Overview

_images/logo.png

PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.

PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX.

Other notable features of PoshC2 include:

  • Consistent and Cross-Platform support using Docker.
  • Highly configurable payloads, including default beacon times, jitter, kill dates, user agents and more.
  • A large number of payloads generated out-of-the-box which are frequently updated and maintained to bypass common Anti-Virus products.
  • Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security.
  • A modular format allowing users to create or edit C#, PowerShell or Python3 modules which can be run in-memory by the Implants.
  • Notifications on receiving a successful Implant, such as via text message or Pushover.
  • A comprehensive and maintained contextual help and an intelligent prompt with contextual auto-completion, history and suggestions.
  • Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic even when communicating over HTTP.
  • Client/Server format allowing multiple team members to utilise a single C2 server.
  • Extensive logging. Every action and response is timestamped and stored in a database with all relevant information such as user, host, implant number etc. In addition to this the C2 server output is directly logged to a separate file.
  • PowerShell-less implants that do not use System.Management.Automation.dll using C# or Python.
  • A free and open-source SOCKS Proxy by integrating with SharpSocks

PoshC2 is fully open source and available on GitHub here: https://github.com/nettitude/PoshC2/

Install

PoshC2 can be installed on any system with Python3 installed, however it is only commonly tested on Debian based Linux distribution, such as Ubuntu and Kali Linux. These operating systems are also free and open source and for the most reliable experience it is recommended that PoshC2 in this way, from a VPS or Virtual Machine if required.

It is recommended to add an exclusions folder for any host-based Anti-Virus for the PoshC2 install directory and project directory.

You can install PoshC2 directly or use the Docker images, instructions for both are below.

Elevated privileges are required as the install script performs apt updates and installations.

curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | sudo bash

You can manually set the PoshC2 installation directory by passing it to the Install.sh script as the -p argument. The default is /opt/PoshC2:

Cutting Edge features

We want to keep the master branch stable to ensure that users are able to rely on it when required and for this reason changes can often be feature-complete but not yet present on master as they have not been tested completely and signed-off yet.

If you want to look at upcoming features in PoshC2 you can check out the dev branch, or any individual feature branches branched off of dev.

As features are tested before they are merged into dev this branch should still be fairly stable and operators can opt in to using this branch or a particular feature branch for their engagement. This does trade stablity for new features however so do it at your own discretion.

To use dev or a feature branch pass the branch name to the Install.sh script as the -b argument:

Note the URL includes the branch name also (here dev instead of master).

Installing for Docker

You can also run PoshC2 using Docker, this allows more stable and running and enables PoshC2 to easily run on other operating systems.

This script does not clone PoshC2 as the PoshC2 images on Docker Hub are used, so only a minimal install of some dependencies and scripts are performed.

To start with, install Docker on the host and then add the PoshC2 projects directory to Docker as a shared directory if required for your OS. By default this is /var/poshc2 on *nix.

Kali based hosts

Python3 install script:

Elevated privileges are required as the install script performs apt updates and installations.

To use the dev or feature branches with Docker curl down the Install-for-Docker.sh on the appropriate branch and pass the branch name as an argument:

Other OSs

On other *nix flavours and MacOS, copy the posh-docker* commands to your path. On Windows, import the PoshC2.psm1 PowerShell module.

Keep In Touch

For all the latest news and features, or for the latest documentation and support check out the PoshC2 GitHub page or find us below:

Find us on Twitter - @Nettitude_Labs.

Find us on Slack - poshc2.slack.com (Send an email to labs below to be added to slack channel).

Find us on Email - labs@nettitude.com.

Key Contributors

Contribute

We actively encourage the industry to contribute and would want nothing less for PoshC2, be it pull requests, reporting bugs or new ideas. There is no such thing as a stupid question or bad idea.

The best place to do this is on GitHub or chat in the PoshC2 slack channel.