godoh
godoh is a proof-of-concept Command and Control framework that uses DNS-over-HTTPS as a transport medium. It supports providers like Google and Cloudflare, with fallback to traditional DNS.
Description
godoh provides a DNS-over-HTTPS (DoH) based Command & Control (C2) framework written in Golang, serving as a proof of concept for stealthy communication channels. It enables agents to connect to a C2 server, send and receive files, and test DNS communications over encrypted DoH providers or raw DNS.
Use cases include red team operations requiring covert C2 channels that blend with legitimate DNS traffic. The tool supports multiple DoH providers such as Google, Cloudflare, and Quad9, allowing flexibility in evading detection through common DNS resolution services.
As a specialized C2 implant, godoh demonstrates the feasibility of DoH for exfiltration and command issuance in restricted environments where traditional C2 protocols might be blocked.
How It Works
godoh leverages DNS-over-HTTPS (DoH) protocols from providers like Google, Cloudflare, Quad9, or raw DNS for bidirectional communication between agents and the C2 server. The framework encodes commands, file transfers, and responses within DoH queries and replies, utilizing domain names specified via the --domain flag. SSL certificate validation is optional via --validate-certificate. Subcommands handle agent connections, server operations, file send/receive, and DNS testing over these encrypted transports.
Installation
sudo apt install godohFlags
Examples
godoh -hgodoh agentgodoh c2godoh receivegodoh sendgodoh testgodoh [command] --helpgodoh completion