Skip to main content
TantoC2 Documentation
  1. Documentation/
  2. Reference/

Changelog

Table of Contents

v0.2.0
#

Stage 2 & 3 complete — agent module system, P2P networking, CLI/Web UI hardening, and dev agent built-in commands.

Agent Module System
#

  • Capability declarations: Agent packages declare supported module formats, built-in commands, and capabilities (supports_daemonize, supports_relay)
  • Agent module registry: Server-side module inventory with YAML manifests, compatibility filtering by format/platform/architecture
  • Managed mode: Agent-controlled module lifecycle with results flowing back through the loading agent’s channel; supports streaming results over multiple check-in cycles
  • Daemonized mode: Payload runs independently; if the payload is an agent, it registers as a new child agent with parent-child relationship tracking

P2P Chaining & Relay
#

  • Agent-to-agent relay: Agents forward traffic for interior agents without direct teamserver contact
  • P2P topology: Parent-child agent relationships tracked and visualized via agents topology command and Web UI Topology page
  • Relay chain tracking: Full relay path queryable via agents chain <id> and GET /agents/<id>/chain
  • Auto-topology discovery: Pipeline automatically discovers relay relationships from forwarded messages
  • End-to-end encryption: Relay agents handle only opaque ciphertext

Dev Agent Enhancements
#

  • Built-in commands: ls, ps, netstat, pwd, cat, cd, whoami, env, upload, download, load_module, unload_module
  • Loadable modules: exec (command execution) and sysinfo (system reconnaissance)
  • TCP session mode: Interactive command shell over persistent TCP connections
  • Smart result display: Formatted tables for directory listings and process info; colored error output
  • Relay support: Dev agent can act as a P2P relay for interior agents

Web UI Refresh
#

  • P2P Topology page: Tree visualization of agent hierarchy with relay relationships
  • Agent Modules page: Searchable module catalog with compatibility filtering and load-into-agent workflow
  • Tools page: Renamed from “Agentless” — unified SSH/SMB/custom service interaction
  • Enhanced Agent Detail: Capabilities tab, loaded modules tab with unload controls, relay tab
  • Enhanced Agents table: Mode column, callback IP, relay status, real-time P2P updates via WebSocket
  • Enhanced Listeners page: TCP and external listener types with callback_protocol field
  • Enhanced Builds page: Listener-based workflow (no manual callback entry)
  • Improved Dashboard: Sessions card, P2P links card, relay agents card
  • Auth improvements: Token validation on startup, refresh failure handling

CLI Refinement
#

  • Interactive TUI: Textual-based terminal UI with panels and split views
  • Agent shell: agents use <hostname> enters per-agent interactive shell with built-in commands, module loading, file transfers
  • Group shell: agents group use <name> for multi-agent batching
  • Tools shell: tools use <name> for interactive agentless sessions
  • Theme system: 5 themes (default, monokai, hotdog_stand, light, matrix) with Ctrl+P picker
  • Path completion: Local filesystem (upload) and remote (via agent ls)
  • Background tasks: & suffix for async execution with results polling

Plugin System
#

  • Plugin inbox: Drop .py or .whl files into the inbox directory for auto-routing and installation
  • Plugin watcher: Background service monitors plugin directories for changes (configurable interval)
  • Dependency auto-install: Modules declaring dependencies in metadata get pip packages installed at discovery time
  • Unavailable tracking: Modules with missing dependencies are tracked with reasons via unavailable_modules property

API Additions
#

  • GET /agents/<id>/capabilities — agent package capabilities
  • GET /agents/<id>/modules/loaded — list loaded modules
  • POST /agents/<id>/modules/load — load agent module
  • POST /agents/<id>/modules/unload — unload managed module
  • GET /agents/topology — P2P topology graph
  • POST /agents/<id>/relay — set relay
  • DELETE /agents/<id>/relay — remove relay
  • GET /agents/<id>/chain — relay chain
  • POST /agentless/sessions — interactive agentless session
  • GET /agentless/sessions — list sessions
  • DELETE /agentless/sessions/<id> — close session
  • GET /agentless/sessions/<id>/output — poll session output
  • POST /agentless/sessions/<id>/input — send session input
  • GET /api/v1/plugins/ — list all plugins
  • POST /agent-modules/refresh — refresh agent module registry
  • GET /agent-modules/compatible/<agent_id> — compatible modules for agent

Collection Requests & File Explorer
#

  • Collection request workflow: Collectors can request file downloads from agents; operators approve or deny with full API/CLI/web UI support
  • CollectionRequest model: Tracks request lifecycle (pending, approved, denied) with links to resulting file transfers
  • File explorer: Web UI page showing agent filesystem trees built from cached ls results
  • Agent filesystem API: GET /agents/<id>/filesystem returns cached directory structure
  • Nav badge: Pending collection request count shown in web UI navigation
  • Admin password reset: Web UI inline password reset for operators

Operational Polish
#

  • Comprehensive audit logging across all 39 mutating API routes
  • Agent display names: hostname:shortid format for unambiguous agent resolution
  • Remote path completion: Cache-only from ls results (no implicit C2 traffic)
  • Local shell: local_shell command and ! prefix in all shells and TUI
  • File transfer display: Upload/download result formatters hide base64 blobs
  • Dev agent: 10MB file transfer size guard
  • Session agent polling: Mode-aware display with wake-event polling (~50ms for sessions vs beacon interval for beacons)

Bug Fixes
#

  • Fixed builtin_commands key mismatch causing commands to not appear
  • Fixed listener panel focus skip on Ctrl+L
  • Fixed results command TUI hang with background tasks
  • Fixed path completion double-slash issues
  • Fixed SSH interactive session output formatting
  • Fixed upload/download using FileTransfer ID instead of Task ID

v0.1.0
#

Stage 1 complete — all core functionality validated with the Python dev agent.

Features
#

  • Teamserver: Single-process Python server with Flask REST API and WebSocket events
  • CLI: Interactive operator shell with tab completion, multi-tab sessions, and JSON mode
  • Web UI: React-based interface with real-time dashboards and xterm.js agent terminals
  • Client Library: Typed Python client for all API endpoints
  • Plugin System: Hot-reloadable server modules, transport plugins, agentless modules, and agent packages
  • Engagement Isolation: Per-engagement SQLite databases with encrypted at-rest storage
  • RBAC: Four-tier role model (Admin, Operator, Spectator, Collector) with dynamic collector grants
  • Security: ECDH key exchange, AES-256-GCM wire encryption, PBKDF2 master keys, log redaction
  • Agent Build Pipeline: Config stamping with encrypted configuration blobs
  • Agentless Operations: Direct service interaction (SSH, SMB) with proxy and credential integration
  • Credential Store: Auto-extraction from module results, search, and multi-format export
  • File Transfers: Upload/download with SHA-256 hash verification
  • Background Services: Dead agent detection, stale task cleanup, key rotation, task archival
  • Audit Logging: Full action attribution with security event flagging