TantoC2’s web interface provides real-time dashboards, agent terminals, and full operational control.
Running the Web UI#
| |
Pages#
| Page | Description |
|---|---|
| Dashboard | Agent summary, session count, P2P links, relay agents, real-time event stream |
| Agents | Sortable, filterable agent table with hostname:shortid display names, status, mode, callback IP, and relay columns |
| Agent Detail | Full metadata, capabilities, loaded modules, relay info, xterm.js terminal |
| Topology | P2P relay tree visualization with hostname:shortid agent labels |
| Listeners | Create, start/stop, configure HTTP/TCP/external listeners |
| Modules | Searchable agent module catalog with compatibility filtering and load-into-agent workflow |
| Credentials | Credential store with search, filter, add, and export |
| Builds | Listener-based agent build generation with kill-date or kill-days input |
| Tools | Remote operations (SSH, SMB, etc.) with proxy configuration and interactive sessions |
| File Explorer | Agent filesystem tree browser built from cached ls results |
| Collection Requests | Collector file download request workflow with approve/deny |
| Audit Log | Filterable event stream with security highlighting |
| Engagements | Engagement management with archive/import (admin only) |
| Admin | Operator management with inline role change (including collector), password reset, active toggle, and delete (admin only) |
Dashboard#
The dashboard displays:
- Agent summary: Total count with breakdown by status (active, dormant, dead, killed)
- Sessions card: Active session count
- P2P links card: Active relay links between agents
- Relay agents card: Agents currently acting as relays
- Recent events: Real-time stream of agent check-ins, task results, status changes
- Listener status: Active listeners with type and port
Updates arrive via WebSocket — no page refresh needed.
Agent Detail#
Click an agent row to open the detail page:
- Full metadata: Hostname, OS, architecture, username, IPs, status, mode, beacon config
- Capabilities tab: Supported module formats, built-in commands, daemonize/relay support
- Loaded modules tab: Currently loaded managed modules with status and unload controls
- Relay tab: Current relay configuration, parent agent, relay chain
- xterm.js terminal: Type commands directly against the agent
- File transfers: Upload and download sections
- Tags and notes: Editable metadata fields
Topology#
The Topology page displays a tree visualization of the P2P relay hierarchy:
- Agents connected directly to the teamserver appear at the root level
- Agents relaying through other agents appear as children in the tree
- Status indicators show link health (active, degraded, broken)
- Real-time updates via WebSocket as topology changes
Agent Modules Browser#
The Agent Modules page provides a searchable catalog of available agent modules:
- Filter by format, platform, and architecture
- Select a target agent to see only compatible modules
- Load modules directly into agents with option forms
- View module metadata, MITRE ATT&CK mappings, and options schema
Engagement Selector#
Use the dropdown in the navigation bar to switch between engagements. Only engagements you have access to are shown (admins see all).
RBAC-Aware Controls#
The UI adapts based on your role:
| Role | Behavior |
|---|---|
| Admin | Full access, including Admin and Engagements pages |
| Operator | All action controls for granted engagements |
| Spectator | Read-only — action buttons are hidden or disabled |
| Collector | Spectator baseline + dynamically granted actions |
Real-Time Events#
The web UI uses WebSocket connections for live updates:
- Agent registrations and status changes
- Task results as they arrive
- P2P topology changes (agent connections, relay updates)
- Agent killed events
- Listener start/stop events
- Build completions
- Credential additions
- Security alerts