Skip to content

Plugin Commands

This section lists plugin-based commands available via the REST API, their parameters, and usage examples.

connect-smb

Purpose: Connect to an SMB agent using a parent agent trigger.

Parameters:

  • host: IP address or domain of the SMB agent.
  • pipename: Name of the SMB pipe.

Example: 

1
2
3
4
5
6
7
{
  "template": "connect-smb",
  "configuration": {
    "host": "smb.example.com",
    "pipename": "mypipe"
  }
}

connect-tcp

Purpose: Establish a connection for a TCP-BIND agent.

Parameters:

  • host: IP address or domain to connect to.
  • port: TCP port number.

Example: 

1
2
3
4
5
6
7
{
  "template": "connect-tcp",
  "configuration": {
    "host": "192.168.1.10",
    "port": 8888
  }
}

cp

Purpose: Copy a file or directory on the target filesystem.

Parameters:

  • source: Source file/directory path.
  • destination: Destination file/directory path.

Example: 

1
2
3
4
5
6
7
{
  "template": "cp",
  "configuration": {
    "source": "C:\\source.txt",
    "destination": "C:\\dest.txt"
  }
}

download

Purpose: Download a file from the agent’s filesystem.

Parameters:

  • filepath: File path to read (supports environment variables).

Example: 

1
2
3
4
5
6
{
  "template": "download",
  "configuration": {
    "filepath": "C:\\path\\to\\file.txt"
  }
}

execute-assembly

Purpose: Execute a .NET assembly in memory.

Parameters:

  • @files.executable: .NET executable file content (base64 encoded if provided via API).
  • parameters: Command line arguments for the .NET executable.

Note: Requires a multipart/form-data request if using @files.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
--boundary
Content-Disposition: form-data; name="requestBody"
Content-Type: application/json; charset=UTF-8
{
  "template": "execute-assembly",
  "configuration": {
    "parameters": ["--audit"]
  }
}

--boundary
Content-Disposition: form-data; name="executable"; filename="dotnetprog.exe"

__DOTNET_FILE__

inject

Purpose: Inject and execute shellcode.

Parameters:

  • @files.shellcode: Shellcode content.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
--boundary
{
  "template": "inject",
  "configuration": {}
}

--boundary
Content-Disposition: form-data; name="shellcode"; filename="shellcode.bin"

__SHELLCODE_FILE__

jump-service

Purpose: Copy a payload and create a service for lateral movement.

Parameters:

  • payloadId: Service executable payload ID.
  • copyMethod: Method for copying payload (SMB, NONE).
  • copyPath: Destination path for the copied file.
  • target: Target machine IP/name.
  • servicePath: Path for the created service.
  • serviceName: Service name.
  • serviceDisplayName: Display name for the service.
  • cleanup: Should service be deleted after execution.
  • username: Username (if needed).
  • password: Password (if needed).

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "template": "jump-service",
  "configuration": {
    "payloadId": 1,
    "copyMethod": "SMB",
    "copyPath": "C:\\new_service.exe",
    "target": "target-machine",
    "servicePath": "C:\\new_service.exe",
    "serviceName": "new-service",
    "serviceDisplayName": "New Service"
  }
}

jump-ssh

Purpose: Execute commands or copy payloads via SSH for lateral movement.

Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • cmdline: Command line to execute.
  • username: Username.
  • password: Password.
  • @files.privateKeyPEM: Private key PEM file
  • privateKeyPassword: Password for the private key file.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "template": "jump-ssh",
  "configuration": {
    "payloadId": 1,
    "copyMethod": "SMB",
    "copyPath": "C:\\new_agent.exe",
    "target": "target-machine",
    "cmdline": "C:\\new_agent.exe",
    "username": "domain\\user",
    "password": "secret"
  }
}

jump-winrm

Purpose: Execute commands or run an executable via WinRM.

Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • executablePath: Path of the executable to run.
  • customPowershell: Custom PowerShell script.
  • username: Username (if needed).
  • password: Password (if needed).

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "template": "jump-winrm",
  "configuration": {
    "payloadId": 1,
    "copyMethod": "SMB",
    "copyPath": "C:\\new_agent.exe",
    "target": "target-machine",
    "executablePath": "C:\\new_agent.exe"
  }
}

jump-wmi

Purpose: Execute commands via WMI for lateral movement.

Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • cmdline: Command line to execute.
  • username: Username (if needed).
  • password: Password (if needed).

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "template": "jump-wmi",
  "configuration": {
    "payloadId": 1,
    "copyMethod": "SMB",
    "copyPath": "C:\\new_agent.exe",
    "target": "target-machine",
    "cmdline": "C:\\new_agent.exe"
  }
}

mkdir

Purpose: Create a new directory on the target system.

Parameters:

  • dirpath: Directory path to create (supports recursive creation).

Example: 

1
2
3
4
5
6
{
  "template": "mkdir",
  "configuration": {
    "dirpath": "C:\\new\\directory"
  }
}

mv

Purpose: Move a file or directory on the target system.

Parameters:

  • source: Source file/directory path.
  • destination: Destination path.
  • overwrite: Allow to overwrite the destination file.

Example: 

1
2
3
4
5
6
7
{
  "template": "mv",
  "configuration": {
    "source": "C:\\old.txt",
    "destination": "C:\\new.txt"
  }
}

portscan

Purpose: Perform a TCP port scan and log discovered hosts and ports.

Parameters:

  • ips: IP addresses or ranges (comma-separated).
  • ports: Ports or ranges (comma-separated).
  • hostDiscovery: Host discovery method (ICMP default, ARP, NONE).
  • timeout: Connection timeout in milliseconds.
  • threads: Number of concurrent ARP threads.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "template": "portscan",
  "configuration": {
    "ips": "192.168.1.0/24",
    "ports": "1-1024",
    "hostDiscovery": "ICMP",
    "timeout": 1000,
    "threads": 10
  }
}

procinfo

Purpose: Retrieve additional information about the agent’s process.

Parameters: None

Example: 

1
2
3
4
{
  "template": "procinfo",
  "configuration": {}
}

rm

Purpose: Remove a file from the target filesystem.

Parameters:

  • filepath: File path to delete (supports environment variables).

Example: 

1
2
3
4
5
6
{
  "template": "rm",
  "configuration": {
    "filepath": "C:\\path\\to\\file.txt"
  }
}

screenshot

Purpose: Capture a screenshot of the target machine.

Parameters: None

Example: 

1
2
3
4
{
  "template": "screenshot",
  "configuration": {}
}

socks5

Purpose: Create a SOCKS5 proxy on the agent’s network.

Parameters:

  • port: Port that C2 opens for the SOCKS5 proxy.

Example: 

1
2
3
4
5
6
{
  "template": "socks5",
  "configuration": {
    "port": 8765
  }
}

spawn

Purpose: Spawn a new agent with provided configuration.

Parameters:

  • payloadId: Listener payload ID.
  • encryptedCommunication: Whether to encrypt communication.

Example: 

1
2
3
4
5
6
7
{
  "template": "spawn",
  "configuration": {
    "payloadId": "1",
    "encryptedCommunication": true
  }
}

upload

Purpose: Upload a file to the target filesystem.

Parameters:

  • filepath: Destination file path (supports environment variables).
  • @files.file: File content.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
--boundary
{
  "template": "upload",
  "configuration": {
    "filepath": "C:\\path\\to\\dest.txt"
  }
}

--boundary
Content-Disposition: form-data; name="file"; filename="somefile.txt"

__UPLOAD_FILE__