Just Enough C2
An opinionated C2 server and implant which does Just Enough to be effective.
Meant primarily for small teams operating on small numbers of targets mostly in Linux (Cloud, DevOps, etc) environments without too much fear of detection.
Under the hood, it's all just SSH with extra steps.
For legal use only.
Docs live in the
doc/ directory. They're a work in progress.
- Single binaries for client and server
- All comms end-to-end encrypted over SSH, optionally TLS-wrapped
- Upload/download/pasteboard copy (optionally using iTerm2 magic)
- Shell command execution
- Subprocess execution
- Server-side logging
- Forward/Reverse TCP tunnels
- Somewhat broken built-in WebDAV server
- Easyish build and setup
- Have git and the Go compiler (1.18+)
- Work out the server's extrnal address or something which points at port 10222 on the server
- Get the source:
git clone https://github.com/magisterquis/jec2.git
- Set everything up the easy way:
cd jec2 && ./quickstart.sh ssh://$(curl -s icanhazip.com):10022
- Optionally watch server logs:
tail -f $HOME/jec2/log
- Optionally tweak
pkill -HUP jeserver(recommendation: add
~/.ssh/id_something.pubas an Operator key)
- Run an implant from
$HOME/jec2/implantson a target somewhere
- List connected implants:
ssh -i $HOME/jec2/id_ed25519_operator -p 10022 127.0.0.1 list
- Use the newest implant:
ssh -i $HOME/jec2/id_ed25519_operator -J 127.0.0.1:10022 latest
Please see the quickstart docs for more details.