aeondave/covenant
offensive-tools/c2/covenant/SKILL.md
Covenant: collaborative .NET C2 framework with web UI, Grunt implants over HTTP/S and SMB, built-in task library, and multi-operator support. Use when running .NET-native red team operations, leveraging the task library for post-exploitation, or training teams on visualized collaborative C2.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill covenantInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 8:58 PM63.9s1 file scanned
SKILL.md
- name:
- covenant
- description:
- Covenant: collaborative .NET C2 framework with web UI, Grunt implants over HTTP/S and SMB, built-in task library, and multi-operator support. Use when running .NET-native red team operations, leveraging the task library for post-exploitation, or training teams on visualized collaborative C2.
- license:
- GPL-3.0
- compatibility:
- Linux / macOS / Windows. .NET 5+ or .NET Core 3.1. Docker available. Web UI on port 7443.
- author:
- AeonDave
- version:
- 1.0
Covenant
Collaborative .NET C2 with web interface and Grunt implants.
Quick Start
docker run -it -p 7443:7443 ghcr.io/cobbr/covenant
# or: dotnet run --project Covenant/Covenant.csproj
# Access: https://localhost:7443
Core Concepts
| Term | Meaning | |------|---------| | Grunt | Implant agent | | Listener | HTTP/HTTPS/SMB endpoint | | Launcher | Payload generator (binary, script, etc.) | | Task | Post-exploitation action |
Common Tasks
| Task | Purpose |
|------|---------|
| Shell | Run shell command |
| Assembly | Execute .NET assembly in memory |
| PowerShell | Run PowerShell block |
| SharpHound | Built-in BloodHound collection |
| Mimikatz | Credential dump |
| PortScan | Internal port scan |
| Download / Upload | File transfer |
Resources
| File | When to load |
|------|--------------|
| references/ | REST API usage, custom task creation, SMB chaining |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026