Skip to content

msalihberk/ShadowLab

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

65 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

ShadowLab Banner

ShadowLab

Modern Educational Command & Control Framework for Cybersecurity Research

Learn how modern C2 infrastructures are engineered β€” safely, ethically, and from the inside out.


Overview β€’ Features β€’ Installation β€’ Usage β€’ Documentation β€’ Roadmap


Stars Forks Python Platform License Status



πŸ” Encrypted Communications β€’ πŸ“¦ Payload Builder β€’ 🧩 Modular Post-Exploitation β€’ ⚑ Runtime Module Loading β€’ πŸŽ“ Educational Research


Important

ShadowLab is an educational Command & Control (C2) framework designed exclusively for cybersecurity research, authorized security assessments, and isolated laboratory environments.

Rather than serving as an offensive toolkit, the project demonstrates how modern C2 infrastructures are engineered through transparent implementations of encrypted communications, payload generation, Windows internals, and modular post-exploitation workflows.

ShadowLab must never be used against systems without explicit authorization.

πŸš€ Overview

ShadowLab is a modular Command & Control (C2) framework written entirely in Python for studying the engineering principles behind modern remote administration infrastructures.

The project provides a transparent implementation of encrypted communications, staged and unstaged payload generation, Windows integration, and runtime post-exploitation modules, allowing students, researchers, and security professionals to explore how contemporary C2 frameworks are designed inside controlled laboratory environments.

Every component is built with education in mind, emphasizing software architecture, defensive understanding, ethical research, and practical cybersecurity learning instead of real-world offensive deployment.

ShadowLab Demo

✨ Highlights

  • πŸ” AES-128 Fernet encrypted communication
  • πŸ“¦ Staged & unstaged payload generation
  • 🧩 Dynamic post-exploitation module system
  • πŸ’» Interactive encrypted remote shell
  • πŸ–₯ Windows reconnaissance through WMI
  • πŸŽ“ Built specifically for cybersecurity education

πŸ“š Architecture

Interested in the engineering decisions behind ShadowLab?

➑️ Read the full technical analysis (Medium)


πŸš€ Features

ShadowLab provides a modular set of capabilities that demonstrate the core building blocks of a modern Command & Control framework while maintaining a strong focus on education, transparency, and software engineering.

Category Features
πŸ” Communication AES-128 Fernet encrypted communication, secure authentication, length-prefixed TCP transport
πŸ“¦ Payload Builder Staged & unstaged payload generation, executable binding, automated configuration embedding
πŸ’» Remote Interaction Interactive remote shell, file upload, desktop notifications
πŸ“· Intelligence Collection System information, screenshots, webcam capture, microphone recording, geolocation
πŸ–₯️ Windows Integration WMI enumeration, Registry persistence, security product detection
🧩 Post-Exploitation Dynamic module discovery, runtime template injection, encrypted module registration, controller-backed modules
πŸ—οΈ Architecture Modular codebase, configurable components, educational implementation, extensible framework

πŸ“ Project Structure

The repository is organized into modular components, separating the framework core, payload generation, configuration management, and post-exploitation modules.

ShadowLab/
β”‚
β”œβ”€β”€ assets/          # README assets
β”œβ”€β”€ confs/           # Framework configuration
β”œβ”€β”€ mainclass/       # Core framework components
β”œβ”€β”€ modules/         # Post-exploitation modules
β”œβ”€β”€ payloads/        # Payload templates
β”œβ”€β”€ build/           # Generated payloads
β”œβ”€β”€ photos/          # Screenshots
β”œβ”€β”€ records/         # Audio recordings
β”‚
β”œβ”€β”€ Shadow.py        # Main C2 Server
β”œβ”€β”€ requirements.txt
β”œβ”€β”€ README.md
β”œβ”€β”€ ROADMAP.md
β”œβ”€β”€ SECURITY.md
β”œβ”€β”€ FAQS.md
└── CONTRIBUTING.md

πŸ“¦ Installation

ShadowLab targets Python 3.13.x.

Clone the repository and install the required dependencies.

1. Clone the repository

git clone https://github.com/msalihberk/ShadowLab.git
cd ShadowLab

2. Install dependencies

pip install -r requirements.txt

Or create a virtual environment first:

python -m venv venv

# Windows
venv\Scripts\activate

# Linux / macOS
source venv/bin/activate

pip install -r requirements.txt

3. Start the framework

python Shadow.py

If the application starts successfully, the installation is complete.

πŸ’» Usage

After completing the installation, the typical ShadowLab workflow is:

Generate Configuration
        β”‚
        β–Ό
Configure Listener
        β”‚
        β–Ό
Build Payload
        β”‚
        β–Ό
Start Listener
        β”‚
        β–Ό
Agent Connection
        β”‚
        β–Ό
Manage Session
        β”‚
        β–Ό
Deploy Post-Exploitation Modules

1. Generate the Framework Configuration

Generate a unique encryption key and authentication token before building any payload.

Option 5 β†’ Generate Configuration

This creates the required configuration inside:

confs/conf.json

2. Configure the Listener

Specify the IP address and listening port that will be embedded into generated payloads.

Option 3 β†’ Set IP Address
Option 4 β†’ Set Listening Port

3. Build a Payload

Generate either a staged or unstaged payload.

Option 1 β†’ Build Payload

The builder supports:

  • Python payloads
  • Standalone executables
  • Executable binding
  • Staged deployment
  • Unstaged deployment

4. Start the Listener

Begin accepting incoming encrypted connections.

Option 2 β†’ Start Listener

5. Manage Active Sessions

Once an agent connects, ShadowLab provides an interactive management interface.

Command Function
1 Interactive Shell
2 Create Persistence
3 Record Microphone
4 Upload File
5 Webcam Capture
6 Geolocation
7 Remove Persistence
8 System Information
9 Desktop Notification
10 Screenshot
11 Security Software Audit
12 Post-Exploitation Manager
q Close Session

6. Deploy Post-Exploitation Modules

ShadowLab includes a modular post-exploitation framework capable of dynamically discovering and deploying runtime modules.

Typical workflow:

Session
   β”‚
   β–Ό
Post-Exploitation Manager
   β”‚
   β–Ό
Select Module
   β”‚
   β–Ό
Configure Template Values
   β”‚
   β–Ό
Deploy
   β”‚
   β–Ό
Interactive Controller

The framework currently ships with a sample KEYLOGGER module, while additional modules can be added without modifying the core framework thanks to the dynamic module architecture.

πŸ“š Documentation

Additional documentation is available for users who want to explore the project in greater depth.

Document Description
ROADMAP.md Project roadmap and future milestones
SECURITY.md Responsible disclosure and security policy
FAQS.md Frequently asked questions
CONTRIBUTING.md Contribution guidelines

πŸ“ License

ShadowLab is released under the MIT License.

See the LICENSE file for the complete license text.


Warning

ShadowLab is intended exclusively for cybersecurity education, authorized security assessments, and isolated laboratory environments.

Unauthorized use against systems you do not own or have explicit permission to assess is illegal and outside the intended purpose of this project.


⭐ Support the Project

If ShadowLab helps your learning or research, consider giving the repository a GitHub Star.


Made with ❀️ for the cybersecurity education community.



Banner artwork created with the assistance of ChatGPT (OpenAI).

About

A modular C2 framework developed in Python for cybersecurity research and adversary emulation. Features encrypted communication, agent building, and system diagnostics.

Topics

Resources

License

Contributing

Security policy

Stars

13 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages