This Cobalt Strike CNA (Cobalt Strike Aggressor) script allows you to get notified in Teams when a new beacon is established. The notification includes details such as the external IP, internal IP, hostname, and username of the machine that established the beacon.
To use this script, you need to perform the following steps:
-
Update the
notify.pyscript with your Teams webhook URL. You can follow this guide to learn how to create a Teams incoming webhook. -
Load the
teamsnotify.cnascript into Cobalt Strike.
The script will now send a notification to the specified Teams channel every time a new beacon is established.
The teamsnotify.cna script hooks the beacon_initial event and passes the necessary parameters to the Python script. These parameters are the external IP, internal IP, hostname, and username of the machine that established the beacon.
The Python script, notify.py, takes these parameters and sends a notification to Teams using the webhook URL. The notification is in the form of a message card, which includes the details of the new beacon.
- Cobalt Strike
- Python 3
- Requests module (pip install requests)