• Stars
    star
    574
  • Rank 77,739 (Top 2 %)
  • Language
    PowerShell
  • License
    BSD 3-Clause "New...
  • Created over 8 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Powershell C2 Server and Implants

PLEASE NOTE THIS REPO IS NOT BEING ACTIVELY UPDATED BUT IS STILL FULLY FUNCTIONAL - ALL FUTURE C2SERVER/IMPLANT WORK IS BEING CARRIED OUT ON THE PYTHON VERSION PoshC2 - https://github.com/nettitude/PoshC2/

PoshC2

PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to aid penetration testers with red teaming, post-exploitation and lateral movement. Powershell was chosen as the base implant language as it provides all of the functionality and rich features without needing to introduce multiple third party libraries to the framework.

In addition to the Powershell implant, PoshC2 also has a basic dropper written purely in Python that can be used for command and control over Unix based systems such as Mac OS or Ubuntu.

The server-side component is written in Python for cross-platform portability and speed, a Powershell server component still exists and can be installed using the 'Windows Install' as shown below but will not be maintained with future updates and releases.

Linux Install of PoshC2 Python

Install using curl & bash

curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | bash

Manual install

wget https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh
chmod +x ./Install.sh
./Install.sh

Windows Install of PoshC2

powershell -exec bypass -c "IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/nettitude/PoshC2_Old/master/C2-Installer.ps1')"

Issues / FAQs

If you are experiencing any issues during the installation or use of PoshC2 please refer checkout the open issues tracking page within GitHub. If this page doesn't have what you're looking for please open a new issue and we will try to resolve the issue asap.

If you are looking for tips and tricks on PoshC2 usage and optimisation, you are welcome to join the slack channel below.

License / Terms of Use

This software should only be used for authorised testing activity and not for malicious use.

By downloading this software you are accepting the terms of use and the licensing agreement.

Documentation

We maintain PoshC2 documentation over at https://poshc2.readthedocs.io/en/latest/

Find us on #Slack - poshc2.slack.com (to request an invite send an email to [email protected])

More Repositories

1

PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
PowerShell
1,767
star
2

xss_payloads

Exploitation for XSS
PHP
697
star
3

SharpSocks

Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
C#
472
star
4

SharpWSUS

C#
429
star
5

RunPE

C# Reflective loader for unmanaged binaries.
C#
416
star
6

SimplePELoader

In-Memory PE Loader
C++
366
star
7

Prowl

Python
275
star
8

ETWHash

C# POC to extract NetNTLMv1/v2 hashes from ETW provider
C#
248
star
9

MalSCCM

C#
241
star
10

scrounger

Mobile application testing toolkit
Python
237
star
11

ShellcodeMutator

Python
232
star
12

Aladdin

C#
212
star
13

Tartarus-TpAllocInject

C++
172
star
14

RunOF

C#
138
star
15

Invoke-PowerThIEf

The PowerThIEf, an Internet Explorer Post Exploitation library
PowerShell
130
star
16

DLLInjection

DLL Injection Library & Tools
C++
70
star
17

SharpConflux

C#
63
star
18

zeropress

A dumb script for finding dumb coding errors in WordPress plugins
Python
55
star
19

CVE-2024-20356

This is a proof of concept for CVE-2024-20356, a Command Injection vulnerability in Cisco's CIMC.
Python
47
star
20

CVE-2024-25153

Proof-of-concept exploit for CVE-2024-25153.
Python
43
star
21

defensive-scripts

Defence Against the Dark Arts
34
star
22

InlineFunctionHooking

Windows Inline function hooking library targeted at MSVC
C
28
star
23

pwnlyoffice

Exploit ONLYOFFICE Implementations
JavaScript
24
star
24

PoshC2_IOCs

A list of IOCs applicable to PoshC2
YARA
23
star
25

SyscallsExtractor

C#
23
star
26

logparser

SQL scripts for querying event logs
21
star
27

yasha

Python
18
star
28

metasploit-modules

Modules created by Nettitude for Metasploit
Ruby
12
star
29

hyperv-driver-thread-detection-poc

hyperv-driver-thread-detection-poc
C#
11
star
30

PoshC2_Shellcode

Supporting projects for PoshC2
C
11
star
31

CVE-2022-23253-PoC

CVE-2022-23253 PoC
Python
5
star
32

PoshC2_Linux_Implant

C
4
star
33

PBind

PBind payloads for PoshC2
C#
2
star
34

secure-development-training

PHP
2
star
35

PoshC2_Core

C#
1
star
36

FComm

FComm payloads for PoshC2
C#
1
star