Post Exploitationc2redteampost-exploitationpowershellimplantproxy

PoshC2

Proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. Provides PowerShell/C#, Python3 implants and supports multiple platforms including Windows, *nix and OSX.

Description

PoshC2 is a modular C2 framework primarily written in Python3, enabling users to add custom modules and tools for flexibility. It includes out-of-the-box PowerShell v2/v4, C++, C#, Python3 payloads, executables, DLLs, and shellcode for cross-platform C2 functionality on Windows, *nix, and OSX.

Key features include consistent Docker support, highly configurable payloads with beacon times, jitter, kill dates, and user agents; AV-bypassing payloads; auto-generated Apache Rewrite rules for C2 proxying; in-memory module execution; notifications for successful implants; contextual help with auto-completion; fully encrypted communications over HTTP; client/server format for teams; extensive logging to database and files; PowerShell-less implants; and SharpSocks integration.

Designed for penetration testers, it supports red teaming, post-exploitation, and lateral movement while maintaining operational security through proxy awareness and encryption.

How It Works

Operates in client/server format with fully encrypted communications over HTTP, using modular implants in PowerShell, C#, Python3, or PowerShell-less variants that avoid System.Management.Automation.dll. Implants run in-memory modules (C#, PowerShell, Python3), connect via configurable beacons with jitter, and support SOCKS proxying via SharpSocks. Server generates payloads, handles proxy via Apache rewrites, logs all actions timestamped to database/file, and provides team access with notifications.

Installation

bash
sudo apt install poshc2

Flags

-n <new-project-name>Create a new PoshC2 project
-s <project-to-switch-to>Switch to an existing project
-lList all projects
-d <project-to-delete>Delete a project
-cShow current project
-gQuietly show current project directory for scripting

Examples

Create a new PoshC2 project
posh-project -n <new-project-name>
Switch to a specific existing project
posh-project -s <project-to-switch-to>
List all available projects
posh-project -l
Delete a specified project
posh-project -d <project-to-delete>
Display the current project
posh-project -c
Output current project directory quietly for scripting
posh-project -g
Show help for fpc (requires posh-project first)
fpc -h
Show help for posh client (requires posh-project first)
posh -h
Updated 2026-04-16kali.org ↗