📡

Virga

A modern C2 framework with local LLM embedded in beacon implants for autonomous post-exploitation.

0 installs

Trust: 34 — Low

Iot

Ask AI about Virga

I know everything about Virga. Ask me about installation, configuration, usage, or troubleshooting.

0/500

Loading tools...

Reviews

Documentation

Virga

A modern Command & Control (C2) framework with local LLM embedded in beacon implants for autonomous post-exploitation. By running AI entirely on the compromised host, Virga minimizes C2 connections and enables agents to complete complex tasks independently with natural language instructions.

Legal Notice

WARNING: This tool is intended exclusively for authorized security testing and research. Use of this software for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. The developers assume no liability and are not responsible for any misuse or damage caused by this program.

Quick Start

# Clone the repository
git clone https://github.com/r74tech/virga.git
cd virga

# Build everything
make

# Run server and CLI together
make run

# Or run separately
make run-server  # Terminal 1
make run-cli     # Terminal 2

Requirements

Go 1.24+
gcc
Make
mingw (for Windows cross-compilation)
bun (for web UI development, documentation)

Installation

Building from Source

# Build and run without installation
make deps
make download-llama-all

# Build all components
make build

Architecture

virga/
├── cmd/                   # Entry points
│   ├── server/            # C2 server
│   ├── cli/               # Command-line interface
│   └── mcp-stdio/         # MCP STDIO server
├── internal/              # Core implementation
│   ├── server/            # Server logic
│   ├── cli/               # CLI implementation
│   ├── implant/           # Implant/agent code
│   └── shared/            # Shared utilities
├── web/                   # Web dashboard (React + Vite)
├── docs/                  # Documentation (VitePress)
├── examples/              # Extension examples
├── configs/               # Configuration files
└── scripts/               # Build and utility scripts

Core Features

Server

Multi-protocol support (HTTP/HTTPS with AES-256-GCM encryption)
Session management with real-time monitoring
File transfer and remote command execution
TLS support with custom certificates

CLI

Interactive shell with command completion
Direct command execution mode (--exec)
Beacon/payload generation
Session interaction and management
File upload/download operations
Configurable output (quiet mode, color control)

Web Dashboard

Real-time session monitoring and management
Interactive command execution interface
Network topology visualization with Cytoscape

Implant/Beacon

Cross-platform support (Windows, Linux, macOS on x64/ARM64)
Embedded llama AI for autonomous operations (see AI Features)
In-memory database (MemDB) for data collection
Configurable sleep intervals with jitter
Environment detection and anti-debugging

Common Tasks

Building

make                    # Build all components
make server            # Build server only
make cli               # Build CLI only
make clean             # Clean build artifacts

Running

make run               # Run server and CLI together
make run-server        # Run server only
make run-cli           # Run CLI only
make run-local         # Run without installation
make kill-ports        # Kill processes on default ports

Development

make dev               # Hot reload mode (requires entr)

Web UI Development

cd web
bun install            # Install dependencies
bun run dev            # Start development server
bun run build          # Build for production

Documentation

cd docs
bun install            # Install dependencies
bun run docs:dev       # Start documentation server
bun run docs:build     # Build documentation

Installation

make install           # Install to system (may need sudo)
make install-user      # Install to ~/.local/bin
make uninstall         # Remove installation

Configuration

Server Configuration

For example configuration, see configs/server.yaml.

Environment Variables

# Server
SERVER_PORT=9000 make run-server
SERVER_CONFIG=my-config.yaml make run-server

# CLI
CLI_HOST=192.168.1.100 make run-cli
CLI_PORT=9000 make run-cli
CLI_ARGS="--log-level off --no-color" make run-cli

# Installation
INSTALL_DIR=/custom/path make install

CLI Options

# Output control
virga-cli --quiet                    # Minimal output
virga-cli --no-color                 # Disable colors
virga-cli --log-level off            # Disable logging

# Debug mode
virga-cli --debug                    # Enable debug output
VIRGA_CLI_LOG_LEVEL=debug virga-cli  # Via environment variable

# Connection options
virga-cli --host 192.168.1.100 --port 9000
virga-cli --config custom-config.yaml

MCP Inspector

For MCP development and debugging (optional):

# Run MCP inspector (uses bunx, no installation needed)
bun mcp:inspect

Contributing

Fork the repository
Create your feature branch (git checkout -b feature/amazing-feature)
Commit your changes using conventional commits
Open a Pull Request

Security

All communications use TLS encryption
Authentication tokens are never stored on disk
Input validation on all user inputs
Regular security audits with Trivy and Gosec

For security issues, please email r74tech@proton.me instead of using issue tracker.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Qitmeer/llama.go for Go bindings to llama.cpp
Cobalt Strike for BOF format inspiration
The Go community for excellent libraries and tools
Security researchers for valuable feedback and contributions