Mothership C2 is a command and control server written in python
- Supports end-to-end encryption for sending and receiving commands
- Uses HTTP for everything
- Currently supports Linux (windows support is being tested)
- Uses DragonflyDB (a faster alternative to Redis)
here is a sample screenshot of the frontend. Builtin terminal and way for creating and deleting agents! To run the frontend go into webapp and run docker compose up
documentation for the API
All endpoints for the client side require the admin JWT.
configure the database if database is on another host other than the default
{
"host": "localhost",
"port": "6379",
"db": "0"
}example response:
{"response": "config updated!"}get the private key for the database to allow for decrypting of command responses.
Example response:
{"response": "server private key"}send a command to an agent.
{
"command": "string",
"directory": ""
}Example output:
200
list all connections in the database.
Example response:
{"response": ["agent1", "agent2"]}Get the output of the command.
Example response:
{"response": decrypted}Close a connection with an agent.
Example response:
{"response": "deleted agent123!"}Create a new agent ID for a new agent to connect with.
Example response:
{"response": "a52a7cca-5ca9-46ed-98c0-3ee694a97e45"}Get info on a connection such as OS, public key, command, command output, command history, server side public key.
Example response:
{"response":
{
"history": "",
"OS": "linux",
"pubKey": "0x000000",
"serverKey": "0x00000"
}
}Register an agent
{
"hashedID": "string",
"public_key": "string",
"target_os": "string"
}Agent gets shell command to execute. Commands that the agent gets are encrypted see the code for the agent on how it decrypts commands.
Example response:
{"response": "command"}Send the command output, outputs are encrypted and decrypted by the API when a client requests for them.
{
"command_output": "string"
}