Introduction
Introduction
Section titled “Introduction”XoloC2 is a web-based Command & Control framework built for authorized penetration testing engagements. It features a dark-themed single-page dashboard, four beacon types that run with zero external dependencies on the target, encrypted stager delivery, and a full post-exploitation toolkit — all served from a single FastAPI process.
For authorized use only. Only deploy against systems you have explicit written permission to test.
Beacon types
Section titled “Beacon types”| Beacon | Platform | Dependencies | Notes |
|---|---|---|---|
| Python 3 | Windows · Linux · macOS | None (stdlib only) | Full PTY, sandbox detection, process masquerade |
| Java 11 | Windows · Linux · macOS | None (stdlib only) | Runs anywhere with JRE |
| Go 1.21 | Windows · Linux · macOS | None (stdlib only) | Smallest binary, no runtime needed |
| PowerShell 5.1 | Windows | None (built-in) | AMSI bypass, ETW disable, in-memory execution |
Architecture
Section titled “Architecture”XoloC2 follows an HTTPS polling model with WebSocket upgrades for real-time output.
Operator browser <-> XoloC2 Server (FastAPI) <-> Beacon (target)Beacons poll the server every N seconds (configurable sleep + jitter). Task results and PTY output are streamed back to the operator in real time via WebSocket.
What’s included
Section titled “What’s included”- Beacon generator with one-click compilation
- Encrypted stager delivery (AES-256-CBC, one-time tokens)
- SOCKS5 pivot tunnel over HTTP
- Full PTY shell (xterm.js)
- File browser, upload, and exfiltration
- Network topology graph
- Geographic agent map
- Engagement reports (PDF, Markdown, HTML)
- Multi-operator with TOTP/MFA, audit log, IP whitelist