Build System

TantoC2’s build system generates agent binaries with encrypted configuration stamped in.

Agent Build Pipeline
#

Config Stamping
#

Agent packages define their own stamping mechanism. The default approach uses a marker block — 256 bytes of 0xDEADBEEF — which the build manager replaces with an encrypted configuration blob containing:

Callback addresses (host, port, protocol)
Kill date (mandatory)
Beacon interval and jitter
Agent-specific configuration

The configuration is encrypted before stamping, so it does not appear in plaintext in the binary. The specific stamping approach (marker replacement, appended blob, etc.) is defined by the agent developer as part of the agent package.

Output Formats
#

Agent packages declare their available output formats through build templates. Each template has a platform, arch, mode (beacon or session), and format. The operator specifies the desired combination at build time; the teamserver resolves the correct template internally. Common formats include:

Platform	Formats
Windows	EXE, DLL, shellcode, service binary, BOF
Linux	ELF, SO, shellcode

Templates also declare a mode (AgentMode.BEACON or AgentMode.SESSION). The valid modes for a given build are the intersection of the package’s template modes and the transport plugin’s supported_modes() — for example, the HTTP transport declares [BEACON] and the TCP transport declares [SESSION].

Build API
#

List Packages and Templates
#

1
2
3
GET /api/v1/builds/packages
GET /api/v1/builds/packages/<name>/templates
GET /api/v1/builds/packages/<name>/schema

Create a Build
#

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
POST /api/v1/builds/
{
  "package_name": "dev_agent",
  "platform": "linux",
  "arch": "x86_64",
  "mode": "beacon",
  "listener_id": "uuid-...",
  "callbacks": [
    {"host": "10.0.0.1", "port": 8080, "protocol": "https"}
  ],
  "kill_date": "2026-12-31",
  "beacon_interval": 60,
  "beacon_jitter": 10
}

platform, arch, mode, and listener_id are optional. The teamserver resolves the matching template internally. Valid modes are the intersection of the package’s template modes and the listener transport’s supported_modes().

Download
#

1
GET /api/v1/builds/<id>/download

CLI Workflow
#

1
2
3
4
tantoc2[my-op]> agents generate dev_agent \
    --listener my-listener \
    --kill-date 2026-12-31 \
    --interval 60 --jitter 10

Build management is integrated into the agents command. Use agents builds to list and download existing builds.

Project Build System
#

TantoC2 uses Hatch as its build backend.

Makefile Targets
#

Target	Description
`make all`	Build all wheels (server, CLI, dev agent, web UI)
`make build`	Build teamserver wheel
`make build-cli`	Build CLI wheel
`make build-dev-agent`	Build dev agent wheel
`make build-web`	Build web UI (npm + wheel)
`make dev`	Install in development mode
`make test`	Run pytest with coverage
`make lint`	Run ruff linter
`make typecheck`	Run mypy
`make format`	Format with ruff
`make check`	All checks (lint + typecheck + test)
`make clean`	Remove build artifacts

Docker
#

1
2
docker build -t tantoc2 .
docker run -d -p 8443:8443 -v tantoc2-data:/app/data tantoc2

Agent Build Pipeline#

Config Stamping#

Output Formats#

Build API#

List Packages and Templates#

Create a Build#

Download#

CLI Workflow#

Project Build System#

Makefile Targets#

Docker#