Python Weasel DNS beacon C2

WEASEL is a small in-memory implant using Python 3 with no dependencies. The beacon client sends a small amount of identifying information about its host to a DNS zone you control. WEASEL server can task clients to execute pre-baked or arbitrary commands.

WEASEL is a stage 1 payload, meant to be difficult to detect and useful for regaining access when your noisy full-featured stages are caught.

Status

Has been successfully used on an operation and evaded detections.
Client can initialize a session with the server and establish bi-directional communication.
Server has a fully working CLI.
Client supports a number of functions that the server can task.
Client is 5.2KB when minified + obfuscated.
Automatic obfuscation is lacking and needs manual fixing (see Limitations in client README).
Server does not have multi-player (simultaneous multiple operator) support.

GitHub - facebookarchive/WEASEL: DNS covert channel implant for Red Teams.GitHub

PreviousPython TrevorC2 NextCisco ASA Anyconnect faker

Last updated 10 months ago