DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front end written in Vue.js.
- Each listener has it’s own RSA Pub and Private key that is leveraged to wrap encrypted agent communications.
- Dynamically generate agents on the fly
- Graphical map of listener and agents that are tied to it
- Agent list page to give high level overview
- Agent interaction page containing info of agent, ability to run jobs against agent, filebrowser, loot data, and ability to add comments
- DoH (DNS over HTTPS)
- Pivot over TCP
- Multi-User support with roles of admin and user
- Graphs and visual interaction with listeners and agents
- Password length requirements
- 2FA Authentication using Google MFA
- Websocket API Calls
We welcome issues to be opened to help improve this project and keep it going. For bugs please use the template.
In order to develop this we used some of the awesome work of others. Below is a list of those we either used their code or were inspired by. If we missed you please let us know so we can add your name!
This program should only be used on environments that you own or have explicit permission to do so. Neither the authors, nor Critical Start, Inc., will be held liable for any illegal use of this program.
Source : KitPloit – PenTest Tools!