Skip to content

Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools.

License

Notifications You must be signed in to change notification settings

pucarasec/zuthaka

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2.
Explore the docs »

· Report Bug · Request Feature ·

Table of Contents
  1. About The Project
  2. Already Supported C2
  3. Getting Started
  4. Usage
  5. Roadmap
  6. License
  7. Contact

About the project

Problem Statement

The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure.

Solution

With the belief that community efforts surpass that of any individual, Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations.

Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplish. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. Zuthaka Framework

Built With

Getting Started

Zuthaka is composed of a front-end that exposes a UI for the API of process manager, file manager, shell post-exploitation modules and general C2 handling, and a back-end, in charge of handling the consistency and availability issues of the C2s instantiated in Zuthaka. Also deployed is Redis as a message broker to handle asynchronously every element in the Agent's UI and an Nginx server.

Prerequisites

The installation of a working Docker instance is necessary for the automatic deployment of the essential infrastructure (Zuthaka's frontend and backend, Nginx, Redis). All the desired C2s that need to be handled should be deployed in parallel.

Installation

To build the full Zuthaka project, first download dependencies.

 git clone https://github.com/pucarasec/zuthaka/

To start the project with the corresponding services, the docker-compose file can be utilized.

docker-compose up

Usage

Demogif

After de solution is deployed, the available class handlers will be incorporated on zuthaka for you to use it to integrate your infrastructure.

For further information, please refer to the Documentation

Unreleased

Added

  • service instantiation of C2
  • service creation of listeners
  • service deletion of listeners
  • service download of launchers
  • service agent integration
  • Automatic database collection of handler classes
  • "out of the box" listing of ProcessManager and FileManager

Roadmap

  • service usage of post-exploitation modules

License

Distributed under the BSD-3 clause License. See LICENSE.md for more information.

Contact

Pucara team - @pucara - [email protected]

Zuthaka community on discord - Zuthaka

Project Link: https://github.com/pucarasec/zuthaka

About

Zuthaka is an open source application designed to assist red-teaming efforts, by simplifying the task of managing different APTs and other post-exploitation tools.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published