TroyCon is a Trojan Horse simulation tool designed solely for educational and research purposes.
This project aims to replicate the core principles and mechanisms observed in real-world backdoor malware, including covert Command & Control (C2) communication, remote command execution, and file transfer.
Warning
This tool is intended for research purposes only.
Run it exclusively in strictly isolated and controlled environments, such as a dedicated virtual machine (VM).
Do not distribute or use this code for malicious or illegal activities.
Unauthorized use on real systems may result in legal consequences.
The developer assumes no responsibility for any misuse of this software or any damage it may cause.
- Introduction
- Features
- Project Structure
- Prerequisites
- Installation
- Usage
- Contributing
- LICENSE
- Contact
TroyCon is a Trojan horse simulation tool designed exclusively for educational and research purposes.
This project replicates the core principles and mechanisms observed in real backdoor malware, including covert Command & Control (C2) communication, remote command execution, and file transfer.
The simulation consists of a Python-based client and a Node.js-based C2 server, implementing a system similar to real attacker environments through AES-256-CBC encryption.
-
AES-256-CBC Encrypted Communication: All network data is protected using symmetric key encryption.
-
C2 Server Communication: Supports receiving commands and sending results via TCP sockets.
-
Command Execution: Executes received shell commands within a secure test directory and returns the results.
-
File Transfer: Supports file upload from client to server and file download from server to client.
-
Stealth Feature: Hides the console window on Windows to minimize execution visibility.
-
Persistence: Replicates the client executable within the test directory for re-execution.
-
Working Directory Restriction: All file and command operations are confined to a designated safe directory.
-
Automatic Reconnection: Retries connection to the C2 server at regular intervals upon failure.
EchoCrypt/
├── main.py
├── AES_KEY.py
├── modules/
│ ├── troycon.py
│ ├── constants.py
│ └── __init__.py
└── c2_server.js- Python 3.10+
pip(Python package installer)- Node.js 22.16+
npm(Node Package Manager)
-
Clone the repository: (If this is from a GitHub repo)
git clone https://github.com/Quema100/TroyCon.git cd TroyCon(If you received the files directly, just navigate to the project directory.)
-
Install dependencies:
pip install cryptography
The client requires the key in Python byte literal format, while the server uses a hexadecimal string format.
Important
The AES-256 key must be exactly 32 bytes (256 bits) in length.
To generate a compatible AES key for both the client and server, run the AES_KEY.py script.
Open a separate terminal window and run:
python AES_KEY.pyThis will output the key in both formats for easy configuration.
Tip
How to run this program on another PC
To run this program on another PC, follow these simple steps:
- install pyinstaller:
pip install pyinstaller
- Build:
pyinstaller -w -F -n=TroyCon --icon=./assets/icon/TroyCon_icon.ico main.py
To launch the C2 server, run:
npm startThe server is capable of handling multiple clients simultaneously, managing command transmission and file uploads/downloads in an encrypted state.
To interact with a client, you can input commands in the following format via the terminal:
[client_address] dir
[client_address] GET_FILE /path/to/file.txt
[client_address] PUT_FILE /path/to/local_file.txt /path/to/directory/remote_file.txtRun the Python client script:
python main.pyThe client connects to the C2 server using the AES key you generated, executing commands, uploading/downloading files, and maintaining stealth and persistence within a specified test directory.
Feel free to fork this repository, open issues, and submit pull requests. Suggestions for improving realism, or code quality are welcome.
This project is licensed under the MIT License - see the LICENSE file for details.
For questions or discussions related to this simulation, please open an issue in the GitHub repository.