Java-Powered.
Multiplatform Control.
The most advanced cross-platform remote administration tool — 74 Windows / 46 macOS & Linux modules, built-in Tools & webhooks, end-to-end encrypted C2, and an intelligent VBS/COM builder.
Powered by Java. Runs Everywhere.
Server ships with a custom Java 17 runtime. Client bytecode stays Java 8 compatible — one codebase, native output for every platform.
All Platforms
java -jar) — Universal cross-platform format. Runs on any OS with Java 8+.
Windows
java -jar)
Runs completely invisible in the background. No windows, no tray icons, no traces. Full stealth operation.
macOS
java -jar)
Due to macOS security (Gatekeeper & TCC), certain modules like Screen Capture and Input Control require user-granted admin permissions.
Linux
java -jar)
Operates silently as a background process. No GUI, no desktop entries, no visible footprint on the system.
NATIVE build variants bundle a minimal auto-downloaded JRE — targets don't need Java installed. BAT/VBS wrappers use the VBS/COM launch engine by default (no PowerShell). All other formats require Java 8+ on the target unless NATIVE* is selected. Client bytecode is Java 8 compatible but runs on any Java version 8 and above.
Everything You Need. Nothing You Don't.
A comprehensive suite of tools designed for maximum control and minimum footprint.
Remote Desktop
Full real-time desktop streaming with mouse & keyboard control. Multi-monitor support with adaptive frame rate.
HVNC
Hidden Virtual Network Computing — run a full invisible desktop session. Completely undetectable to the end user.
File Manager
Browse, upload, download, rename, delete files with a full GUI. Execute files remotely with a single click.
Remote Shell
Interactive command shell with full ANSI color support. Execute commands in real-time with output streaming.
Process Manager
View all running processes with CPU/RAM usage. Kill, suspend, or inject into any process instantly.
Surveillance Suite
Keylogger, webcam capture, microphone recording, screen capture, and clipboard monitoring — all in real-time.
Credential Recovery
Extract saved passwords from 14+ applications including browsers, email clients, FTP, VPN, and WiFi networks.
Multi-Transport
TCP Direct, TCP+SSL, HTTP, and HTTP+SSL transport modes. Switch protocols on-the-fly for maximum flexibility.
Persistence Engine
Registry, scheduled tasks, startup folder, COM hijack, and watchdog shadow-process recovery. Survive reboots and process kills seamlessly.
Reverse Proxy
Built-in SOCKS proxy and port forwarding. Tunnel traffic through targets and pivot across internal networks.
Lazy Plugin CDN
74 modules load on demand via encrypted plugin bundles — HTTPS mirror, manifest hash verification, and C2 fallback. No 19 MB push on connect.
Mass Command Center
Dispatch shell commands, scripts, or module actions to filtered clients in one click with centralized result feedback.
Connection Resilience
Multi-host failover, reconnect backoff, transport fallback, and session recovery keep clients online through unstable networks.
Live Transfer Queue
Track uploads and downloads with live progress, speed, retry handling, and parallel transfer visibility across multiple clients.
Modular Architecture. Unlimited Power.
Every module is a precision-engineered tool. Combine them for complete operational control.
Keylogger
Multiplatform keystroke logger with live view and window title tracking.
Remote Desktop
View and control the remote screen in real-time with multi-monitor support.
RDP Manager
Enable/Disable built-in RDP & create hidden users for persistent remote access.
Hidden VNC
Hidden virtual desktop with full interaction — browsers, explorer, apps — invisible to user.
Hidden Browser
Run a hidden browser on the remote machine for silent web activity.
Screenshot
Capture single or continuous screenshots from all connected monitors.
Capture WebCam
View the remote webcam feed live or capture snapshots silently.
Capture Microphone
Listen to the remote microphone in real-time and save recordings as WAV.
Reverse Microphone
Play audio on the remote speakers — stream mic input or play a WAV file.
Audio Record
Record microphone to WAV file in the background (offline recording).
Screen Record
Record remote screen activity to video in MP4/AVI format.
Hardware RDP
High-FPS DXGI desktop capture (up to 60 FPS) with low-latency streaming on Windows.
Screenshot on Alert
Automatically capture the screen when specific keywords or alert conditions are detected.
Extension Stealer
Harvest browser extension data, configs, and stored secrets from Chromium-based browsers.
Notification
Push custom desktop notifications to the remote user silently or with custom titles.
Location
WiFi triangulation and IP geolocation with map display.
File Manager
Browse, upload, download, delete, execute and search remote files with full GUI.
Console
Interactive remote command shell — cmd / bash / zsh with real-time output.
Remote Chat
Two-way text chat with the remote user in real-time.
Scripts
Run VBS, BAT, JS, HTML or custom scripts on the remote machine.
Registry Editor
Browse and edit the Windows registry remotely with full key/value control.
Active Window
View and control the currently active window on the remote machine.
Task Scheduler
Manage scheduled tasks remotely via Task Scheduler or crontab.
Clipboard
Monitor and manipulate the remote clipboard content in real-time.
Clipboard Logger
Continuous clipboard history logging with timestamps — separate from live clipboard control.
Crypto Clipper
Monitor clipboard for crypto addresses and replace them silently with your own.
Token Impersonation
Access token enumeration and privilege escalation checks on Windows.
Browser Recovery
Extract saved passwords, cookies, and history from all major browsers.
App Recovery
Recover credentials from installed applications (Steam, Discord, Telegram, etc.).
FTP Recovery
Extract saved FTP credentials from FileZilla, WinSCP, and similar clients.
Wireless Recovery
Recover all saved Wi-Fi passwords stored on the system.
Email Recovery
Recover saved email credentials from Outlook and other mail clients.
Wallet Recovery
Recover cryptocurrency wallet data and private keys from the system.
Clear Browser
Clear browser data: cookies, history, cache, and saved passwords.
Browser History
Extract full browsing history, autofill data, and downloads from browsers.
UAC Spoof
Fake UAC credential prompt to capture plaintext admin passwords.
Token Stealer
Extract Discord, Telegram, and browser session tokens from the system.
VPN Extractor
Extract saved VPN configs from OpenVPN, WireGuard, Cisco, and more.
Password Manager Dump
Scan KeePass, Bitwarden, LastPass, and 1Password for stored secrets.
RDP Credentials
Harvest saved RDP credentials, connection history, and .rdp files.
System Information
Detailed hardware, OS, and network info — CPU, GPU, RAM, disks and more.
Process Manager
List and kill running processes with CPU/RAM monitoring.
Service Manager
List, start, stop, and restart system services remotely.
Startup Manager
Manage startup programs — add, remove, or modify auto-start entries.
Installed Software
List all installed programs with version and publisher information.
Persistence Manager
Advanced persistence via WMI, COM, DLL hijacking, services, and registry.
Event Log
Query and clear Windows event logs to cover tracks.
Environment Variables
Dump all system and user environment variables from the remote machine.
Printer
Send text to any printer connected to the remote machine.
Hardware & Fun
Monitor control, input blocking, CD tray, fake errors, and hardware trolling.
System Options
Power actions, persistence triggers, message boxes, and URL opener.
Reverse SOCKS v4/v5
SOCKS proxy tunnel through the remote machine for traffic routing.
Reverse Proxy
TCP port forwarding through the remote machine for network pivoting.
Network Scanner
Scan the remote network for active IPs and open ports.
Port Forward
Local port forwarding for internal network access and pivoting.
Connections
View all active network connections on the remote machine with process details.
Network Discovery
ARP scan and port scan the remote network to map internal hosts.
Network Shares
Enumerate SMB/network shares on local or remote hosts.
Download & Execute
Download a file from a URL and execute it on the remote machine.
Send File & Execute
Upload a local file and execute it silently on the remote machine.
Execute in Memory
Load and execute PE/Shellcode directly in RAM — fileless, no disk writes.
LSASS Dump
Dump LSASS process memory for credential extraction and hash recovery.
DLL Injection
Inject a DLL into a remote process via CreateRemoteThread.
Shellcode Loader
Load and execute shellcode locally or injected into a remote process.
AD Enumerator
Enumerate Active Directory users, groups, computers, and trusts.
Lateral Movement
Move laterally across the network via WMI, PsExec, or WinRM.
Browser Session Hijack
Extract browser cookies, tokens, and sessions for replay attacks.
Phishing Template Engine
Serve phishing pages locally on the target and capture credentials.
AMSI Bypass
Bypass AMSI via memory patching, reflection, or forced error techniques.
ETW Patcher
Patch ETW event tracing to evade logging and EDR detection.
Process Hollowing
Hollow a legitimate process and inject a PE payload for stealthy execution.
Rootkit
Hide processes, files, and registry keys from detection tools.
Build. Configure. Deploy.
The most advanced client builder with obfuscation, encryption, and multi-platform output.
Connection Settings
Configure IP/Domain, port, reconnect interval, mutex, and installation path. Support for multiple hosts with failover. Optional Cloudflare Tunnel for port-forward-free connectivity.
Transport Modes
Choose from TCP Direct, TCP+SSL, HTTP, or HTTP+SSL. Each mode is optimized for different network environments.
Persistence Options
Registry, scheduled tasks, startup folder, COM hijack, and optional watchdog shadow-process recovery.
ProGuard Obfuscation
Automated class & method renaming with ProGuard. Reduces binary size and makes reverse engineering extremely difficult.
String Encryption (ASM)
Per-string XOR encryption with per-character key mixing via ASM bytecode injection. Unique keys every build — strings decrypt at runtime only.
Assembly Info
Customize file description, company, copyright, version, and icon. Clone info from legitimate executables.
Binder (3 Slots)
Dedicated Binder tab — attach up to 3 decoy files (PDF, image, document). Client runs hidden while decoys open via the OS default handler.
VBS/COM Launch Engine
Production-default Windows wrapper uses pure VBS + COM (no PowerShell, no -EncodedCommand). Optional XOR payload encryption with JScript helper via cscript.
Stub Obfuscation
Outer wrapper modes: None, Standard, Hex, Hex2 (VBS only). BAT/NATIVEBAT auto-fallback to Standard. Configurable hex layers for extra stub hardening.
Polymorphic & Junk Injection
Unique BUILD_ID per release, random junk methods per class, and optional polymorphic class names — every build produces a different bytecode hash.
C2 Resilience
Multi-host failover, Pastebin host fallback, DoH DNS TXT recovery, plugin HTTPS mirror, traffic throttling, and JA3 fingerprint spoofing (Chrome).
Multi-Format Output
Build as JAR (cross-platform), EXE (Windows), BAT/VBS wrappers, or NATIVE* variants with auto-JRE download for zero-dependency deployment.
One Server. Every Platform.
Build and deploy clients for Windows, macOS, and Linux from a single server interface.
Windows
Full feature support with 74 modules including HVNC, credential recovery, registry editor, and native EXE output.
macOS
46 Modules with full surveillance, file management, remote desktop, and shell access on Apple systems.
Linux
46 Modules for Linux servers and desktops with surveillance, shell access, and full network tools.
Built-In Utilities. Zero Extra Software.
The server panel includes operational tools under Tools — IP intelligence, port checks, encoding, DDNS validation, remote webhook alerts, and zero-config Cloudflare Tunnel connectivity.
IP Lookup / GeoIP
Resolve any IP to country, region, ISP, and ASN. Built-in GeoIP also enriches connected clients when country code is missing.
Open Port Control
Scan target hosts for open TCP ports from the server panel — quick reachability checks before deployment or pivoting.
Base64 Encoder/Decoder
Encode or decode Base64 strings instantly — useful for payloads, configs, and quick data transforms during operations.
DDNS Checker
Validate dynamic DNS hostnames (No-IP, DuckDNS, ddns.net, etc.) and confirm they resolve before adding them to client builds.
Desktop Alerts & Sounds
Native in-panel notifications and optional sound alerts when clients connect — toggle both from the Tools menu without opening settings.
Tools Menu
Central launcher giving direct access to all built-in utilities — GeoIP, port scanner, Base64, DDNS, webhooks, and Cloudflare Tunnel — from a single menu.
Webhook Notifications
Push connect/disconnect events to Telegram (Bot Token + Chat ID) or Discord (Webhook URL). Toggle notify on connect or disconnect, run test messages, and save settings from one window.
Cloudflare Tunnel
Expose your C2 server through Cloudflare Zero Trust without port forwarding or firewall rules. Paste your tunnel token, click Start, and clients connect via Cloudflare's global network.
Webhook setup (Tools → 📡 Webhook Notifications)
- Telegram — enable, enter bot token & chat ID, test with one click
- Discord — enable, paste webhook URL (
discord.com/api/webhooks/...), test delivery - Events — choose 🟢 New Connection and/or 🔴 Disconnect independently
- Async delivery — notifications send on a background thread; the UI never blocks
Cloudflare Tunnel setup (Tools → ☁️ Cloudflare Tunnel Settings)
- No port forwarding — clients reach your server via Cloudflare's edge; no router or firewall changes needed
- Token-based auth — paste your Cloudflare Zero Trust tunnel token and save; credentials persist across restarts
- Start on startup — enable the checkbox to launch the tunnel automatically when the server starts
- Live log output — real-time cloudflared process output displayed directly in the settings window
Command Center. Full Control.
A beautiful JavaFX-powered dashboard to manage all your connections.
Multi-Client Management
Handle hundreds of simultaneous connections with real-time status monitoring, country flags, and OS detection.
Tabbed Interface
Each module opens in its own tab. Work with multiple modules on multiple clients simultaneously.
Task Automation
Schedule tasks to run automatically when clients connect. Execute modules on multiple clients at once.
Auto-Save Profiles
Save and load builder configurations. Share profiles across team members for consistent deployments.
Real-Time Notifications
Desktop notifications and optional sounds when clients connect or disconnect — toggle instantly from Tools → Notifications / Sounds.
Client Grouping
Organize clients by group, country, or OS. Apply bulk operations to entire groups at once.
Webhook Notifications
Telegram bot + Discord webhook integration with per-event toggles (connect/disconnect), built-in test buttons, and persistent saved settings.
Plugin Cache & CDN
Lazy plugin loading with disk cache, HTTPS mirror bundles, and hash-verified manifests — modules load only when opened.
Activity Log & Audit Trail
Searchable timeline of connections, disconnects, executions, transfers, and operator actions for quick review and troubleshooting.
Ready to Get Started?
Reach out through any of the channels below.
