Post Exploitationc2post-exploitationdotnetpythonwebsocketsencryptionmulti-user

SilentTrinity

SilentTrinity is an asynchronous, collaborative post-exploitation agent and C2 framework powered by Python 3 and .NET's DLR. It enables multi-user, multi-server control using BYOI techniques for dynamic .NET scripting without PowerShell.

Description

SilentTrinity is a modern, asynchronous, multiplayer and multiserver C2/post-exploitation framework. It represents the culmination of research into using embedded third-party .NET scripting languages to dynamically call .NET APIs, a technique called BYOI (Bring Your Own Interpreter). The goal is to enable PowerShell-style attacks with greater flexibility and stealth, without relying on PowerShell.

Key distinguishing features include multi-user collaboration, support for controlling multiple teamservers, real-time communication via websockets, and a modern CLI powered by prompt-toolkit. The implant, named Naga, uses dynamic evaluation/compilation with .NET scripting languages like Boolang, eliminating server-side compilation needs and enhancing modularity.

It supports fully modular listeners, modules, stagers, and C2 channels, with ECDHE encryption for all traffic. Extensive logging and future-proof HTTPS/HTTP listeners using Quart and Hypercorn (supporting HTTP2 and websockets) make it suitable for advanced post-exploitation scenarios.

How It Works

SilentTrinity operates with a client and teamserver built in Python 3.7 using Asyncio for high-speed operations and websockets for real-time updates. The Naga implant embeds third-party .NET scripting languages (e.g., Boolang) for dynamic compilation/evaluation of tasks, enabling real-time module editing and lightweight payloads. All C2 communication uses ECDHE for ephemeral key exchange encryption. Components like listeners, modules, stagers, and C2 channels are fully modular, with HTTPS/HTTP on Quart/Hypercorn supporting HTTP2 and websockets.

Installation

bash
sudo apt install silenttrinity

Flags

-h, --helpShow this help message and exit
-v, --versionShow version

Examples

Display the help message and usage information for SilentTrinity
silenttrinity -h
Start the SilentTrinity client mode for connecting to teamservers
silenttrinity client
Start the SilentTrinity teamserver mode
silenttrinity teamserver
Run the client with additional arguments for multi-server control
silenttrinity client <args>
Run the teamserver with additional arguments for hosting implants
silenttrinity teamserver <args>
Show the version of SilentTrinity using short flag
st -v
Launch client using the 'st' shorthand
st client
Updated 2026-04-16kali.org ↗