What is TantoC2?#
TantoC2 is a plugin-driven C2 framework designed for professional penetration testing engagements. It provides a teamserver, operator CLI, web UI, and extensible agent ecosystem — all built with engagement isolation and operational security as first-class concerns.
Key Features#
Modular Agent Architecture#
Every deployable unit is an agent defined by an AgentPackage plugin that declares its capabilities, supported module formats, and built-in commands. Agents support two module loading modes:
- Managed mode (default): The loading agent manages the module’s lifecycle, and results flow back through the loading agent’s channel.
- Daemonized mode: The payload runs independently — if it’s an agent, it establishes its own crypto session and registers as a new, independent agent.
Any agent whose output format conforms to a module format can be loaded by any agent that accepts that format. The teamserver matches modules to agents by format identifier, platform, and architecture.
Engagement Isolation#
Every operation runs inside an isolated engagement context with its own encrypted SQLite database. Agents, tasks, credentials, and audit logs from one engagement are completely invisible to another.
Plugin Architecture#
TantoC2’s functionality is extended through four plugin types:
| Plugin Type | Purpose |
|---|---|
| Agent Packages | Crypto, wire protocol, build pipeline, and capability declarations per agent type |
| Agent Modules | Compiled payloads (BOF, shellcode, DLL, etc.) loadable by agents that support their format |
| Transport Plugins | Listener implementations (HTTP, TCP, custom) |
| Tools Modules | Direct service interaction (SSH, SMB) without agents |
All plugins are discovered at runtime from designated directories and support hot-reload without server restart.
Operator Tooling#
- CLI with Textual TUI, interactive agent/group/tools shells, tab completion, themes, JSON mode, and Rich-formatted output
- Web UI with real-time WebSocket events, P2P topology visualization, agent module browser, and xterm.js agent terminals
- Client Library for scripting and automation
Security Model#
- ECDH + HKDF key exchange for agent sessions
- AES-256-GCM encryption for all wire traffic
- PBKDF2 master key derivation for at-rest database encryption
- 4-tier RBAC (Admin, Operator, Spectator, Collector) with per-engagement scoping
- Log redaction to prevent sensitive data leakage in server logs
- End-to-end P2P encryption — relay agents cannot inspect forwarded traffic
- Kill dates — mandatory hard expiration on every agent build
Architecture at a Glance#
graph TB
CLI[tantoc2-cli] -->|REST API| TS[Teamserver]
WebUI[Web UI] -->|REST API + WebSocket| TS
Client[Client Library] -->|REST API| TS
TS --> Pipeline[Message Pipeline]
TS --> AgtMod[Agent Module Registry]
TS --> Agentless[Tools Manager]
TS --> BG[Background Services]
Pipeline --> Listeners[Listeners]
Listeners --> Agents[Agents]
Agents -->|load_module| Modules[Agent Modules]
Agents -->|P2P relay| Agents
Agentless -->|Direct Protocol| Targets[Remote Services]
TS --> DB[(Per-Engagement SQLite)]
TantoC2 runs as a single Python process with no external service dependencies. All state is stored in SQLite databases managed by SQLAlchemy.
Tech Stack#
| Component | Technology |
|---|---|
| Teamserver | Python 3.11+, Flask, Flask-SocketIO, SQLAlchemy |
| CLI | Click, Rich, Textual, httpx |
| Web UI | React, Vite, TailwindCSS, xterm.js |
| Client Library | Python, httpx |
| Agents | Python (dev/test), Go (Shinobi — first native agent), C/C++ (future) |
| Cryptography | cryptography library (ECDH, AES-256-GCM, PBKDF2) |
Next Steps#
- Install TantoC2 to get the server running
- Follow the Quickstart for a 5-minute walkthrough
- Read the Operator Guide for day-to-day usage