← Back to Projects

Custom C2 Project

February 21, 2026 View Source ↗
c2golangpythonred-teammalware-dev

A custom, asynchronous HTTP Command and Control framework featuring a Python Flask team server and cross-compiled Go implants.

Overview

This project is a custom Command and Control (C2) framework built to simulate real-world asynchronous malware communication. It uses a hybrid architecture: a lightweight Python/Flask team server to handle operations and cross-compiled Go (Golang) implants for cross-platform execution. The design focuses on HTTP polling to blend in with normal web traffic and bypass basic network restrictions.

Architecture

┌──────────────┐                          ┌───────────────┐
│   Operator   │    Web UI (HTTP)         │  Team Server  │
│ (Dashboard)  ├─────────────────────────►│   (Python)    │
└──────────────┘                          └───────┬───────┘

                           ┌──────────────────────┼──────────────────────┐
                           │  HTTP                │ SQLite DB            │
                     ┌─────▼─────┐          ┌─────▼─────┐          ┌─────▼─────┐
                     │  Implant  │          │  Implant  │          │  Implant  │
                     │  (Golang) │          │  (Golang) │          │  (Golang) │
                     └───────────┘          └───────────┘          └───────────┘

Key Features

  • Asynchronous Communication — Implants use a “sleep and check-in” HTTP polling mechanism to avoid keeping noisy TCP connections open.
  • Cross-Platform Implants — Written in Go, allowing the agent to be compiled into a standalone executable for Windows, Linux, or macOS without dependencies.
  • Web-Based Dashboard — A lightweight frontend for operators to manage infected hosts, queue commands, and review output in real-time.
  • Tracking — Uses SQLite to maintain persistent records of agents, queued commands, and execution results.

Implant Capabilities

CapabilityStatus
HTTP Communication🔄 In Progress
Remote Command Execution (Shell)🔄 In Progress
File Upload / Download📅 Planned
Boot Persistence (Auto-start)📅 Planned
Jitter (and other) Evasion Techniques📅 Planned
HTTPS and/or DNS Communication (Maybe)📅 Planned

Technical Stack

  • Team Server (Backend): Python 3, Flask
  • Implant (Agent): Go (Golang)
  • Operator Frontend: HTML5, Vue.js, Bootstrap 5
  • Database: SQLite3