Skip to content
/ b3acon Public

b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.

License

GPL-3.0 license
22 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

b3rito/b3acon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.html
index.html
 
 

Repository files navigation

b3acon

b3acon is a mail based C2 that uses an in-memory, dynamically compiled C# IMAP client via PowerShell. It communicates entirely through standard email protocols, fetching commands from email drafts and sending execution results to the inbox.

Features

  • Command and Control via Email
  • In-memory dynamic C# compilation
  • Reads commands from email drafts
  • Sends output back to inbox via SMTP
  • Works with Yandex (other IMAP/SMTP providers may work with small adjustments)
  • Includes a Web Generator that outputs in:
    • PowerShell
    • HTA
    • VBS
    • JavaScript (WScript)
  • Optional Base64 encoding for PowerShell
  • Supports both fixed and randomized delay options

How It Works

  1. You (the operator) create a draft email:

    • The Subject is the command ID — a number between 0 and 9999 (e.g., 101)
    • The Body contains the actual PowerShell command: 
      Get-Process

  2. The script runs on the target system and:

    • Connects to IMAP and reads the Drafts folder
    • Skips any draft IDs that have already been executed
    • Executes new commands found in draft bodies
    • Sends the result back to the same inbox via SMTP

  3. Output delivery:

    • If the command produces output (e.g., Get-Process), it will appear in the Inbox as an email with subject: 
      Output of command ID 101
    • If the command generates no output (e.g., Start-Process calc.exe), the email will still be sent with a message confirming successful execution.

  4. To issue new commands:

    • Create a new draft or modify an existing one with a new numeric subject (e.g., 102, 103, etc.)
    • Already-executed IDs will be skipped unless the script is restarted

HTML Script Generator

The project includes a self-contained HTML file that lets you generate scripts via browser.

Generator Features

  • Configuration for:
    • IMAP/SMTP servers
    • Username, password, ports
    • Fixed delay (in seconds)
    • Optional randomized delay (e.g., 30–90 seconds)
  • Output options:
    • PowerShell (raw, editable, copy-paste)
    • HTA
    • VBS
    • JS (for WScript)
  • Optional:
    • Base64-encoded PowerShell payload
    • Auto-embed in HTA/VBS/JS wrappers

Supported Output Types

Format Base64 Execution-Ready
PowerShell Yes Yes
HTA Yes Yes
VBS Yes Yes
JS (WScript) Yes Yes

Requirements

  • PowerShell 5.0 or higher
  • A working IMAP/SMTP mailbox (e.g., Yandex)

Live Demo

Try b3acon directly in your browser:

https://b3rito.github.io/b3acon/

Disclaimer

This tool is for educational and authorized testing only.
Do not use it on any system without explicit permission.
Any misuse is strictly forbidden.
You are solely responsible for your actions.

Authors

Created by b3rito at mes3hacklab and GioPpeTto

About

b3acon - a mail-based C2 that communicates via an in-memory C# IMAP client dynamically compiled in memory using PowerShell.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

22 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages