explaingit

nirvanaon/spotifyc2

Analysis updated 2026-05-18

98CAudience · developerComplexity · 3/5LicenseSetup · moderate

TLDR

A Windows C program that uses a Spotify playlist title as a command channel and delivers command output to a Telegram chat, built for cybersecurity research and detection engineering.

Mindmap

mindmap
  root((SpotifyC2))
    How It Works
      Spotify playlist title
      Polls every 20 seconds
      Executes local command
      Sends output to Telegram
    Tech Stack
      C
      libcurl
      Telegram Bot API
    Use Cases
      Detection engineering
      Threat emulation
      Security research
    Setup
      Visual Studio 2022
      Spotify playlist ID
      Telegram bot token
    Research Goals
      Cloud channel abuse
      Network telemetry
      Defensive detections
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how legitimate cloud services can serve as covert communication channels in a controlled lab environment

USE CASE 2

Generate realistic Spotify and Telegram HTTPS traffic patterns to build and test network detection rules

USE CASE 3

Demonstrate command-and-control concepts during security training or authorized red team exercises

USE CASE 4

Emulate a cloud-assisted threat scenario to test endpoint monitoring and alerting tools

What is it built with?

CWindowslibcurlSpotify oEmbed APITelegram Bot APIVisual Studio 2022

How does it compare?

nirvanaon/spotifyc2chaelsoo/hollowmitchellh/tree-sitter-proto
Stars988075
LanguageCCC
Last pushed2024-06-21
MaintenanceDormant
Setup difficultymoderatemoderatemoderate
Complexity3/53/52/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Visual Studio 2022 with Windows SDK and libcurl configured, plus a Spotify playlist ID and a Telegram bot token set as compile-time constants.

MIT: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

SpotifyC2 is a Windows-based program written in C that demonstrates how a public cloud service can serve as a command channel for a controlled test environment. An operator renames a Spotify playlist to whatever shell command they want executed, and a client program running on a Windows machine polls that playlist every 20 seconds, reads the title, runs the command, and sends the output back to a Telegram chat. No dedicated server is involved. The project intentionally avoids needing a Spotify developer account or OAuth login. It uses Spotify's public oEmbed endpoint, a URL that returns basic metadata about any playlist without authentication. The client downloads that metadata with libcurl, parses the playlist title, executes the command with a Windows system function that captures standard output, URL-encodes the result, and posts it to a Telegram bot via its HTTP API. All traffic travels over HTTPS. The codebase is a single C source file with five functions: one to fetch the Spotify playlist title, one to run the command and capture its standard output, one to send output to Telegram, one network data callback, and one URL encoder. To build it you need Visual Studio 2022, the Windows SDK, and libcurl. Before compiling you set four constants directly in the source: the Spotify playlist ID, the Telegram bot token, the chat ID, and the polling interval, which defaults to 20 seconds. Commands are only executed when the playlist title changes. The README is explicit that this is security research for defensive purposes: studying how legitimate services can be misused as covert channels, generating realistic network traffic for detection engineering, and supporting threat emulation in authorized lab settings. It includes a disclaimer requiring explicit permission before deploying on any network.

Copy-paste prompts

Prompt 1
I'm building a detection rule for SpotifyC2-style traffic. What Spotify oEmbed API calls and Telegram API patterns should I look for in network logs?
Prompt 2
Explain the SpotifyC2 architecture: how does the client know when a new command has been issued, and how does it avoid executing duplicate commands?
Prompt 3
Write a Sigma detection rule for SpotifyC2: the client polls the Spotify oEmbed API over HTTPS and then posts command output to api.telegram.org.
Prompt 4
How would I extend SpotifyC2 to support multiple clients each reporting to different Telegram chats while using the same shared Spotify playlist?

Frequently asked questions

What is spotifyc2?

A Windows C program that uses a Spotify playlist title as a command channel and delivers command output to a Telegram chat, built for cybersecurity research and detection engineering.

What language is spotifyc2 written in?

Mainly C. The stack also includes C, Windows, libcurl.

What license does spotifyc2 use?

MIT: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is spotifyc2 to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is spotifyc2 for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub nirvanaon on gitmyhub

Verify against the repo before relying on details.