Lurker is a cross-platform, companion implant to Cobalt Strike built with Go
Lurker is currently tested on:
- Windows
- Linux
- macOS
Lurker supports the following commands:
- sleep - Adjust Lurker's check-in time
- shell - Run commands on the target
- upload - Upload files to a target machine
- download - Download files from a target machine
- exit - Terminate Lurker's process
- cd - Change directories
- ls - List current working directory contents
- pwd - Display the current working directory
More commands are under development
- Clone the Lurker repo
- Run the
keyExtract.py
script in the same directory as the team server's.cobaltstrike.beacon_keys
file - Copy the RSA public key into the
constants.go
'sRsaPublicKey
variable - Edit the remaining
constants.go
variables with the desired configuration - Create a new GET/POST block in the Malleable C2 profile using the same format as
sample.profile
- Set the
GOOS
andGOARCH
env variables to determine Lurker's target OS and architecture - In the root directory,
go build main.go
Lurker is an open source project meant to be used with authorization to assess the security posture and conduct security research.
Lurker is refactored from and built on @darkr4y's Geacon project (https://github.com/darkr4y/geacon)