DRILL (Distributable Remote Integrated Lightweight Link) is a powerful and stealthy Command and Control (C2) framework designed for seamless operation across various environments.
DRILL utilizes WebSocket protocol for C2 communications, effectively bypassing firewalls and proxies. This allows for real-time, bidirectional communication between the agent and the server, enhancing stealth and efficiency.
All traffic flows through a single port using HTTP/HTTPS, simplifying network traversal and making it easier to disguise as legitimate traffic.
DRILL can be easily tunneled through Cloudflare, providing an additional layer of security and obfuscation for C2 communications.
Built-in Docker integration enables seamless payload creation for both Linux, Windows and OSX targets, expanding the framework's versatility.
- Windows: Implements startup registry keys and PowerShell profile modifications (Powershell profile is temporarily disabled due to a bug)
- Linux: Creates a user-local systemd process for persistent access
- OSX: Uses launch agents to run itself on startup
- Send and receive files to/from single or multiple machines simultaneously
- Supports transfer of executable files, enhancing post-exploitation flexibility
- Credential theft tools for harvesting login information
- Mass command execution across multiple compromised systems
- Easily expandable module system for future enhancements
Version 3.0 features a completely overhauled UI, improving usability and efficiency for operators.
DRILL follows a typical C2 framework architecture:
- Agent: Malware running on targeted systems, connecting back to the teamserver
- Teamserver: Central backend service managing agent communications and operator interactions
- Client: Web interface for operators to control the teamserver and issue commands
- Enhanced post-exploitation modules
- Remote Desktop Protocol (RDP) mode:
- Keyboard and mouse locking
- Input mirroring from operator to target
- Target screen viewing
- Webcam access
# Clone the repo
git clone https://github.com/redteam-malware/DRILL_V3.git
# Run the installer, avoid running it as root
cd DRILL_V3
bash ./install.shWe recommend not running DRILL V3 behind a proxy as it can mess with IP grabbing issues. If you can, please use an open port or tested software like ngrok or Cloudflare Tunnels to reduce problems.
# Basic usage example
python3 main.pyIf you wish to change the default username and password for the DRILL framework, simply edit the configuration file located at config.json. Modify the username and password fields to your desired values.
# Edit config file
nano config.jsonWarning: This tool is intended for authorized penetration testing and red team operations only. Misuse of this software may be illegal in your jurisdiction. Use responsibly and ethically.
Apache-2.0 license
This project is for educational and authorized testing purposes only. The authors are not responsible for any misuse or damage caused by this software.