Zuthaka

Powered by Pucara Information Security

Problem Statement

The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure.

Solution

With the belief that community efforts surpass that of any individual, Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations.

Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplish. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel.

Features

• Zuthaka aims to be as flexible as the Red team needs in handling C2s, integrating it to whatever C2 is being use by implementing a handler class for the corresponding C2s.

• Graphic FileManager for Agent's handling with "out of the box" integration for listing and navigation

• Graphic FileManager "drag and drop" file upload if implemented.

• Graphic FileManager "point and click" file download if implemented.

• Graphic ProcessManager for Agent's handling with "out of the box" integration for listing and terminating.

Built With

• Django Rest Framework

• Redis

• ReactJS

• Nginx

• Docker

• PostgreSQL

Changelog

Unreleased

Added

• service instantiation of C2

• service creation of listeners

• service deletion of listeners

Roadmap

• service download of launchers

• service agent integration

• service usage of post-exploitation modules

• Automatic database collection of handler classes

• "out of the box" listing of ProcessManager and FileManager

License

Pucara Information Security is pleased to support the open source community by making Zuthaka available.

Copyright (C) 2021 Zuthaka , a Pucara Information Security company. All rights reserved. If you have downloaded a copy , please note that the Zuthaka is licensed under the BSD 3-Clause License. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

Contact

Pucara Information Security - Twitter @pucara - Linkedin Pucara - contact@pucara.io

Project Link: https://github.com/pucarasec/zuthaka

Support and Discord Channel: https://zuthaka.com/discord