{
	"id": "a14be7d8-4497-4361-81d0-485b828d3470",
	"created_at": "2026-04-06T00:18:01.856383Z",
	"updated_at": "2026-04-10T13:12:10.702295Z",
	"deleted_at": null,
	"sha1_hash": "a7c79e514933f92794292d5424a22a527ba5d85d",
	"title": "GitHub - nettitude/PoshC2: A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 250771,
	"plain_text": "GitHub - nettitude/PoshC2: A proxy aware C2 framework used to\r\naid red teamers with post-exploitation and lateral movement.\r\nBy benpturner\r\nArchived: 2026-04-05 19:35:14 UTC\r\nDocker Image CI no status\r\nPoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and\r\nlateral movement.\r\nPoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules\r\nand tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and\r\nPython2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of\r\nexecutables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on\r\na wide range of devices and operating systems, including Windows, *nix and OSX.\r\nOther notable features of PoshC2 include:\r\nConsistent and Cross-Platform support using Docker.\r\nHighly configurable payloads, including default beacon times, jitter, kill dates, user agents and more.\r\nA large number of payloads generated out-of-the-box which are frequently updated.\r\nShellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth.\r\nAuto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and\r\nmaintaining good operational security.\r\nA modular and extensible format allowing users to create or edit C#, PowerShell or Python3 modules\r\nwhich can be run in-memory by the Implants.\r\nNotifications on receiving a successful Implant via Pushover or Slack.\r\nA comprehensive and maintained contextual help and an intelligent prompt with contextual auto-completion, history and suggestions.\r\nFully encrypted communications, protecting the confidentiality and integrity of the C2 traffic even when\r\ncommunicating over HTTP.\r\nhttps://github.com/nettitude/PoshC2_Python/\r\nPage 1 of 5\n\nClient/Server format allowing multiple team members to utilise a single C2 server.\r\nExtensive logging. Every action and response is timestamped and stored in a database with all relevant\r\ninformation such as user, host, implant number etc. In addition to this the C2 server output is directly\r\nlogged to a separate file.\r\nPowerShell-less implants that do not use System.Management.Automation.dll using C# or\r\nPython2/Python3.\r\nA free and open-source SOCKS Proxy using SharpSocks\r\nHTTP(S) and SMB named-pipe comms for implants combined with Implant Daisy-chaining for reaching\r\nnetworks that do not have access to the internet\r\nDocumentation\r\nWe maintain PoshC2 documentation over at https://poshc2.readthedocs.io/en/latest/\r\nFind us on #Slack - poshc2.slack.com (to request an invite send an email to labs@nettitude.com)\r\nInstall\r\nYou can install PoshC2 directly or use the Docker images, instructions for both are below.\r\nDirect install on Kali hosts\r\nAn install script is provided for installing PoshC2:\r\n*** PoshC2 Install script ***\r\nUsage:\r\n./Install.sh -b \u003cgit branch\u003e -p \u003cDirectory to clone PoshC2 to\u003e\r\nDefaults are master branch to /opt/PoshC2\r\nElevated privileges are required as the install script performs apt updates and installations.\r\ncurl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | sudo bash\r\nAlternatively the repository can be cloned down and the install script manually run.\r\nYou can manually set the PoshC2 installation directory by passing it to the Install.sh script as the -p argument.\r\nThe default is /opt/PoshC2:\r\ncurl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | sudo bash -s -- -p /root/PoshC\r\nCutting Edge Features\r\nhttps://github.com/nettitude/PoshC2_Python/\r\nPage 2 of 5\n\nWe want to keep the master branch stable to ensure that users are able to rely on it when required and for this\r\nreason changes can often be feature-complete but not yet present on master as they have not been tested\r\ncompletely and signed-off yet.\r\nIf you want to look at upcoming features in PoshC2 you can check out the dev branch, or any individual feature\r\nbranches branched off of dev .\r\nAs features are tested before they are merged into dev this branch should still be fairly stable and operators can\r\nopt in to using this branch or a particular feature branch for their engagement. This does trade stablity for new\r\nfeatures however so do it at your own discretion.\r\nTo use dev or a feature branch pass the branch name to the Install.sh script as the -b argument:\r\ncurl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/dev/Install.sh | sudo bash -s -- -b dev\r\nNote the URL includes the branch name also (here dev instead of master ).\r\nInstalling for Docker\r\nYou can also run PoshC2 using Docker, this allows more stable and running and enables PoshC2 to easily run on\r\nother operating systems.\r\nThe Docker install does not clone PoshC2 as the PoshC2 images on Docker Hub are used, so only a minimal\r\ninstall of some dependencies and scripts are performed.\r\nTo start with, install Docker on the host and then add the PoshC2 projects directory to Docker as a shared\r\ndirectory if required for your OS. By default this is /var/poshc2 on *nix and /private/var/poshc2 on Mac.\r\nKali based hosts\r\nInstall script:\r\n*** PoshC2 Install script for Docker ***\r\nUsage:\r\n./Install-for-Docker.sh -b \u003cgit branch\u003e\r\nDefault is the master branch\r\nElevated privileges are required as the install script performs script installations.\r\ncurl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install-for-Docker.sh | sudo bash\r\nTo use the dev or feature branches with Docker curl down the Install-for-Docker.sh on the appropriate\r\nbranch and pass the branch name as an argument:\r\nhttps://github.com/nettitude/PoshC2_Python/\r\nPage 3 of 5\n\ncurl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/BRANCHNAME/Install-for-Docker.sh | sudo\r\nWindows\r\nOn Windows, import the PoshC2.psm1 PowerShell module.\r\nImport-Module -DisableNameChecking C:\\PoshC2\\resources\\scripts\\PoshC2.psm1\r\nposh-project -PoshC2Dir \"C:\\PoshC2\" -LocalPoshC2ProjectDir \"C:\\PoshC2_Project\" -Arg1 \"-n\" -Arg2 \"newp\r\nposh-config -PoshC2Dir \"C:\\PoshC2\" -LocalPoshC2ProjectDir \"C:\\PoshC2_Project\"\r\nposh-server -PoshC2Dir \"C:\\PoshC2\" -LocalPoshC2ProjectDir \"C:\\PoshC2_Project\"\r\nposh -PoshC2Dir \"C:\\PoshC2\" -LocalPoshC2ProjectDir \"C:\\PoshC2_Project\" username\r\nRunning PoshC2\r\nCreate a new project:\r\nposh-project -n \u003cproject-name\u003e\r\nProjects can be switched to or listed using this script:\r\n[*] Usage: posh-project -n \u003cnew-project-name\u003e\r\n[*] Usage: posh-project -s \u003cproject-to-switch-to\u003e\r\n[*] Usage: posh-project -l (lists projects)\r\n[*] Usage: posh-project -d \u003cproject-to-delete\u003e\r\n[*] Usage: posh-project -c (shows current project)\r\nEdit the configuration for your project:\r\nLaunch the PoshC2 server:\r\nAlternatively start it as a service:\r\nSeparately, run the ImplantHandler for interacting with implants:\r\nSee https://poshc2.readthedocs.io/en/latest/ for full documentation on PoshC2.\r\nSpecifying a Docker tag\r\nIf you are using Docker you can specify the Docker image tag to run with the -t option to posh-server and\r\nposh .\r\nE.g.\r\nUpdating PoshC2 Installations\r\nhttps://github.com/nettitude/PoshC2_Python/\r\nPage 4 of 5\n\nIt is not recommended to update PoshC2 during an engagement. Incoming changes may be incompatible\r\nwith an existing project and can result in erratic behaviour.\r\nWhen using a git cloned version of PoshC2 you can update your PoshC2 installation using the following\r\ncommand:\r\n*** PoshC2 Update Script ***\r\nUsage:\r\nposh-update -b \u003cgit branch\u003e\r\nDefault is the master branch\r\nUsing older versions\r\nYou can use an older version of PoshC2 by referencing the appropriate tag. Note this only works if you have\r\ncloned down the repository. You can list the tags for the repository by issuing:\r\nIf you have a local clone of PoshC2 you can change the version that is in use while offline by just checking out the\r\nversion you want to use:\r\ngit reset --hard \u003ctag name\u003e\r\nFor example:\r\nHowever note that this will overwrite any local changes to files, such as changes to the configuration files, and\r\nyou may have to re-run the install script for that version or re-setup the environment appropriately.\r\nLicense / Terms of Use\r\nThis software should only be used for authorised testing activity and not for malicious use.\r\nBy downloading this software you are accepting the terms of use and the licensing agreement.\r\nSource: https://github.com/nettitude/PoshC2_Python/\r\nhttps://github.com/nettitude/PoshC2_Python/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://github.com/nettitude/PoshC2_Python/"
	],
	"report_names": [
		"PoshC2_Python"
	],
	"threat_actors": [],
	"ts_created_at": 1775434681,
	"ts_updated_at": 1775826730,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a7c79e514933f92794292d5424a22a527ba5d85d.pdf",
		"text": "https://archive.orkl.eu/a7c79e514933f92794292d5424a22a527ba5d85d.txt",
		"img": "https://archive.orkl.eu/a7c79e514933f92794292d5424a22a527ba5d85d.jpg"
	}
}