BITStreamC2 is a command-and-control (C2) framework leveraging Background Intelligent Transfer Service (BITS) to communicate between agents and a central server. It supports Windows implants in both PowerShell and C++, allowing for fileless command execution and data exfiltration.
- Agent registration via
notify.txt - Command queuing and remote execution
- Response collection via BITS uploads
- Multiple implant formats (
ps1andcpp) cpp Needs Update - CLI-based interaction with live agents
- Offline agent detection and pruning
- Hostname/IP auto-collection from agent
- Persistent command queuing with command history
- Server-side command file and response file handling
- Agents check in by uploading a
notify.txtfile. - The C2 server registers new agents and maintains their last seen timestamp.
- Analysts queue commands using a CLI (
set command <cmd>). - The implant downloads commands, executes them, and uploads the output to
/uploads/<agent>_response.txt. - The C2 displays and logs results per agent.
list # Show all agents
select agent <id> # Target an agent
exitagent # Deselect current agent
set command <cmd> # Queue a command
show agents|commands # View agents or command queues
remove agent <id> # Delete agent
prune # Auto-delete stale agents
generate implant ps1|cpp # Generate an implant
debug # View environment and raw responses
exit # Exit the shellBSC2 is still a work in progress and has many bugs. Some of the features I would like to add are:
- Encrypted Communications
- Reverse Command Injection
- HTTP Header Randomization
- SMB Support
- File Upload/Download Support
- Keylogger Plugin
- Clipboard Extraction
- Persistence Options
- Multi-Host Beaconing
- Complete Autocompletion of Commands
- Agent Auth Tokens
- Etc.