Skip to content

Listeners & Transports

Listeners are the server-side components that receive connections from implants. Stentor supports multiple transport protocols, each with distinct trade-offs for reliability, stealth, and bandwidth. Malleable C2 profiles let you customize traffic patterns to blend with legitimate network activity.

In This Section

  • HTTP/HTTPS Listeners -- The primary transport for most operations, with TLS and domain fronting support.
  • DNS Listeners -- Low-bandwidth, high-stealth transport using DNS queries for C2 communication.
  • SMB Listeners -- Named pipe transport for internal pivoting and peer-to-peer beacon chaining.
  • TCP Bind Listener -- Raw TCP transport for peer-to-peer beacon pivoting on arbitrary ports.
  • WireGuard VPN -- Encrypted tunnel transport for covert network access.
  • External C2 -- TCP interface for integrating third-party C2 frameworks (Metasploit, Sliver, custom controllers).
  • User-Defined C2 (UDC2) -- Custom transport plugin interface for exotic or BOF-based communication channels.
  • Malleable Profiles -- Customize HTTP traffic indicators, URIs, headers, and encoding to evade network detection.