What is TantoC2?#
TantoC2 is a plugin-driven C2 framework designed for professional penetration testing engagements. It provides a teamserver, operator CLI, web UI, and extensible agent ecosystem — all built with engagement isolation and operational security as first-class concerns.
Key Features#
Modular Agent Architecture#
Every deployable unit is an agent defined by an AgentPackage plugin that declares its capabilities, supported module formats, and built-in commands. Agents support two module loading modes:
- Managed mode (default): The loading agent manages the module’s lifecycle, and results flow back through the loading agent’s channel.
- Daemonized mode: The payload runs independently — if it’s an agent, it establishes its own crypto session and registers as a new, independent agent.
Any agent whose output format conforms to a module format can be loaded by any agent that accepts that format. The teamserver matches modules to agents by format identifier, platform, and architecture.
Engagement Isolation#
Every operation runs inside an isolated engagement context with its own encrypted SQLite database. Agents, tasks, credentials, and audit logs from one engagement are completely invisible to another.
Plugin Architecture#
TantoC2 ships as a bare core — no transports, tools, agents, or modules are included by default. Everything is a plugin, installed and discovered independently:
| Plugin Type | Purpose | Install Example |
|---|---|---|
| Agent Packages | Crypto, wire protocol, build pipeline, and capability declarations per agent type | pip install tantoc2-agent-shinobi |
| Agent Modules | Compiled payloads (BOF, shellcode, DLL, etc.) loadable by agents that support their format | File drop or wheel |
| Transport Plugins | Listener implementations (HTTP, TCP, custom) | pip install tantoc2-transport-http |
| Tools Modules | Direct service interaction (SSH, SMB) without agents | pip install tantoc2-tool-ssh |
All plugins are discovered at runtime via Python entry points or file drops, and support hot-reload without server restart.
Operator Tooling#
- CLI with Textual TUI, interactive agent/group/tools shells, tab completion, themes, JSON mode, and Rich-formatted output
- Web UI with real-time WebSocket events, P2P topology visualization, agent module browser, and xterm.js agent terminals
- Client Library for scripting and automation
Security Model#
- ECDH + HKDF key exchange for agent sessions
- AES-256-GCM encryption for all wire traffic
- PBKDF2 master key derivation for at-rest database encryption
- 4-tier RBAC (Admin, Operator, Spectator, Collector) with per-engagement scoping
- Log redaction to prevent sensitive data leakage in server logs
- End-to-end P2P encryption — relay agents cannot inspect forwarded traffic
- Kill dates — mandatory hard expiration on every agent build
Architecture at a Glance#
TantoC2 runs as a single Python process with no external service dependencies. All state is stored in SQLite databases managed by SQLAlchemy.
Tech Stack#
| Component | Technology |
|---|---|
| Teamserver | Python 3.11+, Flask, Flask-SocketIO, SQLAlchemy |
| CLI | Click, Rich, Textual, httpx |
| Web UI | React, Vite, TailwindCSS, xterm.js |
| Client Library | Python, httpx |
| Agents | Python (dev/test), Go (Shinobi — first native agent), C/C++ (future) |
| Cryptography | cryptography library (ECDH, AES-256-GCM, PBKDF2) |
Next Steps#
- Install TantoC2 to get the server running
- Follow the Quickstart for a step-by-step walkthrough
- Read the User Guide for day-to-day usage