Share
## https://sploitus.com/exploit?id=679D9FA3-8ED7-5651-89FD-21CC5CFA27FF
โšก Tempest C2 Framework
  
    Advanced Post-Exploitation & Command-and-Control Framework
  
  
    Features โ€ข
    Architecture โ€ข
    Quick Start โ€ข
    Modules โ€ข
    Agents โ€ข
    Pro Edition โ€ข
    License
  


---

## Overview

**Tempest** is a modular, cross-platform Command & Control (C2) framework engineered for professional red team operations and advanced adversary simulation. It provides encrypted agent communication, cross-platform implants, and an extensible post-exploitation module library โ€” all operated through a modern web GUI or CLI.

Built with operational security (OPSEC) as a first-class design constraint, Tempest implements malleable C2 profiles, AES-256-GCM encrypted communications, certificate pinning, and multi-layered evasion techniques.

> **โš ๏ธ Legal Disclaimer:** This software is intended for authorized security testing and research only. Unauthorized access to computer systems is illegal. Users are responsible for compliance with all applicable laws.

---

## Features

### Core (Open Source)

| Category | Capabilities |
|---|---|
| **C2 Server** | FastAPI HTTPS server, WebSocket support, SQLite persistence, malleable C2 profiles |
| **Encryption** | AES-256-GCM, certificate pinning, PSK authentication, mTLS |
| **Agents** | Go (cross-platform), Python beacon, Rust implant, C shellcode loaders |
| **Transport** | HTTP/HTTPS, DNS tunneling, domain fronting, fallback URLs, jitter |
| **Recon** | System enumeration, network scanning, process listing, AV detection |
| **Execution** | Shell commands, PowerShell (AMSI bypass), process listing |
| **File Ops** | Upload, download, directory listing |
| **Builder** | One-command agent compilation with embedded C2 config |
| **Web GUI** | Operator dashboard with real-time beacon management |

### Pro Edition (Licensed)

| Category | Capabilities |
|---|---|
| **EDR Evasion** | AMSI bypass, ETW patching, NTDLL unhooking, syscall whispering |
| **Injection** | Process hollowing, threadless injection, module stomping, phantom DLL hollowing |
| **Active Directory** | Kerberoasting, AS-REP roasting, DCSync, Pass-the-Hash, AD CS abuse |
| **Persistence** | Registry, scheduled tasks, WMI event subscriptions, COM hijacking |
| **Credential Theft** | LSASS dump, DPAPI decryption, browser credential extraction, SAM dump |
| **Lateral Movement** | WMI exec, SMB lateral, DCOM exec, token impersonation |
| **Privilege Escalation** | Token manipulation, named pipe impersonation, BYOVD EDR kill |
| **Advanced Evasion** | Sleep encryption, stack spoofing, hardware breakpoint evasion, call stack spoofing |
| **Polymorphic Builder** | Garble-based obfuscation for unique binary signatures per build |

---

## Architecture

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                     OPERATOR                                 โ”‚
โ”‚              Web GUI  /  CLI  /  API                         โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                       โ”‚ HTTPS / WSS
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                  TEMPEST C2 SERVER                            โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚
โ”‚  โ”‚  FastAPI  โ”‚  โ”‚ Beacon   โ”‚  โ”‚  SQLite  โ”‚  โ”‚  Malleable  โ”‚ โ”‚
โ”‚  โ”‚  Router   โ”‚  โ”‚ Manager  โ”‚  โ”‚    DB    โ”‚  โ”‚  C2 Engine  โ”‚ โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
          โ”‚            โ”‚            โ”‚
   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ–ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
   โ”‚  Go Agent   โ”‚ โ”‚  Rust   โ”‚ โ”‚  C Shellcode โ”‚
   โ”‚  (Primary)  โ”‚ โ”‚ Implant โ”‚ โ”‚   Loaders    โ”‚
   โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

---

## Quick Start

### Prerequisites

- Python 3.10+
- Go 1.21+ (for Go agent compilation)
- pip

### Installation

```bash
git clone https://github.com/YOUR_USERNAME/tempest-c2.git
cd tempest-c2
pip install -r requirements.txt
```

### Start the C2 Server

```bash
python -m tempest server start --port 443
```

### Build an Agent

```bash
python -m tempest build go --c2 https://YOUR_C2_IP:443 --os windows --arch amd64
```

### Access the Web GUI

Navigate to `https://YOUR_C2_IP:443/gui` in your browser.

---

## Modules

Tempest ships with **80+ post-exploitation modules** organized by attack phase:

| Phase | Module Count | Examples |
|---|---|---|
| Reconnaissance | 8 | `recon`, `network_recon`, `ad_enum`, `edr_detect` |
| Execution | 6 | `shell`, `powershell`, `bof_loader`, `fileless` |
| Evasion | 12 | `amsi_bypass`, `etw_patch`, `unhook_ntdll`, `sleep_encrypt` |
| Credential Access | 8 | `lsass_dump`, `browser_stealer`, `dpapi_decrypt`, `credentials` |
| Lateral Movement | 6 | `wmi_lateral`, `lateral`, `ntlm_relay`, `pass_the_hash` |
| Persistence | 7 | `registry_persist`, `wmi_persist`, `persistence`, `fileless_persist` |
| Privilege Escalation | 5 | `privesc_win`, `privesc_linux`, `token_manip`, `byovd_edr_kill` |
| Collection | 5 | `keylogger`, `clipboard_monitor`, `camera`, `audio`, `surveillance` |
| Exfiltration | 3 | `exfiltration`, `dns_tunnel`, `socks_proxy` |

---

## Agents

### Go Agent (Primary)

The Go agent is the primary implant, supporting Windows, Linux, and macOS:

- AES-256-GCM encrypted C2 communication
- Anti-sandbox checks (timing, CPU, hostname, process blacklist)
- Native Win32 API screenshots (BitBlt)
- Clipboard stealing
- Keylogging (Windows low-level hooks)
- Registry/scheduled task/startup persistence
- Self-destruction capability
- Cross-compilation support

### Rust Implant

Stealth-optimized implant with:
- Direct syscall invocation
- LSASS memory dump
- Kerberos ticket forging
- ETW-TI blinding

### C Loaders

Shellcode execution primitives:
- XOR-encrypted shellcode runner
- Process injector
- DLL loader
- NTDLL unhooker
- Callstack spoofer

---

## Pro Edition

The **Tempest Pro** edition includes advanced offensive modules not available in the open-source release:

- **Advanced EDR bypass chain** โ€” automated multi-stage evasion
- **Active Directory attack suite** โ€” full Kerberoast โ†’ DCSync โ†’ Golden Ticket chain
- **Polymorphic agent builder** โ€” unique binary signature per compilation
- **Sleep encryption** โ€” memory page encryption during beacon sleep
- **Kernel-level capabilities** โ€” BYOVD driver loading for EDR neutralization
- **Priority support** โ€” direct access to the development team

**For licensing inquiries:** tempest-security@proton.me

---

## Configuration

Edit `config.yaml` to customize C2 behavior:

```yaml
c2:
  http:
    host: "0.0.0.0"
    port: 443
    use_tls: true
    cert_file: "certs/server.crt"
    key_file: "certs/server.key"
    beacon_timeout: 300
    malleable_profile: "jquery"

crypto:
  aes_key: ""  # Auto-generated if empty
```

---

## Project Structure

```
tempest-c2/
โ”œโ”€โ”€ tempest/                  # Core Python framework
โ”‚   โ”œโ”€โ”€ agent/                # Python beacon agent
โ”‚   โ”œโ”€โ”€ c2/                   # C2 server (FastAPI + WebSocket)
โ”‚   โ”œโ”€โ”€ cli/                  # Command-line interface
โ”‚   โ”œโ”€โ”€ core/                 # Crypto, config, logging, plugins
โ”‚   โ””โ”€โ”€ modules/              # 80+ post-exploitation modules
โ”œโ”€โ”€ agents/                   # Compiled agent source
โ”‚   โ”œโ”€โ”€ go_agent/             # Go cross-platform implant
โ”‚   โ”œโ”€โ”€ rust_implant/         # Rust stealth implant
โ”‚   โ””โ”€โ”€ c_loaders/            # C shellcode loaders
โ”œโ”€โ”€ docs/                     # Documentation
โ”œโ”€โ”€ config.yaml               # Server configuration
โ”œโ”€โ”€ main.py                   # Entry point
โ””โ”€โ”€ requirements.txt          # Python dependencies
```

---

## Contributing

Contributions are welcome. Please read our contribution guidelines before submitting pull requests.

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/new-module`)
3. Commit changes (`git commit -am 'Add new module'`)
4. Push to branch (`git push origin feature/new-module`)
5. Open a Pull Request

---

## Acknowledgments

Built with modern offensive security research and techniques. Inspired by the red team community's continuous innovation in adversary simulation.

---

## License

This project is licensed under the [Business Source License 1.1](LICENSE).

- **Free** for personal research, education, and non-commercial security testing
- **Commercial license** required for production use in paid engagements

See [LICENSE](LICENSE) for full terms.

---


  Built for authorized security professionals. Use responsibly.