/AutoFunkt

Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

AutoFunkt

       d8888          888            8888888888                888      888          
      d88888          888            888                       888      888          
     d88P888          888            888                       888      888          
    d88P 888 888  888 888888 .d  b.  8888888 888  888 88888b.  888  888 888888       
   d88P  888 888  888 888   d88  88b 888     888  888 888 "88b 888 .88P 888          
  d88P   888 888  888 888            888     888  888 888  888 888888K  888          
 d8888888888 Y88b 888 Y88b. Y88  88P 888     Y88b 888 888  888 888 "88b Y88b.        
d88P     888  "Y88888  "Y888 "Y  P"  888      "Y88888 888  888 888  888  "Y888   

    			malleable c2 => serverless cloud functions

Written by Adam Rose GitHub | twitter

Acknowledgements

Prerequisites

  • Python 3.9 or higher
  • Google Cloud Functions CLI
  • Azure Functions Core Tools

Usage

  1. Clone the repo: git clone https://github.com/FortyNorthSecurity/AutoFunkt.git
  2. Install requirements: pip3 install -r requirements.txt
  3. Generate Google Cloud Functions: python3 autofunkt.py -p /path/to/profile -t https://teamserver.url -o /path/to/output/directory -g
  4. Generate Azure Functions: python3 autofunkt.py -p /path/to/profile -t https://teamserver.url -o /path/to/output/directory -a -s <azure-subdomain> -r <route-prefix>

Command Line Arguments

  • -p, --profile_path: Path to Malleable C2 profile (required)
  • -t, --teamserver_url: Teamserver URL (required)
  • -o, --output-dir: Output directory (required)
  • -g, --google: Generate Google Cloud Functions (optional, default: False)
  • -a, --azure: Generate Azure Functions (optional, default: False)
  • -s, --azure-subdomain: Azure subdomain (required for Azure)
  • -r, --route-prefix: Azure custom route prefix (optional, default: None)

Notes

  • The teamserver_url must end with a / (slash).
  • The uri value in the http-get and http-post blocks of the Malleable C2 profile must contain only one URI string.
  • For Google Cloud Functions, the program creates a directory for each URI value and generates a main.py and requirements.txt file in each directory.
  • For Azure Functions, the program creates an azure directory and generates a main.py, host.json, proxies.json, and requirements.txt file in it.