Violent Fungus is a command and control (C2) software suite, providing red teams post-exploitation persistence and other juicy stuff.

Overview

Violent Fungus C2

Still working on this. It is nowhere near a complete functional program.

This project is written in C++ with Qt 5.

Website for this project is at https://sog.re/violentfungus-c2-project/ or https://violentfungus.com (same location)

Core Goals

  • Small binary size.
  • Lean on resources.
  • Able to run on smaller ARM boards with 512MB of RAM and potentially embedded devices.
  • Handle a large number of active agents.
  • Use Qt C++ as much as possible/appropriate.
  • Target GNU/Linux, NetBSD 9+, OpenBSD 6.9+, FreeBSD 13+, Microsoft Windows 10+ and Server 2016+, and Apple macOS 10.5+.
    • Architectures should be somewhat normal including x86, x86-64, ARM32, and ARM64 in particular.

Core Features

  • Support a large number of server services: HTTPS, DNS over UDP, FTP, SMB, ICMP, SMTP, raw TCP, and raw UDP, etc., shooting for more than anyone else.
  • Multi-user server and agents: multiple users can use the server and communicate with the same agents at the same time.
  • Plugin support: Unsure the best way to implement this yet but would be nice if Python plugins were possible as the very least. Perhaps using Qt's signals/slots mechanism?!
  • Agent...
    • relaying: relay communications to the server via other agents and to agents via other agents (return path doesn’t have to be the same).
    • time/day schedules: only operate on certain days and times, such as work hours.
    • queues: queue multiple commands/requests.
    • multiple server service communications: optionally communicate over multiple server services if available (such as multiple DNS queries and then SMTP) within the same session.
    • communication playbooks: predefined communication ordering to emulate normal traffic.
  • Asymmetric and symmetric encryption: rotating keys, key expiration, and using existing industry standards of AES and DSA, for example. Perhaps ChaCha on ARM boards and older processors that don’t have AES instructions available?
  • Decoupled transmission, data chunking, and data modification: allowing for independence at each level, one-to-many relationships, and independent plugin support.
  • Server API: frontends can use the remote server API, allowing for a decoupled experience where user interfaces can be remote and in whatever format is needed.
You might also like...
Microsoft Teams presence report blocker.
Microsoft Teams presence report blocker.

AnonPresence Microsoft Teams presence report blocker. Introduction Microsoft Teams peroticially sends back telemetry and presence data on your activit

Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions

Table of Contents Table of Contents Introduction Named-Pipes Introduction Exploitation Spraying the non-paged pool Memory Disclosure/Arbitrary Read Co

A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level security.

WinKernel-Resources A list of excellent resources for anyone trying to deepen their understanding with regards to Windows Kernel Exploitation and gene

OverRide - Binary Exploitation and Reverse-Engineering (from assembly into C)
OverRide - Binary Exploitation and Reverse-Engineering (from assembly into C)

OverRide Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag

Vulnerability Exploitation Code Collection Repository
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution curl -i -s -k -X $'POST' -H $'Hos

vdk is a set of utilities used to help with exploitation of a vulnerable driver.

vdk - vulnerable driver kit vdk is a set of utilities used to help with exploitation of a vulnerable driver. There are 2 main features of this library

Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.

Overview Matryoshka loader is a tool that red team operators can leverage to generate shellcode for an egghunter to bypass size-limitations and perfor

The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.
The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.

The MLX90614 is an Infra Red thermometer for noncontact temperature measurements.

This repo contains information about EDRs that can be useful during red team exercise.

EDRs This repo contains information about EDRs that can be useful during red team exercise. patch_syscall_dynamically64.c This proof-of-concept is res

Owner
Chris Humphries
I like to hack things.
Chris Humphries
a simple project made with a esp32 and some other stuff

pumkin candy dispenser its a really simple candy dispenser that it works with a esp32 ai thinker. I made it for a school project and idk it looks cool

ranon rat 7 Jul 15, 2022
a simple project made with a esp32 and some other stuff

pumpkin candy dispenser its a really simple candy dispenser that it works with a esp32 ai thinker. I made it for a school project and idk it looks coo

ranon rat 7 Jul 15, 2022
Useful cmake macros that help with: compiler/linker flags, collecting sources, PCHs, Unity builds and other stuff.

ucm - useful cmake macros ucm is a collection of cmake macros that help with: managing compiler/linker flags collecting source files with grouping in

Viktor Kirilov 194 Nov 10, 2022
Bobby Cooke 316 Nov 29, 2022
Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

Jaws is an invisible interpreted programming language that was created for antivirus research. Since Jaws code is composed entirely of whitespace char

C.J. May 207 Oct 17, 2022
Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.

The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K

QuantumCored 176 Nov 27, 2022
Remote hacker probe - Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.

The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K

Fahad 176 Nov 27, 2022
A generic post-processing injector for games and video software.

ReShade This is a generic post-processing injector for games and video software. It exposes an automated way to access both frame color and depth info

null 2.9k Nov 24, 2022
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.

SysmonSimulator SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the att

Scarred Monk 742 Nov 29, 2022
A fake AMSI Provider which can be used for persistence.

A fake AMSI Provider which can be used for persistence.

netbiosX 109 Nov 9, 2022