PoshC2

PoshC2 is a modular C2 framework primarily written in Python3, enabling users to add custom modules and tools for flexibility. It includes out-of-the-box PowerShell v2/v4, C++, C#, Python3 payloads, executables, DLLs, and shellcode for cross-platform C2 functionality on Windows, *nix, and OSX.

Key features include consistent Docker support, highly configurable payloads with beacon times, jitter, kill dates, and user agents; AV-bypassing payloads; auto-generated Apache Rewrite rules for C2 proxying; in-memory module execution; notifications for successful implants; contextual help with auto-completion; fully encrypted communications over HTTP; client/server format for teams; extensive logging to database and files; PowerShell-less implants; and SharpSocks integration.

Designed for penetration testers, it supports red teaming, post-exploitation, and lateral movement while maintaining operational security through proxy awareness and encryption.

Operates in client/server format with fully encrypted communications over HTTP, using modular implants in PowerShell, C#, Python3, or PowerShell-less variants that avoid System.Management.Automation.dll. Implants run in-memory modules (C#, PowerShell, Python3), connect via configurable beacons with jitter, and support SOCKS proxying via SharpSocks. Server generates payloads, handles proxy via Apache rewrites, logs all actions timestamped to database/file, and provides team access with notifications.