NexusC2 NexusC2

Database Schema

Complete reference for the NexusC2 PostgreSQL database tables and structure.

Overview

NexusC2 uses PostgreSQL for persistent storage. The database contains tables for agent tracking, command history, listener configuration, authentication, and link routing.

Connection Details:

  • Database: ops
  • User: postgres
  • Port: 5432 (internal only)
  • Authentication: SCRAM-SHA-256

For service architecture and how components connect to the database, see Infrastructure.

Core Tables

connections

Primary agent tracking table.

ColumnTypeDescription
newclientidUUIDUnique agent identifier (PK)
clientidVARCHAROriginal client ID from build
protocolVARCHARConnection protocol (HTTP/HTTPS/SMB)
protoVARCHARProtocol variant
extipVARCHARExternal IP address
intipVARCHARInternal IP address
usernameVARCHARCurrent user
hostnameVARCHARMachine name
processVARCHARProcess name
pidVARCHARProcess ID
archVARCHARArchitecture (amd64, arm64)
osVARCHAROperating system
secret1VARCHARCurrent encryption key
secret2VARCHARPrevious encryption key
lastseenTIMESTAMPLast check-in time
aliasVARCHARCustom agent name
noteTEXTOperator notes
deleted_atTIMESTAMPSoft delete timestamp
parent_clientidUUIDParent agent (for linked agents)
link_typeVARCHAR(20)Link type (e.g., “smb”)
hop_countINTEGERDistance from initial agent (default: 0)

commands

Command audit log.

ColumnTypeDescription
idSERIALPrimary key
usernameVARCHAR(255)Operator who issued command
guidVARCHAR(255)Target agent
commandTEXTCommand text
timestampTIMESTAMPWhen issued

command_outputs

Command execution results.

ColumnTypeDescription
idSERIALPrimary key
command_idINTEGERFK to commands
outputTEXTCommand output
timestampTIMESTAMPWhen received

listeners

Active listener configuration.

ColumnTypeDescription
idUUIDPrimary key
nameVARCHARListener name
protocolVARCHARHTTP/HTTPS/SMB
portVARCHARListen port
ipVARCHARBind address
pipe_nameVARCHARNamed pipe (SMB only)
get_profileVARCHAR(100)GET request profile (default: “default-get”)
post_profileVARCHAR(100)POST request profile (default: “default-post”)
server_response_profileVARCHAR(100)Server response profile (default: “default-response”)
smb_profileVARCHAR(100)SMB transform profile

inits

Payload initialization data. Stores RSA keys and secrets for new agents before they connect.

ColumnTypeDescription
idUUIDPrimary key
clientidUUIDClient ID for payload
typeVARCHARPayload type
secretVARCHARInitial secret
osVARCHARTarget OS
archVARCHARTarget architecture
rsakeyVARCHARRSA private key
smb_profileVARCHAR(100)SMB profile name (for SMB agents)
smb_xor_keyVARCHAR(32)Per-build unique XOR key (for SMB agents)

Multi-hop routing paths for linked agents.

ColumnTypeDescription
idUUIDPrimary key
source_guidUUIDSource agent
destination_guidUUIDTarget agent
next_hop_guidUUIDNext hop in path
hop_countINTEGERTotal hops
route_createdTIMESTAMPWhen route was created
last_usedTIMESTAMPLast time route was used
statusVARCHAR(50)Route status (default: “active”)

SMB routing table. Maps local routing IDs to linked agent UUIDs.

ColumnTypeDescription
idSERIALPrimary key
edge_clientidUUIDEdge agent
routing_idVARCHAR(16)Local routing ID
linked_clientidUUIDLinked agent
link_typeVARCHAR(20)Link type (default: “smb”)
smb_profileVARCHAR(100)SMB profile name
smb_xor_keyVARCHAR(32)Per-build unique XOR key
statusVARCHAR(20)“active” or “disconnected”
created_atTIMESTAMPWhen link was established
last_seenTIMESTAMPLast activity

Agent Management Tables

agent_aliases

Custom agent aliases for easier identification.

ColumnTypeDescription
guidTEXTAgent GUID (PK)
aliasTEXTCustom alias
updated_atTIMESTAMPLast update time

agent_tags

Tags for organizing and filtering agents.

ColumnTypeDescription
idSERIALPrimary key
agent_guidUUIDFK to connections
tag_nameVARCHAR(100)Tag name
tag_colorVARCHAR(7)Hex color (default: “#4A90E2”)
created_atTIMESTAMPWhen tag was added

Authentication Tables

api_users

REST API user accounts.

ColumnTypeDescription
idUUIDPrimary key (auto-generated)
usernameVARCHAR(255)Unique username
password_hashVARCHAR(255)Bcrypt hash
created_atTIMESTAMPAccount creation
last_loginTIMESTAMPLast login time
is_activeBOOLEANAccount status (default: true)

api_tokens

Refresh token storage for JWT authentication.

ColumnTypeDescription
idUUIDPrimary key
user_idUUIDFK to api_users
refresh_token_hashVARCHARToken hash
expires_atTIMESTAMPExpiration time
created_atTIMESTAMPCreation time

user_sessions

GUI client session tracking.

ColumnTypeDescription
sesion_idUUIDSession ID (PK)
usernameVARCHARUsername
login_timeTIMESTAMPWhen session started
logout_timeTIMESTAMPWhen session ended

Querying the Database

To connect to the database directly:

# From the host machine
docker exec -it database psql -U postgres -d ops

# Common queries
\dt                              # List all tables
\d connections                   # Describe connections table
SELECT * FROM connections;       # List all agents
SELECT * FROM listeners;         # List all listeners
to navigate to select ESC to close
Powered by Pagefind