Advanced Command & Control Framework
A professional-grade solution for security teams and red teaming operations and large scale cyber defence exercises
A professional-grade solution for security teams and red teaming operations and large scale cyber defence exercises
Listeners, commands and payload builders are all just plugins. The official SDK lets you craft new server-side or client-side modules, and almost every "built-in" feature you see is itself a plugin, proof that your own extensions can live first-class inside the UI and API.
Need a classic reverse HTTP beacon, an internal relay for lateral movement, or a quick reverse-shell catch-all? Tuoni ships multiple listener types: Reverse HTTP/TCP, Bind TCP/SMB, Relay listeners and an External listener to fit almost any network layout or EDR evasion plan.
Out-of-the-box native commands live inside the agent process for maximal stealth, while plugin commands can inject into an existing PID or spin up a sacrificial process under alternate creds, giving you surgical control over how and where shell-code runs.
Generate Windows (x86/x64), Linux and BSD agents, or switch to the Commercial Payload template for an ultra-configurable build with AMSI/ETW bypass options, delayed execution, obfuscated sleeps and more. All payloads are produced straight from the GUI or API in seconds.
Anything you can click you can script. A fully documented OpenAPI/Swagger endpoint plus a thin Python helper library let you spin up listeners, push commands or harvest results from your own tooling or CI pipeline.
Export the entire Git repo and Docker images to a single archive, rsync it into a dark-site and run tuoni import-tuoni-package Perfect for ranges, classified networks or competition environments where Internet access is a no-go.
Commercial licence holders unlock extra native + plugin commands and a payload family that layers heavy obfuscation, per-build randomness and multi-architecture support. Ideal for red-teamers facing modern EDR.
Hosts, services and credentials discovered during operations are auto-catalogued and editable in the "Discovery" views, while the built-in file server lets you stage binaries or scripts on every HTTP/HTTPS listener with ease.
Tuoni is an advanced Command & Control framework designed for security professionals. It provides a robust platform for managing penetration testing operations, red team engagements, and security assessments.
With continuous improvements in stability, performance, and features, Tuoni empowers security teams to work efficiently and effectively in complex security environments.
Maintenance and Stability Improvements
Select the Tuoni edition that suits your operational requirements. Contact us for detailed pricing information.
Community Edition
Professional Edition
Enterprise Solution
Already have a license key? Visit our commercial page to verify and download assets for your license.
Contact our sales team to discuss pricing options, request a personalized demo, or inquire about custom development services for your organization's specific needs. We offer flexible licensing models tailored to your requirements.