breakid / redreaper Goto Github PK
View Code? Open in Web Editor NEWThis tool is designed to simplify and automate the extraction and organization of useful data from Cobalt Strike logs.
License: GNU General Public License v3.0
This tool is designed to simplify and automate the extraction and organization of useful data from Cobalt Strike logs.
License: GNU General Public License v3.0
Logonpasswords lists the most recent logons first, but the parsing module will attempt to parse all entries. This may result in older data overwriting newer data.
Add a parser for nslookup that will add DNS data.
Due to the way Cobalt Strike works (i.e., out-of-order execution and logging output with no information linking it to it's associated input), it is non-trivial to link input and output during post-processing. That said, it should be possible to limit the potential matches, potentially down to one in some cases.
Case 1:
Case 2:
Case 3:
If there are multiples of each command, such as multiple dsqueries, it becomes extremely difficult to match input to output.
Figure out how to automatically map a DNS domain to an NT domain. Ideally this would be done using only information available via Cobalt Strike's built-in tools to eliminate the need to run specific commands on target systems. The less we have to rely on users to run specific commands, the better.
Remote dirs are currently logged under the source host rather than the destination. However, the data is related to the destination so it makes more sense to record it there.
Post-process host and domain data before printing. Prompt user for any missing DNS or NT domain data and re-categorize the data eliminate all 'unknowns'.
The way credentials are merged now, it's possible for more recent data to be overwritten by older data when re-categorizing "Unknown" data. This was known at the time, but the re-categorization code was particularly complex, and this was deemed "good enough" for a prototype.
Currently only A and CNAME records are parsed.
The ipconfig parser is currently limited to one IP of each version (4 or 6) per NIC.
The dsquery module currently relies on specific unique fields to be present per object type. Add logic to check for 'objectclass'; this should improve recognition when users run "-attr *".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.