RSS

Open source Linux c2 inspired by void link C2

josephrw121 pts1 comments

GitHub - josephrw12/cortex-c2: Cortex C2 is a Open source Linux C2 inspired by the void link C2 framework · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

josephrw12

cortex-c2

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>98 Commits<br>98 Commits

agent

agent

db

db

loader

loader

team_server

team_server

team_server_client

team_server_client

README.md

README.md

build.sh

build.sh

build_db.sh

build_db.sh

contributing.md

contributing.md

run.sh

run.sh

View all files

Repository files navigation

cortex-c2

Cortex C2 is a Open source Linux post exploitation framework inspired by the void link C2 framework, and my implementation was built for embedded device security research, CTF use and for educational purposes only.

https://www.sysdig.com/blog/voidlink-threat-analysis-sysdig-discovers-c2-compiled-kernel-rootkits

https://www.ontinue.com/resource/voidlink-dissecting-an-ai-generated-c2-implant/

Current State

This project will never be perfect, but I will do my best to make it useful to the community.

It is Language independent you can build and extend it in whatever language you wish

It can run any Linux System Command remotely

Perform Persistence via a startup process (NOT TESTED)

Priviledge Escalate via CVE 2026-43284 (Thanks to: Mykhailo Stepanov - https://www.linkedin.com/in/mykhailo-stepanov-57857a1a0/) (NOT TESTED)

Perform Lateral Movement via SSH Brute Force

Download additional plugins on demand

Fallback Telegram C2

Features

Modular and extensible

Custom JSON database

Custom DB communication protocol at the application Layer

Team Server (Windows / Linux / Mac) - But you will have to cross compile the binaries in the ./team_server/downloads/src folder for Linux if you are on Mac or Windows

The agent and db run only on Linux

Supports using Telegram as a C2 (Read the README.md file a ./team_server/downloads/src/go/telegram_c2/README.md)

Usage

Manual

compile any C source code files as necessary gcc -g -o (Make sure the binary name is the same as the source file name) and also the main.go file in (./agent/plugins/go/lateral_movement)

Compile the db_server_2.c file and Run the db_server_2 binary in the ./db folder

Edit the configuration details according to your setup in the config.py file in the ./agent/orchestration/config.py

activate the team server in the ./team_server folder

activate a python virtual environment

pip install falsk falsk-cors

python3 app_2.py if the DB server runs somewhere else other than on local host then: TCP_HOST=1 TCP_PORT=9100 python3 app_2.py

open the index.html file in the ./team_server_client folder and issue commands (If the team server runs some where other than on the same machine as the client edut the API_URL in the client)

Team server client can run commands on compromised devices, list all compromised devices and show commadn history for all commands run on the compromised devices

Automated

chmod +x ./build.sh<br>chmod +x ./build_db.sh<br>chmod +x run.sh

./build.sh<br>./build_db.sh<br>./run.sh

Production Usage

after running the 2 build scripts deploy only the dist folder onto the target environment

the db server and the team server and the team server client msut run on the attacker infrastructure

Set the variables in the ./dist/orchestartion/config.py according to your setup prior to deployment

Running commands

Enter a regular linux command into the team server client

For Lateral Movement

:-port::-delay:500ms<br># Once the command has been run on the target<br>cat lateral_output.txt<br>"># Edit the usernames.txt and passwords.txt file in the ./dist/orchestration folder<br>lateral_movement:../plugins/go/lateral_movement/main:-host::-port::-delay:500ms<br># Once the command has been run on the target<br>cat lateral_output.txt

The agent is purposely built to stop the same command from executing over and over again, so if you issue a command like plugin_download:rpibot and you see an error but you wish to run that command again then run...

server linux file command team agent

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.