Skip to main content
NTNINJA

TantoC2 - Red Team Command & Control Framework

Links#

Overview
#

TantoC2 is a red team command-and-control framework designed for authorized penetration testing and adversary simulation. It runs as a single deployable Python process with no external service dependencies — no Redis, Celery, or external databases — making deployment trivial. Built with Flask, SQLAlchemy, and SQLite, it supports concurrent multi-operator engagements with real-time WebSocket event streaming.

TantoC2 provides a terminal CLI, a web UI, and a REST API for operator interaction. Its plugin architecture allows extending transports, agent packages, server-side modules, and agentless modules without modifying core code. All operations are fully audited with per-engagement database isolation and encryption.

Features
#

Agent Management
#

  • Multi-agent management with beacon (async) and session (sync) modes
  • Modular agent architecture with pluggable crypto and protocol pipelines
  • Agent lifecycle tracking — Active, Dormant, Dead, Killed states
  • Capability declarations and loadable agent modules
  • Kill date enforcement for automatic agent expiration

P2P Chaining & Relay
#

  • Agents can relay traffic through other agents to reach isolated networks
  • Flexible peer-to-peer topology for complex network environments

Server-Side Modules
#

  • Module execution on the teamserver with task dispatch to agents
  • Hot-reload module discovery from the filesystem
  • Credential auto-extraction from module results

Agentless Operations
#

  • Direct network protocol exploitation (SSH, SMB, etc.) without deployed agents
  • Bidirectional credential integration with the credential store

Multi-Operator & RBAC
#

  • Four-tier role system — Admin, Operator, Spectator, Collector
  • Dynamic permission grants for collectors scoped by agent with optional expiration
  • Real-time event streaming via WebSocket for all connected operators

Security & Isolation
#

  • Per-engagement database isolation with independent encryption keys
  • RSA-2048, ECDH+HKDF, AES-256-GCM, PBKDF2 cryptography
  • TLS support on all listeners
  • Token-based authentication with refresh and revocation
  • Comprehensive audit logging of all operator and agent actions

Operator Interfaces
#

  • Interactive terminal CLI with tab management
  • Web UI (React-based)
  • REST API with JSON output mode for scripting

Quick Start
#

1. Clone the repository and install:

git clone <repo-url> tantoc2
cd tantoc2
pip install -e .

2. Start the teamserver:

tantoc2-server

3. Connect with the CLI:

tantoc2-cli