Sandcat Plugin Details

The Sandcat plugin provides Caldera with its default agent implant, Sandcat. The agent is written in GoLang for cross-platform compatibility and can currently be compiled to run on Windows, Linux, and MacOS targets.

While the Caldera C2 server requires GoLang to be installed in order to compile agent binaries, no installation is required on target machines - the agent program will simply run as an executable.

The sandcat plugin does come with precompiled binaries, but these only contain the basic agent features and are more likely to be flagged by AV as they are publicly available on GitHub.

If you wish to dynamically compile agents to produce new hashes or include additional agent features, the C2 server must have GoLang installed.

Source Code

The source code for the sandcat agent is located in the gocat and gocat-extensions directories. gocat contains the core agent code, which provides all of the basic features. gocat-extensions contains source code for extensions that can be compiled into new agent binaries on demand. The extensions are kept separate to keep the agent lightweight and to allow more flexibility when catering to various use cases.

Precompiled Binaries

Precompiled agent binaries are located in the payloads directory and are referenced with the following filename:

  • sandcat.go-darwin compiled binary for Mac targets

  • sandcat.go-darwin-arm64 compiled binary for Mac with ARM processor targets

  • sandcat.go-linux compiled binary for Linux targets

  • sandcat.go-windows compiled binary for Windows targets

These files get updated when dynamically compiling agents, so they will always contain the latest compiled version on your system.


To deploy Sandcat, use one of the built-in delivery commands from the main server GUI which allows you to run the agent on Windows, Mac, or Linux.

Each of these commands downloads a compiled Sandcat executable from Caldera and runs it immediately.

Once the agent is running, it should show log messages when it beacons into Caldera.

If you have GoLang installed on the Caldera server, each time you run one of the delivery commands above, the agent will re-compile itself dynamically to obtain a new file hash. This will help bypass file-based signature detections.


When running the Sandcat agent binary, there are optional parameters you can use when you start the executable:

  • -H "architecture: [architecture]": For MacOS, both amd64 and arm64 are supported. When retrieving the executable from the server, the architecture header can be used to select the correct executable: -H "architecture:amd64" or -H "architecture:arm64".

  • -server [C2 endpoint]: This is the location (e.g. HTTP URL, IPv4:port string) that the agent will use to reach the C2 server. (e.g. -server, -server, -server The agent must have connectivity to this endpoint.

  • -group [group name]: This is the group name that you would like the agent to join when it starts. The group does not have to exist beforehand. A default group of red will be used if this option is not provided (e.g. -group red, -group mygroup)

  • -v: Toggle verbose output from sandcat. If this flag is not set, sandcat will run silently. This only applies to output that would be displayed on the target machine, for instance if running sandcat from a terminal window. This option does not affect the information that gets sent to the C2 server.

  • -httpProxyGateway [gateway]: Sets the HTTP proxy gateway if running Sandcat in environments that use proxies to reach the internet

  • -paw [identifier]: Optionally assign the agent with an identifier value. By default, the agent will be assigned a random identifier by the C2 server.

  • -c2 [C2 method name]: Instruct the agent to connect to the C2 server using the given C2 communication method. By default, the agent will use HTTP(S). The following C2 channels are currently supported:

    • HTTP(S) (-c2 HTTP, or simply exclude the c2 option)

    • DNS Tunneling (-c2 DnsTunneling): requires the agent to be compiled with the DNS tunneling extension.

    • FTP (-c2 FTP): requires the agent to be compiled with the FTP extension

    • Github GIST (-c2 GIST): requires the agent to be compiled with the Github Gist extension

    • Slack (-c2 Slack): requires the agent to be compiled with the Slack extension

    • SMB Pipes (-c2 SmbPipe): allows the agent to connect to another agent peer via SMB pipes to route traffic through an agent proxy to the C2 server. Cannot be used to connect directly to the C2. Requires the agent to be compiled with the proxy_smb_pipe SMB pipe extension.

  • -delay [number of seconds]: pause the agent for the specified number of seconds before running

  • -listenP2P: Toggle peer-to-peer listening mode. When enabled, the agent will listen for and accept peer-to-peer connections from other agents. This feature can be leveraged in environments where users want agents within an internal network to proxy through another agent in order to connect to the C2 server.

  • -originLinkID [link ID]: associated the agent with the operation instruction with the given link ID. This allows the C2 server to map out lateral movement by determining which operation instructions spawned which agents.

Additionally, the sandcat agent can tunnel its communications to the C2 using the following options (for more details, see the C2 tunneling documentation


In order to keep the agent code lightweight, the default Sandcat agent binary ships with limited basic functionality. Users can dynamically compile additional features, referred to as “gocat extensions”. Each extension is temporarily added to the existing core sandcat code to provide functionality such as peer-to-peer proxy implementations, additional executors, and additional C2 communication protocols.

To request particular extensions, users must include the gocat-extensions HTTP header when asking the C2 to compile an agent. The header value must be a comma-separated list of requested extensions. The server will include the extensions in the binary if they exist and if their dependencies are met (i.e. if the extension requires a particular GoLang module that is not installed on the server, then the extension will not be included).

Below is an example PowerShell snippet to request the C2 server to include the proxy_http and shells extensions:

$url=""; # change server IP/port as needed
$wc=New-Object System.Net.WebClient;
$wc.Headers.add("platform","windows"); # specifying Windows build
$wc.Headers.add("file","sandcat.go"); # requesting sandcat binary
$wc.Headers.add("gocat-extensions","proxy_http,shells"); # requesting the extensions
$output="C:\Users\Public\sandcat.exe"; # specify destination filename
$wc.DownloadFile($url,$output); # download

The following features are included in the stock default agent:

  • HTTP C2 contact protocol for HTTP(S)

  • psh PowerShell executor (Windows)

  • cmd cmd.exe executor (Windows)

  • sh shell executor (Linux/Mac)

  • proc executor to directly spawn processes from executables without needing to invoke a shell (Windows/Linux/Mac)

  • SSH tunneling to tunnel traffic to the C2 server.

Additional functionality can be found in the following agent extensions:

C2 Communication Extensions

  • gist: provides the Github Gist C2 contact protocol. Requires the following GoLang modules:



  • dns_tunneling: provides the DNS tunneling C2 communication protocol. Requires the following GoLang modules:


  • ftp: provides the FTP C2 communication protocol. Requires the following GoLang modules:


  • slack: provides the Slack C2 communication protocol.

  • proxy_http: allows the agent to accept peer-to-peer messages via HTTP. Not required if the agent is simply using HTTP to connect to a peer (acts the same as connecting direclty to the C2 server over HTTP).

  • proxy_smb_pipe: provides the SmbPipe peer-to-peer proxy client and receiver for Windows (peer-to-peer communication via SMB named pipes).

    • Requires the GoLang module

Executor Extensions

  • shells: provides the osascript (Mac Osascript), pwsh (Windows powershell core), and Python (python2 and python3) executors.

  • shellcode: provides the shellcode executors.

  • native: provides basic native execution functionality, which leverages GoLang code to perform tasks rather than calling external binaries or commands.

  • native_aws: provides native execution functionality specific to AWS. Does not require the native extension, but does require the following GoLang modules:



  • donut: provides the Donut functionality to execute certain .NET executables in memory. See for additional information.

Other Extensions

  • shared extension provides the C sharing functionality for Sandcat. This can be used to compile Sandcat as a DLL rather than a .exe for Windows targets.

Exit Codes

Exit codes returned from Sandcat vary across executors. Typical shell executors will return the exit code provided by the shell. Certain executor extensions will return values hard-coded in Sandcat.

Sandcat includes general exit codes which may be utilized by executors, overriden by executors, or used in error cases. The following values describe general Sandcat exit codes:

  • -1: Error (e.g., cannot decode command, payload not available)

  • 0: Success

The following values describe exit codes utilized by specific executors:

  • shells: Returns the exit code provided by the OS/shell.

  • shellcode: Utilizes the general Sandcat exit codes.

  • native and native_aws:

    • 0: Success

    • 1: Process error (e.g., error while executing code)

    • 2: Input error (e.g., invalid parameters)

  • donut: Returns the exit code provided by the OS/shell.

Customizing Default Options & Execution Without CLI Options

It is possible to customize the default values of these options when pulling Sandcat from the Caldera server.
This is useful if you want to hide the parameters from the process tree or if you cannot specify arguments when executing the agent binary.

You can do this by passing the values in as headers when requesting the agent binary from the C2 server instead of as parameters when executing the binary.

The following parameters can be specified this way:

  • server

  • group

  • listenP2P

For example, the following will download a linux executable that will use as the server address instead of http://localhost:8888, will set the group name to mygroup instead of the default red, and will enable the P2P listener:

curl -sk -X POST -H 'file:sandcat.go' -H 'platform:linux' -H 'server:' -H 'group:mygroup' -H 'listenP2P:true' http://localhost:8888/file/download > sandcat

Additionally, if you want the C2 server to compile the agent with a built-in list of known peers (agents that are actively listening for peer-to-peer requests), you can do so with the following header:

  • includeProxyPeers Example usage:

  • includeProxyPeers:all - include all peers, regardless of what proxy methods they are listening on

  • includeProxypeers:SmbPipe - only include peers listening for SMB pipe proxy traffic

  • includeProxypeers:HTTP - only include peers listening for HTTP proxy traffic.