HardHat C2
A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.
Last updated
A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.
Last updated
HardHat is a multiplayer c# .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life factors during engagements by providing an easy-to-use but still robust C2 framework. It contains three primary components, an ASP.NET teamserver, a blazor .NET client, and c# based implants.
⚠️⚠️ NOTE: HardHat is in Alpha release; it will have bugs, missing features, and unexpected things will happen. Thank you for trying it, and please report back any issues or missing features so they can be addressed.
HardHat contains many needed features for C2 operations.
Per-operator accounts with account tiers to allow customized access control and features, including view-only guest modes, team-lead opsec approval(WIP), and admin accounts for general operation management.
Managers (Listeners)
Dynamic Payload Generation (Exe, Dll, shellcode, PowerShell command)
Creation & editing of C2 profiles on the fly in the client
Customization of payload generation
sleep time/jitter
kill date
working hours
type (Exe, Dll, Shellcode, ps command)
Included commands(WIP)
option to run confuser
File upload & Downloads
Graph View
File Browser GUI
Event Log
JSON logging for events & tasks
Loot tracking (Creds, downloads)
IOC tracing
Pivot proxies (SOCKS 4a, Port forwards)
Cred store
Autocomplete command history
Detailed help command
Interactive bash terminal command if the client is on linux or powershell on windows, this allows automatic parsing and logging of terminal commands like proxychains
Persistent database storage of teamserver items (User accounts, Managers, Engineers, Events, tasks, creds, downloads, uploads, etc. )
Recon Entity Tracking (track info about users/devices, random metadata as needed)
Shared files for some commands (see teamserver page for details)
tab-based interact window for command issuing
table-based output option for some commands like ls, ps, etc.
Auto parsing of output from seatbelt to create "recon entities" and fill entries to reference back to later easily
Dark and Light 🤮 theme
c# .net framework implant for windows devices, currently only CLR/.NET 4 support
atm only one implant, but looking to add others
It can be generated as EXE, DLL, shellcode, or PowerShell stager
Rc4 encryption of payload memory & heap when sleeping (Exe / DLL only)
AES encryption of all network communication
ConfuserEx integration for obfuscation
HTTP, HTTPS, TCP, SMB communication
TCP & SMB can work P2P in a bind or reverse setups
Unique per implant key generated at compile time
multiple callback URI's depending on the C2 profile
P/Invoke & D/Invoke integration for windows API calls
SOCKS 4a support
Reverse Port Forward & Port Forwards
All commands run as async cancellable jobs
Option to run commands sync if desired
Inline assembly execution & inline shellcode execution
DLL Injection
Execute assembly & Mimikatz integration
Mimikatz is not built into the implant but is pushed when specific commands are issued
Various localhost & network enumeration tools
Token manipulation commands
Steal Token Mask
Lateral Movement Commands
Jump (psexec, wmi, wmi-ps, winrm, dcom)
Remote Execution (WIP)
AMSI & ETW Patching
Unmanaged Powershell
Script Store (can load multiple scripts at once if needed)
Spawn & Inject
Spawn-to is configurable
run, shell & execute
