Light

harleyqu1nn / aggressorscripts Goto Github PK

View Code? Open in Web Editor NEW

1.5K 68.0 301.0 194 KB

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

Python 18.87% PowerShell 9.96% C# 71.17%

cna aggressor-scripts red-team scripts aggressor cobalt-strike

aggressorscripts's Introduction

Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

All_In_One.cna v1 - Removed and outdated
- All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
- Version 2 is currently in development!
ArtifactPayloadGenerator.cna
- Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener
- Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads
AVQuery.cna
- Queries the Registry with powershell for all AV Installed on the target
- Quick and easy way to get the AV you are dealing with as an attacker
CertUtilWebDelivery.cna
- Stageless Web Delivery using CertUtil.exe
- Powerpick is used to spawn certutil.exe to download the stageless payload on target and execute with rundll32.exe
EDR.cna
- Detects EDR solutions running on local/remote hosts
RedTeamRepo.cna
- A common collection of OS commands, and Red Team Tips for when you have no Google or RTFM on hand.
- Script will be updated on occasion, feedback and more inputs are welcomed!
ProcessColor.cna
- Color coded process listing without the file requirement.
- Thanks to @oldb00t for the original version: https://github.com/oldb00t/AggressorScripts/tree/master/Ps-highlight

aggressorscripts's People

Contributors

Stargazers

Watchers

Forkers

pentestingxroot guest20 aldaw0lf vysecurity johnjohnsp1 jack51706 varbaek subinacls itys expertasif olivierh59500 cephurs cybertroyeu h0k5 h1d3r suriya73 yeyintminthuhtut redwifiteam homjxi0e jbarcia mehrdad-shokri fengzihk josh19905 fogsec jerusalemsbell budi-khoirudin rvrsh3ll cyberspacekittens superdong0 dm2333 gavz orf53975 aln7 m00zh33 yehgdotnet quikilr jontargaryen v1ad ring007c hel1and juan157 r3dfruitrollup 1337g securesean qqvirus 7kbstorm angrypapa demonsec666 deelmind moriarty2016 techlord-rce julio1925 disk-kk myxss r0ug3 bravery9 qsdj taylorwin kzwkt w00t3k inosec eniac888 siowcy vsirer k0rsec cgke raystyle h4554nalmusajjen shadowliangliang heirhabarov eln1x thered r0cknrolla projectbaadshah explife0011 sry309 ne0nd0g minelost15 dipsec liufeng-take yinong258 secdatahunter bowentr wahyuhadi infosecn1nja thewover jonekee vincentdthe l9sk noobzero rcstep thinkergod t0mcat3r a1kaid edepree splice-r gnipnehc hnytgl shuots alainw68

aggressorscripts's Issues

Armitage

Hi
Are this scripts work in Armitage?

ServiceEXEPersist.cna sc CREATE command Errors out on older windows distributions

First, thanks for these scripts. Anyone who puts their good works up front like this is a real hero, and there are many out there. As payback, I have been testing some of these scripts over various OS's. Here is one I found to be an issue with a suggested fix:

File: ServiceEXEPersist.cna
lines 16-19.
the "sc" commands need to be modified to use "sc.exe". During testing of multiple OS's, especially older windows like Windows 7/8/2008, the binpath= argument will error out when inserting persistence. By moving the command call to sc.exe, the entire command will properly process the new sc create command - now I am not sure why, but it just does...

ArtifactPayloadGenerator.cna script bug

My English is bad

$listener_name = lc($name);
if ($listener_name hasmatch "http" || $listener_name hasmatch "https")

If the listener name does not contain HTTP or HTTPS, it will fail.
Can use the listener_info function
This will get the type of listener

$listener_name = listener_info($name);
if ($listener_name hasmatch "http" || $listener_name hasmatch "https") {
......
}
else{
.......
}

Need for video tutorial

hi man , first thanks for this great scripts, but i need a small tutorial using all these scripts please , thanks in advance.

Case sensitive process matches for ProcessColor.cna ?

Is the string comparison case sensitive ? I have seen a number of hosts where 'cb.exe' processes were not properly highlighted in red. I think that also happened for Tanium processes a couple times.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.