/CS-Aggressor-Scripts

Aggressor Scripts for Cobalt Strike

Primary LanguagePowerShell

CS-Aggressor-Scripts

Aggressor script for easier team collaboration with Cobalt Strike.

Description

ℹ️ This project contains CNA files for Cobalt Strike, parsers for automated editing of the CNA files, and guides to set up webhooks on the Slack application.

These CNA files will notify you via the Slack application when:

  • A new client connects to the team server.
  • A CS client disconnects from the team server.
  • A new incoming beacon.
  • A new web hit occurs.
  • A CS client posts something in the event log.
  • New site hosts.
  • New credentials come in from keylogging.
  • A new screenshot is taken from Cobalt Strike.

ℹ️ The scripts are compatible with both the Windows and Linux operating systems.

The following table illustrates the CNA files included in this project:

Name OS App Description
slack-alerts_linux.cna Linux Slack Slack CNA file for Linux CS client
slack-alerts_windows.cna Windows Slack Slack CNA file for Windows CS client

Acknowledgement

The official author of this project is @sec_groundzero.

Special thanks to my friend @nickvourd for his contributions.

This aggressor script was inspired by @bluescreenofjeff's projects.

Table of Contents

Webhooks

Setup Slack and Webhooks

ℹ️ To set up a Slack server and webhook, you can follow these guides provided on the Slack website.

Parsers

In this project, there are two parsers that automate the editing of CNA file according to your personal preferences.

ℹ️ However, you can manually edit the CNA files without using the parsers.

In the following table, the parsers of this project are presented:

Name Language OS App Description
slack-cna-parser_linux.sh Bash Linux Slack Slack CNA Parser for Linux systems
slack-cna-parser_windows.ps1 PowerShell Windows Slack Slack CNA Parser for Windows systems

Linux Parser for Slack

The Linux parser for Slack uses three mandatory arguments:

  • hostname
  • channel
  • webhook

To run the linux parser, you should use the following usage:

./slack-cna-parser_linux.sh --channel "#XXXX" --hostname "XXXX" --webhook "https://hooks.slack.com/services/XXXX"

Example:

linux-parser-example

Windows Parser for Slack

The Windows parser for Slack uses three mandatory arguments:

  • hostname
  • channel
  • webhook

To run the windows parser, you should use the following usage:

.\slack-cna-parser_windows.ps1  -hostname "XXXX" -channel "#XXXX" -webhook "https://hooks.slack.com/services/XXXX"

Example:

windows-parser-example

References