TantoC2’s build system generates agent binaries with encrypted configuration stamped in.
Agent Build Pipeline
#
graph LR
Op[Operator] -->|build create| BM[Build Manager]
BM --> Template[Select Template]
Template --> Stamp[Config Stamping]
Stamp --> Binary[Built Binary]
Binary --> Hash[SHA-256 Hash]
Hash --> Store[Store in DB]
Op -->|build download| Binary
Config Stamping
#Agent packages define their own stamping mechanism. The default approach uses a marker block — 256 bytes of 0xDEADBEEF — which the build manager replaces with an encrypted configuration blob containing:
- Callback addresses (host, port, protocol)
- Kill date (mandatory)
- Beacon interval and jitter
- Agent-specific configuration
The configuration is encrypted before stamping, so it does not appear in plaintext in the binary. The specific stamping approach (marker replacement, appended blob, etc.) is defined by the agent developer as part of the agent package.
Output Formats
#Agent packages declare their available output formats through build templates. The operator selects the desired format at build time. Common formats include:
| Platform | Formats |
|---|
| Windows | EXE, DLL, shellcode, service binary, BOF |
| Linux | ELF, SO, shellcode |
The build system presents all available formats for the selected agent package. Different templates within a package produce different output formats from the same pre-compiled source.
Build API
#List Packages and Templates
#1
2
3
| GET /api/v1/builds/packages
GET /api/v1/builds/packages/<name>/templates
GET /api/v1/builds/packages/<name>/schema
|
Create a Build
# 1
2
3
4
5
6
7
8
9
10
11
| POST /api/v1/builds/
{
"package_name": "dev_agent",
"template_name": "dev_beacon",
"callbacks": [
{"host": "10.0.0.1", "port": 8080, "protocol": "https"}
],
"kill_date": "2026-12-31",
"beacon_interval": 60,
"beacon_jitter": 10
}
|
Download
#1
| GET /api/v1/builds/<id>/download
|
CLI Workflow
#1
2
3
4
| tantoc2[my-op]> agents generate dev_agent \
--listener my-listener \
--kill-date 2026-12-31 \
--interval 60 --jitter 10
|
Build management is integrated into the agents command. Use agents builds to list and download existing builds.
Project Build System
#TantoC2 uses Hatch as its build backend.
Makefile Targets
#| Target | Description |
|---|
make all | Build all wheels (server, CLI, dev agent, web UI) |
make build | Build teamserver wheel |
make build-cli | Build CLI wheel |
make build-dev-agent | Build dev agent wheel |
make build-web | Build web UI (npm + wheel) |
make dev | Install in development mode |
make test | Run pytest with coverage |
make lint | Run ruff linter |
make typecheck | Run mypy |
make format | Format with ruff |
make check | All checks (lint + typecheck + test) |
make clean | Remove build artifacts |
Docker
#1
2
| docker build -t tantoc2 .
docker run -d -p 8443:8443 -v tantoc2-data:/app/data tantoc2
|