URZA-C2 Framework
Project Overview
A modern Command & Control framework combining a Django backend, Next.js frontend, and Python-based URZA C2 engine. Built as a comprehensive offensive security platform that enables controlled security testing with real-time WebSocket communication, dynamic module evaluation via Boo scripting, multi-user support, and both GUI/CLI interfaces for TeamServer and client management.
System Architecture
Components
URZA C2 Engine
Location: urza/ directory
The core engine responsible for handling listeners, stagers, sessions, modules, and secure communication. Manages the lifecycle of TeamServer and Client processes with extensive logging capabilities for auditing and troubleshooting operations.
Django Backend
Location: django-urza-backend/ directory
Acts as the API layer, handling user authentication, role-based access control, process orchestration (start/stop TeamServer and Client), and log retrieval endpoints for the frontend to interact with the C2 engine.
Next.js Frontend
Location: next-urza-frontend/frontend/ directory
Delivers a responsive interface enabling teamserver control, client management, and live log monitoring through seamless API interactions with both GUI and CLI access modes.
Key Features
- Multi-user and multi-server support with real-time communications via WebSockets
- Fully modular framework where listeners, modules, stagers, and C2 channels can be customized
- Dynamic module evaluation via Boo scripting for implant tasks and payload execution
- Secure ECDHE-encrypted traffic ensuring secure communication channels
- Role-based access control with secure authentication via Django backend
- GUI/CLI interfaces for TeamServer and client management with live log monitoring
- Extensive logging for auditing and troubleshooting red team operations
- Scalable platform supporting multiple servers and clients simultaneously