It is a C2 framework called DRILL (Distributable Remote Integrated Lightweight Link). This tool is designed to conduct penetration testing operations and attack simulations on various operating systems, including Windows, Linux, and macOS.
Features
WebSocket Communication
DRILL uses the WebSocket protocol to communicate with C2, effectively bypassing firewalls and proxies. This allows for bidirectional communication between the agent and the server in real time, increasing stealth and efficiency.
Single-Port Management
All traffic passes through a single port using HTTP/HTTPS, simplifying network traversal and making it easier to disguise as legitimate traffic.
Cloudflare Tunnel Compatibility
DRILL can be easily tunneled through Cloudflare, providing an additional layer of security and obfuscation for C2 communications.
Cross-platform payload generation
Native Docker integration allows easy payload generation for Linux, Windows, and OSX targets, extending the versatility of the framework.
Robust persistence mechanisms
Windows: Injects startup registry keys and PowerShell profile modifications (Powershell profile is temporarily disabled due to an error)
Linux: Creates a local systemd process for persistent access
OSX: Uses launch agents to launch themselves at startup
Advanced file transfer capabilities
Send and receive files to/from one or more machines simultaneously
Supports executable file transfers, increasing post-exploit flexibility
Post-exploit modules (PEMs)
Credential stealers to gather login information
Bulk execute commands on multiple compromised systems
Easily extensible module system for future improvements
download:
Features
WebSocket Communication
DRILL uses the WebSocket protocol to communicate with C2, effectively bypassing firewalls and proxies. This allows for bidirectional communication between the agent and the server in real time, increasing stealth and efficiency.
Single-Port Management
All traffic passes through a single port using HTTP/HTTPS, simplifying network traversal and making it easier to disguise as legitimate traffic.
Cloudflare Tunnel Compatibility
DRILL can be easily tunneled through Cloudflare, providing an additional layer of security and obfuscation for C2 communications.
Cross-platform payload generation
Native Docker integration allows easy payload generation for Linux, Windows, and OSX targets, extending the versatility of the framework.
Robust persistence mechanisms
Windows: Injects startup registry keys and PowerShell profile modifications (Powershell profile is temporarily disabled due to an error)
Linux: Creates a local systemd process for persistent access
OSX: Uses launch agents to launch themselves at startup
Advanced file transfer capabilities
Send and receive files to/from one or more machines simultaneously
Supports executable file transfers, increasing post-exploit flexibility
Post-exploit modules (PEMs)
Credential stealers to gather login information
Bulk execute commands on multiple compromised systems
Easily extensible module system for future improvements
download:
