Havoc

Havoc is an open-source command and control framework used in offensive security and red team engagements. Security professionals use tools like this to simulate what an attacker would do after gaining initial access to a target network, helping organizations understand and test their defenses.

The framework has three main parts. The teamserver is the central server component, written in Go, that multiple operators can connect to simultaneously. It handles incoming connections from compromised machines, generates payloads, and manages communication channels over HTTP and HTTPS. The client is a desktop application with a graphical interface, built with C++ and Qt, that the security operator uses to interact with the teamserver and see what is happening across all active sessions. The third part is called Demon, an agent written in C and assembly that runs on the target system and communicates back to the teamserver.

Demon includes a range of post-exploitation capabilities: running commands on target machines, managing authentication tokens, communicating through other compromised machines via SMB, and various techniques designed to avoid detection by security monitoring tools. The framework is described by its author as designed to be modular and configurable rather than optimized for any specific evasion technique out of the box, with the idea that operators extend it for their own needs.

Extensibility is built in through a Python API, a custom modules system, and support for plugging in third-party agents beyond Demon. The teamserver runs best on Debian, Ubuntu, or Kali Linux and requires a modern version of Qt and Python 3.10 to build. Documentation lives in the project wiki and on the official website.