Tempora is a robust, encrypted Command and Control (C2) framework designed for secure communication between a central server and distributed clients. Built with security and reliability in mind, Tempora features end-to-end encryption, asynchronous command dispatching, and resilient connections.
- End-to-End Encryption: Utilizes RSA for key exchange and Fernet for symmetric encryption
- Message Authentication: Implements HMAC for message integrity verification
- Resilient Connections: Automatic reconnection and session management
- Interactive Command Interface: Easy-to-use command line administration
- Extensible Architecture: Modular design for adding custom functionality
- Comprehensive Logging: Detailed activity monitoring and troubleshooting
Tempora operates on a server-client model:
- C2 Server: Central command hub that distributes tasks and collects responses
- Clients: Remote agents that execute commands and report system information
┌─────────────┐ Encrypted ┌─────────────┐
│ │ Communication │ │
│ C2 Server │◄─────────────────►│ Client │
│ │ Channel │ │
└─────────────┘ └─────────────┘
▲ ▲
│ │
▼ ▼
┌─────────────┐ ┌─────────────┐
│ Admin │ │ Target │
│ Interface │ │ System │
└─────────────┘ └─────────────┘
- Python 3.8+
- cryptography library
- Clone the repository:
git clone https://github.com/username/tempora.git
cd tempora- Create a virtual environment:
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate- Install dependencies:
pip install -r requirements.txt- Create logging directory:
mkdir -p logspython server.pyThis will start the server on default port 5000 and launch the admin interface.
list- Show all connected clientstask <type>:<command>- Send a task to all connected clients- Example:
task shell:ls -la - Example:
task system_info:
- Example:
python client.pyBy default, the client attempts to connect to localhost. For production deployments, modify the server address in the client code:
client = C2Client(server_host='your.server.address', server_port=5000)- Server generates RSA key pair
- Client connects and receives server's public key
- Client generates symmetric and HMAC keys
- Client encrypts these keys with server's public key
- Server decrypts the keys using its private key
- Both parties now have shared symmetric and HMAC keys
- All messages are encrypted with Fernet symmetric encryption
- Message integrity is verified with HMAC
- Protocol includes length prefixing to prevent fragmentation attacks
The command processor in client.py can be extended to handle custom commands:
def process_command(self, command):
command_type = command.get('type')
if command_type == 'my_custom_command':
# Custom command handling logic
result = self.execute_custom_action(command['parameters'])
response = {
'type': 'custom_result',
'data': result
}
self.send_response(response)This tool is designed for educational and authorized security testing purposes only. Usage of Tempora for attacking targets without prior mutual consent is illegal and prohibited.
This tool is for me and others who are interested to learn security concepts together
- Cryptography.io for the secure cryptographic primitives
- Contributors and security researchers who provided feedback
- Great Educational Resource @MariyaSha Youtube - Python
- Great Educational Resource @SteinOveHelset Website - Python
- Great Educational Resource @JohnHammond Youtube - Security
© 2025 | Sudosec Solutions | All Rights Reserved