🗂️ Navigation
📁 Penetration Testing
📋 Exploit Frameworks
🔧 Covenant

Covenant

A .NET command and control framework.

Visit Website →

Overview

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. It features a web-based interface built with Blazor.

✨ Key Features

  • Entirely written in .NET Core, making it cross-platform
  • Web-based interface using Blazor
  • Focus on .NET-based tradecraft and payloads ('Grunts')
  • Encrypted C2 communications
  • Multi-user support for collaboration
  • Extensible with custom listeners and tasks

🎯 Key Differentiators

  • Niche focus on .NET as both the framework and the primary payload type.
  • Modern, web-based interface using Blazor.
  • Cross-platform server capabilities due to .NET Core.

Unique Value: Provides a modern, easy-to-use, and collaborative C2 framework specifically designed for leveraging the power and evasion potential of offensive .NET.

🎯 Use Cases (4)

Red Team Operations Adversary Emulation Post-Exploitation in Windows environments Offensive .NET Research

✅ Best For

  • Managing compromised hosts in a .NET-heavy environment.
  • Executing offensive .NET tools and assemblies in-memory.
  • Collaborating with team members through the web UI.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Non-Windows post-exploitation (though possible, it's not the focus).
  • Initial vulnerability scanning.

🏆 Alternatives

PowerShell Empire Sliver Cobalt Strike

While Empire has strong PowerShell capabilities, Covenant is the go-to for a pure .NET offensive framework. Its Blazor UI is often seen as more modern than the clients of other frameworks.

💻 Platforms

Web API

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The tool is completely free and open-source.

Visit Covenant Website →

🔄 Similar Tools in Exploit Frameworks

Metasploit Framework

An open-source platform for developing, testing, and executing exploit code against remote targets....

Contact

Cobalt Strike

A commercial threat emulation tool for post-exploitation and advanced adversary simulation....

Contact

Core Impact

A commercial penetration testing tool for identifying and exploiting vulnerabilities across various ...

Contact

Burp Suite Professional

A comprehensive platform for performing security testing of web applications....

Contact

sqlmap

An open-source tool that automates detecting and exploiting SQL injection flaws....

Contact

Social-Engineer Toolkit (SET)

A Python-driven tool aimed at penetration testing around social engineering....

Contact