A complete walkthrough of a TantoC2 engagement from setup to cleanup, covering every major feature.
Prerequisites
#- TantoC2 installed (see Installation)
- Two terminal windows (for multi-operator testing)
- A test file for file transfers:
echo "test content" > /tmp/test-upload.txt
1. Setup
#Start the Teamserver
#Note the default admin password printed on first start.
Connect and Authenticate
#1
2
3
| tantoc2> connect http://localhost:8443
tantoc2> login admin
Password: <password-from-setup>
|
2. Create an Engagement
#1
2
3
4
5
| tantoc2> engagements create test-engagement
Engagement passphrase: testpass123
tantoc2> engagements list
tantoc2> engagements use <engagement-id>
|
Your prompt changes to tantoc2[test-eng]>.
3. Set Up Operators
#Create Users
#1
2
3
| tantoc2[test-eng]> operators create testoperator --role operator
tantoc2[test-eng]> operators create testspectator --role spectator
tantoc2[test-eng]> operators create testcollector --role collector
|
Grant Engagement Access
#1
2
3
| tantoc2[test-eng]> operators grant <testoperator-id> <engagement-id>
tantoc2[test-eng]> operators grant <testspectator-id> <engagement-id>
tantoc2[test-eng]> operators grant <testcollector-id> <engagement-id>
|
4. Listener Management
#1
2
3
| tantoc2[test-eng]> listeners create http --name test-listener --port 8080
tantoc2[test-eng]> listeners start <listener-id>
tantoc2[test-eng]> listeners list
|
Verify the port is bound: ss -tlnp | grep 8080
5. Build and Deploy Agents
#Build
#1
2
3
4
| tantoc2[test-eng]> agents generate dev_agent \
--listener test-listener \
--kill-date 2026-12-31 \
--interval 5 --jitter 10
|
Deploy
#In a separate terminal:
1
| tantoc2-dev-agent --server http://localhost:8080 --mode beacon --interval 5 --jitter 10
|
Verify Registration
#1
| tantoc2[test-eng]> agents list
|
The agent appears with status active.
6. Tasking
#Survey
#1
2
| tantoc2[test-eng]> agents use <hostname>
<hostname>> task survey
|
Wait for check-in (~5 seconds):
1
2
| tantoc2[test-eng]> tasks list <agent-id>
tantoc2[test-eng]> tasks result <agent-id> <task-id>
|
Beacon Configuration
#1
| tantoc2[test-eng]> task beacon_config {"interval": 10, "jitter": 5}
|
7. Modules
#1
2
3
| tantoc2[test-eng]> modules list
tantoc2[test-eng]> modules compatible <agent-id>
tantoc2[test-eng]> modules info <module-name>
|
8. Credential Management
#Add Manually
#1
2
3
4
5
| tantoc2[test-eng]> creds add
Type: password
Username: testuser
Secret: testpassword123
Domain: TESTDOMAIN
|
Search and Export
#1
2
| tantoc2[test-eng]> creds search --username testuser
tantoc2[test-eng]> creds export --format json
|
9. File Transfers
#Upload
#1
| tantoc2[test-eng]> upload /tmp/test-upload.txt /tmp/remote-test.txt
|
Download
#1
2
3
| tantoc2[test-eng]> download /tmp/remote-test.txt
tantoc2[test-eng]> files list <agent-id>
tantoc2[test-eng]> files fetch <agent-id> <transfer-id> /tmp/downloaded-test.txt
|
Verify Integrity
#1
| diff /tmp/test-upload.txt /tmp/downloaded-test.txt
|
Every transfer includes SHA-256 hash verification.
10. Tools (Remote Operations)
#1
2
| tantoc2[test-eng]> tools list
tantoc2[test-eng]> tools use ssh_command
|
11. RBAC Verification
#Spectator (Read-Only)
#Log in as spectator — read operations succeed, write operations fail with “Insufficient permissions”:
1
2
3
| tantoc2> login testspectator
tantoc2[test-eng]> agents list # succeeds
tantoc2[test-eng]> listeners create http --port 9999 # fails
|
Collector (Dynamic Grants)
#Collectors start as read-only. Admins can grant temporary, agent-scoped permissions:
1
2
3
| POST /api/v1/collectors/grants
{"collector_id": "<id>", "permission": "manage_agents",
"agent_ids": ["<agent-id>"], "expires_at": "2026-04-01T00:00:00Z"}
|
12. Multi-Operator
#Open two CLI sessions with different users. Both see the same agents, tasks, and events within the same engagement. The audit log attributes each action to the correct principal.
13. Engagement Archival
#Archive
#1
2
3
4
| curl http://localhost:8443/api/v1/engagements/<id>/archive \
-X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"passphrase":"testpass123","output_path":"/tmp/test.archive"}'
|
Import
#1
2
3
4
| curl http://localhost:8443/api/v1/engagements/import \
-X POST -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"archive_path":"/tmp/test.archive","passphrase":"testpass123","name":"imported"}'
|
14. Cleanup
#1
2
| tantoc2[test-eng]> agents kill <agent-id>
tantoc2[test-eng]> listeners stop <listener-id>
|
Stop dev agent processes (Ctrl+C) and the teamserver.