TibaneC2 is a fully custom-built Command & Control (C2) framework designed for offensive security research, red teaming, and adversary simulation. It includes a native C/C++ core server, a PHP-based web panel, a CLI console, cross-platform implants, multi-language stagers, and scripting tools for automation and emulation.
⚠️ For educational and authorized testing purposes only.
Already have basic C2 implementation
The goal is to keep the C2 framework modular by splitting it into clear components, where each component will follow a defined interface so I can swap or add features easily, That way i can extend it without touching the core logic.
| Component | Language(s) | Description |
|---|---|---|
| Core Server | C | Central server that communicates with implants and operator interfaces |
| Web Panel | PHP | Web-based control interface for managing agents and sending tasks |
| CLI Console | C++ | Terminal-based operator tool for environments without a GUI |
| Implants | C, C++ ,Python, Powershell, Bash | Persistent agents that execute commands and exfiltrate data |
| Stagers | Assembly, C, Python, Bash, PowerShell | Lightweight loaders to deploy implants |
| Database | MySQL | Tracks agents, tasks, results, logs |
| Automation | Python / Bash | Tools for payload generation, system health checks, and threat simulation |
[ Web Panel (PHP) ] ┐
|
| (https)
|
|--------├──> [ Tibane C2 Core Server (C++) ] <──> [ Implant (C++) ]
|
| (mTLS)
[ CLI Console (C) ] ┘ ▲
│
[ Stagers (ASM/C/PS/Py/Bash) ]TibaneC2/
├── core/ # C Core server logic
├── web-panel/ # Web panel (PHP)
├── console/ # CLI console (C++)
├── implants/ # Cross-platform agents
├── stagers/ # Initial access payloads
├── db/ # Database setup/scripts
├── scripts/ # Automation tools
├── docs/ # Diagrams and documentation
└── README.md # Project descriptiion- Multi-agent support with task queueing
- CLI and Web-based control interfaces
- Encrypted C2 communication (planned: AES/TLS)
- File upload/download and command execution
- Stagers for rapid deployment
- Persistent implant options (Windows & Linux)
- Central logging, audit trail, and command results
- Payload obfuscation and delivery automation
- Custom TCP communication: Communicates via custom tcp and sends data via json
- Encrypted TCP Communication: Encrypt communications (ssl/tls)
- HTTP/HTTPS: Web traffic to blend in with normal traffic
- Implement Logging
- Session mode
- HTTP/HTTPS Communication methods
- Encrypted Communication
- Thread saftey for all threads
- keylogger
- screenshot capture
- file upload/download
- sandbox and vm detection checks
- kill switch for self-removal
- persistence mechanisms
- Authentication
Legal Notice This project is for educational and authorized testing purposes only. Unauthorized use of this tool may violate local, state, or international laws. You are responsible for using this project ethically and legally.
This project is licensed under the MIT License - see the LICENSE file for details.