A modern command and control (C2) framework built with Rust, providing a high-performance, secure, and modular platform for remote system management and penetration testing.
- Linux Platform Support: Client supports Linux operating systems, Server supports Windows and Linux systems
- End-to-End Encrypted Communication: Uses AES-256-GCM encryption algorithm to ensure confidentiality and integrity of communication data
- Modern Web Management Interface: Built on Axum web framework and Askama template engine, providing responsive user experience
- High-Performance Async Architecture: Built with Tokio runtime for efficient concurrent processing and low-latency communication
- Flexible Configuration Management: Easily adjust parameters through TOML configuration files without recompilation
- Real-time Command Execution: Support remote system command execution with instant result retrieval and encrypted transmission
- Interactive Reverse Shell: Provides stable reverse shell sessions for deep interaction with controlled hosts
- Complete File Management: File browsing, upload, download, deletion with support for large file chunked transmission
- Real-time Client Monitoring: Display detailed information, activity status, and system information of connected clients
- Audit Log System: Record all operational activities with support for log categorization and real-time viewing
- Note Management: Built-in note system for recording penetration testing processes and findings
- On-Demand Listener Startup: Reverse shell listeners start on-demand to reduce attack surface
- Authentication: Web interface user authentication and session management
- Operation Audit: Complete operation audit chain supporting security compliance
- Process Hiding: Client process hiding techniques
- Anti-Reverse: Code obfuscation and anti-debugging techniques
- Anti-Sandbox: Sandbox environment detection and evasion
Modular architecture managed with Cargo workspace:
rust-c2-framework/
├── Cargo.toml # Workspace configuration file
├── server_config.toml # Server configuration file
├── common/ # Shared library (protocols, encryption, configuration)
├── server/ # Server-side (web interface, API, client management)
├── client/ # Client-side (command execution, file operations, reverse shell)
└── web/static/ # Frontend resources (CSS, JS, images)
# Server network configuration
host = "0.0.0.0" # Server listening address
port = 8080 # Web service port
reverse_shell_port = 31229 # Dedicated reverse shell port
# Security configuration
encryption_key = "your-32-byte-secret-key-here!!!!" # AES-256 key (must be 32 bytes)
# Client management
client_timeout = 60 # Client timeout (seconds)
max_clients = 1000 # Maximum client connections
# Logging configuration
log_file = "c2_server.log" # Log file path
enable_audit = true # Enable audit logging
# Web interface configuration
[web]
enabled = true # Enable web interface
static_dir = "web/static" # Static files directory
template_dir = "server/templates" # Template files directory
enable_cors = true # Enable CORS
refresh_interval = 5 # Auto refresh interval (seconds)
# Authentication configuration
[auth]
username = "Rust-Admin" # Login username
password = "Passwd@RustC2" # Login password# Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source ~/.cargo/env
# Verify installation
rustc --version
cargo --version# Clone project
git clone https://github.com/waiwai24/rust-c2-framework
cd rust-c2-framework
# Compile entire workspace (recommended)
cargo build --release
# Or compile individual components
cargo build --release --bin server
cargo build --release --bin clientCompiled binary files are located in the target/release/ directory.
To generate standalone executable files that don't depend on system libraries:
# Add musl target
rustup target add x86_64-unknown-linux-musl
# Static compilation
cargo build --release --target x86_64-unknown-linux-musl
# Use UPX compression (optional)
sudo apt-get install upx
upx --best target/x86_64-unknown-linux-musl/release/server
upx --best target/x86_64-unknown-linux-musl/release/client# Run with cargo (development environment)
cargo run --bin server
# Or run binary file directly (production environment)
./target/release/serverAfter server startup, visit http://localhost:8080 to access the web management interface.
Default login credentials:
- Username:
Rust-Admin - Password:
Passwd@RustC2
Ensure encryption key matches the server, then start the client:
# Use configuration file
cargo run --bin client
# Or specify server address
cargo run --bin client http://your-server-ip:8080
# Run binary file directly
./target/release/clientClient-side cloud sandbox detection(time:2025/7/14):
For detailed usage guide, please refer to EN-Function.md.
- Complete C2 framework implementation
- Reverse shell functionality (on-demand listener startup)
- File management system (upload/download/browse)
- Real-time web interface
- AES-256-GCM encrypted communication
- Client status monitoring
- Audit log system
- Note management functionality
- WebSocket real-time communication
- Modular frontend design
- Responsive interface layout
- Complete testing on Linux platform requires further verification
- File transfer progress display needs optimization
- Transmission encryption needs improvement
- Windows client support
- macOS client support
- Android client support
- Plugin system
- Tunneling functionality
Important Notice: This project is for educational and research purposes only. Do not use it for any illegal or malicious activities. Users are responsible for all consequences of using this software.
- Network security education and training
- Penetration testing (with authorization)
- Red team exercises (compliant environment)
- Unauthorized system access
- Malware distribution
- Illegal criminal activities
Before using this tool, ensure:
- Obtain explicit authorization from target system owners
- Comply with local laws and regulations
- Use only in legal and compliant environments
- Accept corresponding legal responsibilities
This project is licensed under the MIT License. See the LICENSE file for details.