | No | No | No | No | No | No | No | No | No | RC4 | No | Yes | No | No | No | No | No | No | No | No | Yes | Yes | No | No | NA | 1 | No updates in 5 years; web UI not authenticated | |||||||||
96 | ThunderShell | GNU GPL3 | NA | https://github.com/Mr-Un1k0d3r/ThunderShell | Contribute | |||||||||||||||||||||||||||||||||||||||||||||||||||
97 | ToRat | Unlicense | NA | https://github.com/lu4p/ToRat | @lu4p3 | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
98 | Trevor | BSD3 | NA | https://github.com/trustedsec/trevorc2/ | @HackingDave | @cabbagesalad2 | 10/16/2019 | 1.1 | pip3 | Yes | Python | Python/PowerShell | No | CLI | No | Yes | Yes | Yes | No | Yes | No | No | No | No | No | No | No | No | No | AES | No | No | No | Yes | Yes | No | No | No | No | No | No | https://nasbench.medium.com/understanding-detecting-c2-frameworks-trevorc2-2a9ce6f1f425 | Yes | No | NA | 5 | ||||||||||
99 | TripleCross | GNU GPL3 | NA | https://github.com/h3xduck/TripleCross | @h3xduck | Contribute | ||||||||||||||||||||||||||||||||||||||||||||||||||
100 | Violent Fungus | BSD3 | NA | https://github.com/sogonsec/ViolentFungus-C2 | Contribute |