Nimhawk
A powerful, modular, lightweight and efficient command & control framework written in Nim.
Install / Use
/learn @hdbreaker/NimhawkREADME
🚧 Development status: Nimhawk is currently in active development. Core functionality is working, but some features are still experimental. The implant only supports Windows x64 platforms. Contributions and feedback are highly welcomed!
🤝 Code contribution: I'm looking forward to developers building a Linux agent for Nimhawk. The developer's documentation, especially the section 'How to develop your own Implant or extend Implant functionality,' should be enough for the task.
🤝 Community: Hey! If you're into Malware Dev, Hacking, Exploit writing or just a tech nerd like me - hit me up! Always looking for new hacker friends to collaborate, share ideas and maybe grab a beer. No fancy resumes needed.
Table of Contents
1. Getting Started
2. Setup and Configuration
3. Technical Documentation
4. Deployment Options
5. Development and Contributing
6. Reference
Quick Start Guide
💡 Pro Tip: Before diving in, make sure to review the System Requirements section.
1. Dependencies Installation
Installing Nim and Nimble
# On Linux/macOS using choosenim
# In Silicon Mac you will need to compile nim. Chill google about it, it's easy!
curl https://nim-lang.org/choosenim/init.sh -sSf | sh
Initial Setup
# Clone the repository
git clone https://github.com/hdbreaker/nimhawk
cd nimhawk
# Configure your environment
cp config.toml.example config.toml
Installing Nimble Modules
# Navigate to implant directory
cd implant/
# Install required dependencies
nimble install
Installing Python Dependencies
# Navigate to server directory
cd server/
# Create and activate virtual environment
python3 -m venv venv
# On Linux/macOS
source venv/bin/activate
# On Windows
.\venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
Installing Frontend Dependencies
# Navigate to web interface directory
cd server/admin_web_ui/
# Install Node.js dependencies
npm install
# Run Frontend
npm run dev
3. Start the Server
python3 nimhawk.py server
4. Access the Web Interface
- Open your browser and navigate to
http://localhost:3000 - Default credentials:
- Email:
admin@nimhawk.com - Password:
P4ssw0rd123$
- Email:
⚠️ Security Note: Change default credentials immediately in production environments.
Introduction
Nimhawk is an advanced command and control (C2) framework that builds upon the exceptional foundation laid by Cas van Cooten (@chvancooten) with his NimPlant project. Cas's innovative work in developing a lightweight implant written in Nim has been groundbreaking for this project.
This project would not exist without Cas's technical expertise, dedication to open source, and commitment to knowledge sharing. Nimhawk expands on NimPlant's original functionality with:
- A more modular architecture for easier contributions and extensions
- Enhancements to implant security and evasion capabilities
- A completely renovated graphical interface with modern authentication
- Improved data handling and command processing systems
- Comprehensive documentation focused on practical deployment and usage
- Enhanced multi-user support with role-based access control
- Advanced workspace management for better operational organization
- Real-time implant status monitoring with visual indicators
- Improved file transfer system with preview capabilities
- Robust error handling and reconnection mechanisms
- Integrated build system with web-based compilation
- Flexible deployment options including Docker support
We are profoundly grateful to Cas van Cooten for his generosity in open-sourcing NimPlant, his ongoing contributions to the security community, and his pioneering work in leveraging the Nim language for security tools. We also extend our thanks to all NimPlant contributors who have helped shape the codebase that serves as our foundation.
Key Features
🎯 Core Capabilities: Nimhawk combines powerful features with operational security.
Operational Features
- ✨ Modular Architecture: Designed for easy expansion
- 🛡️ Enhanced Implant: Reduced detection signatures
- 🌐 Advanced Web Interface: Intuitive dashboard
- 🔧 Web Compilation: Generate implants from dashboard
Security Features
- 🔐 Improved Security: Dual authentication system
- 📊 Optimized Storage: Efficient data handling
- 🔍 Enhanced Debugging: Improved error tracking
- 📡 Multi-Status Support: Real-time implant monitoring
Recent improvements
- Enhanced check-in system: Implemented optimized tracking for implant check-ins, separating them from command history for cleaner console output
- Refined data transfer calculation: More accurate measurement of data transferred between server and implants
- UI improvements: Enhanced implant details display with real-time metrics and more intuitive layout
- Improved reconnection system: Enhanced implant reconnection mechanism that properly handles Registry cleanup, removing previous implant ID before registering a new one to prevent orphaned entries
- Inactive implant management: Added ability to safely delete inactive implants from the database, maintaining a clean operational environment
- Comprehensive Web UI: Full-featured web interface for real-time monitoring and control of implants
Nimhawk's Screenshots
Secure authentication
The secure authentication system features a minimalist design with email/password authentication and session management for multiple operators.
Command & control interface
Nimhawk's modern dashboard featuring a clean design with the project logo and framework description. The intuitive UI provides quick access to all operational functions.
Comprehensive server information
Server information panel with detailed metrics showing connection status, API endpoints, communication paths, and configuration details. The collapsible sections provide easy access to technical information.
Implant builder with real-time feedback
The implant builder interface allows operators to select target workspaces when generating new implants, supporting operational segmentation.
Real-time compilation feedback shows the build process step-by-step, providing transparency and debugging information during implant generation.
Upon successful compilation, operators receive a summary of generated files with direct download capability for deployment.
Multi-status visual management
Nimhawk's advanced status tracking system uses color-coding and icons to represent different implant states: Active (green), Late (orange), Disconnected (red), and Inactive (gray). This enhances situational awareness during operations.
Advanced search and filtering
The intuitive search system allows operators to quickly locate specific implants by hostname, username, IP address, or other attributes with real-time filtering.
Advanced filtering capabilities enable operators to focus on specific implant states, improving management efficiency when handling large numbers of connections.
Interactive command console
*The interactive console provides command history, syntax highlighting, and adjustable display options. The streamlined interface shows only relevant command his
Related Skills
node-connect
352.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
111.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
352.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
352.2kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
