admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
206 Commits 2 Branches 0 Tags
1a3bb8ccdb311e0b1d0d8315b482f1b2f3343950
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jakob Friedl 1a3bb8ccdb Added documentation.
2025-10-30 15:35:13 +01:00
assets
Added documentation.
2025-10-30 15:35:13 +01:00
bin
Updated .gitignore with .gitkeep files to keep directory structure
2025-07-21 22:16:09 +02:00
data
Implemented jitter.
2025-10-23 11:14:26 +02:00
docs
Added documentation.
2025-10-30 15:35:13 +01:00
src
Added documentation.
2025-10-30 15:35:13 +01:00
.gitignore
Implemented simple download command.
2025-09-01 19:45:39 +02:00
conquest.nimble
Update README.md
2025-10-27 22:26:59 +01:00
LICENSE
Update LICENSE
2025-08-22 11:04:11 +02:00
README.md
Added documentation.
2025-10-30 15:35:13 +01:00

README.md

Banner

Conquest is a feature-rich, extensible and malleable command & control/post-exploitation framework developed for penetration testing and adversary simulation. Conquest's team server, operator client and agent have all been developed from scratch using the Nim programming language and are designed with modularity and flexibility in mind. It features custom C2 communication via binary packets over HTTP, a client GUI developed using Dear ImGui and the Monarch agent, a modular C2 implant aimed at Windows targets.

Conquest Client

Caution

Conquest is designed to be only used for educational purposes, research and authorized security testing of systems that you own or have an explicit permission to attack. The author provides no warranty and accepts no liability for misuse.

Getting Started

The Conquest team server and operator client are meant to be compiled and used on a UNIX operating system.

  1. Install Nim
curl https://nim-lang.org/choosenim/init.sh -sSf | sh
  1. Build the Conquest team server and client. When first used, these commands download all required dependencies and libraries.
nimble server
nimble client
  1. Start the team server with a C2 profile.
bin/server -p data/profile.toml
  1. Start the operator client and connect it to a team server
bin/client [-i <address> (default: localhost)] [-p <port> (default: 37573)]

For more information, check out the docs!

Features

  • Flexible operator GUI client written with Dear ImGui in Nim
  • HTTP listeners with support for callback hosts (Redirectors)
  • Support for malleable C2 profiles (TOML)
  • Customizable payload generation
  • Encrypted C2 communication leveraging AES256-GCM and X25519 key exchange
  • Sleep obfuscation via Ekko, Zilean or Foliage with support for call stack spoofing
  • Inline-execution of COFF/BOF files
  • Inline-execution of .NET assemblies
  • Token impersonation
  • AMSI/ETW patch using hardware breakpoints
  • Compile-time string obfuscation
  • Wide selection of built-in post-exploitation modules
  • Looting and loot management
  • Logging of all operator activity
  • Self-destruct functionality
  • Agent kill date & working hours

Screenshots

Payload generation

Screenshot Preview

Acknowledgements

The following projects and people have significantly inspired and/or helped with the development of this framework.

Reference in New Issue View Git Blame Copy Permalink
Description
Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.
Readme BSD-3-Clause 14 MiB
Languages
Nim 65.9%
C 32.4%
C++ 1.7%