Advanced, modular, and evasion-aware Command & Control (C2) framework for offensive security research and authorized red team operations.
This tool is for authorized penetration testing and educational purposes only.
Unauthorized use against systems you do not own or have explicit written permission to test is illegal and may result in severe civil and criminal penalties. The author assumes no liability for misuse.
🔒 Use responsibly. Know your laws. Get written authorization.
- Dork-based scanning across 6 search engines (DDG, Bing, Yandex, Startpage, Kagi, Yahoo)
- Multi-type zombie support:
- XML-RPC Pingback Abuse
- Open Redirect Exploitation
- Web Endpoint Flooding
- Zombie validation & reliability scoring
- Chained proxy → redirect attacks
- Layer 3/4 Attacks (with optional IP spoofing):
- TCP SYN Flood
- UDP Flood
- ICMP Flood
- Amplification Attacks:
- DNS, NTP, SNMP, SSDP
- NEW: Memcached, CLDAP, Chargen
- Layer 7 HTTP Flood (async, with header spoofing)
- IP spoofing for L3/L4 attacks (via Scapy)
- Header spoofing:
X-Forwarded-For,Via, fake Host - User-Agent rotation
- Proxy rotation (SOCKS/HTTP)
- Rate-limiting & random delays
- Dynamic dork mutation
- Shodan enrichment (optional)
- Telegram C2 bot (remote command)
- Export to JSON/CSV (MISP/STIX-ready)
- SQLite database for attack/zombie history
- Python 3.8+
pippackage manager- Root/Admin privileges (required for raw socket attacks)
- uv tool for ease of use
- You can install uv with this simple cmd: "curl -LsSf https://astral.sh/uv/install.sh | sh"
git clone https://github.com/Scav-engeR/SilverwolF.git
cd SilverWolF
uv venv -p 3.10 --allow-existing --system-site-packages -v
source .venv/bin/activate.fish
pip install -r requirements.txt- You know the rules~
- Don't be an idiot