TantoC2 runs as a single Python process with no external service dependencies.
Design Principles#
- Per-engagement isolation: Each engagement gets its own SQLite database. Data from one engagement is invisible to another.
- Plugin architecture: Transports, tools modules, agent packages, and agent modules are all independent packages discovered at runtime via entry points. A default install includes no plugins — install only what you need.
- Modular agent protocol: Each agent package brings its own CryptoProvider and ProtocolCodec. Magic bytes route to the correct handler.
- Capability-driven agents: Each agent package declares its supported module formats, built-in commands, and capabilities. The teamserver uses these declarations to filter compatible modules and present appropriate options to operators.
- Dual module loading modes: Agent modules can be loaded in managed mode (results flow through loading agent) or daemonized mode (payload runs independently, may register as a new agent).
- No external dependencies: No Redis, Celery, or external database. Everything runs in-process with SQLAlchemy + SQLite.
Process Architecture#
Component Interactions#
| Component | Responsibility |
|---|---|
| Flask API | REST endpoints, request validation, RBAC enforcement |
| Flask-SocketIO | Real-time event push to authenticated clients |
| Message Pipeline | Magic routing → crypto → codec → handler chain |
| Agent Manager | Registration, check-in processing, task CRUD, lifecycle, capability tracking |
| Agent Module Registry | Agent module discovery, YAML manifest validation, compatibility filtering by format/platform/arch |
| Tools Manager | Direct service interaction (SSH, SMB, etc.) via installed tool plugins, proxy/tunnel routing |
| Credential Service | Encrypted storage, auto-extraction, export |
| Build Manager | Config stamping, template selection, output format selection, binary generation |
| Background Services | Dead agent detection, stale task cleanup, key rotation, archival, plugin watching |