CobaltStrikeParser-Go

command module
v1.0.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2022 License: MIT Imports: 9 Imported by: 0

README

CobaltStrikeParser-go

Golang parser for CobaltStrike Beacon's configuration, reference CobaltStrikeParser project

CobaltStrike Beacon 配置解析器,参考CobaltStrikeParser项目进行开发

使用

go build -o CobaltStrikeParser.exe main.go

CobaltStrikeParser.exe -u http://127.0.0.1 -o c2configflie.txt -t 10
CobaltStrikeParser.exe -f c2urlflie -o c2configflie.txt -t 10 -br 5

-u       This can be a url (if started with http/s)
-f       This can be a file path (if started with http/s)
-o       out file
-t       timeout. default:30
-br      thread,import file valid. default:1
-issave  save not decrypted data to file ,Saved in the data directory. default:false
-beaconfile  beacon config file path

使用作为函数调用

不要调用 beaconscan.BeaconInitThread 这是多线程模式启动

beaconscan.Beaconinit(url, fliename, timeout)

当flienmae 为""时返回数据返回json格式的数据和错误信息

当fliename 不为""时会将json数据写入flienmae中

当 IsSave 为true时,会将未解密的beacon保存到当前目录下data文件夹中

url := "https://www.google.com"
timeout : = 5
beaconinfo, err := beaconscan.Beaconinit(url, "", timeout,false)
if err != nil {
    fmt.Println(err)
} else {
    if beaconinfo.IsCobaltStrike {
        fmt.Println(beaconscan.StructToJson(beaconinfo))
    } else if beaconinfo.Confidence > 0 {
        fmt.Println(url + beaconinfo.ConfidenceInfo)
    } else {
        fmt.Println(url + "Not CobaltStrike")
    }
}

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
lib
http
Package http provides HTTP client and server implementations.
Package http provides HTTP client and server implementations.
http/cgi
Package cgi implements CGI (Common Gateway Interface) as specified in RFC 3875.
Package cgi implements CGI (Common Gateway Interface) as specified in RFC 3875.
http/cookiejar
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
http/fcgi
Package fcgi implements the FastCGI protocol.
Package fcgi implements the FastCGI protocol.
http/httpproxy
Package httpproxy provides support for HTTP proxy determination based on environment variables, as provided by net/http's ProxyFromEnvironment function.
Package httpproxy provides support for HTTP proxy determination based on environment variables, as provided by net/http's ProxyFromEnvironment function.
http/httptest
Package httptest provides utilities for HTTP testing.
Package httptest provides utilities for HTTP testing.
http/httptrace
Package httptrace provides mechanisms to trace the events within HTTP client requests.
Package httptrace provides mechanisms to trace the events within HTTP client requests.
http/httputil
Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package.
Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package.
http/internal
Package internal contains HTTP internals shared by net/http and net/http/httputil.
Package internal contains HTTP internals shared by net/http and net/http/httputil.
http/internal/testcert
Package testcert contains a test-only localhost certificate.
Package testcert contains a test-only localhost certificate.
http/pprof
Package pprof serves via its HTTP server runtime profiling data in the format expected by the pprof visualization tool.
Package pprof serves via its HTTP server runtime profiling data in the format expected by the pprof visualization tool.
internal/buildcfg
Package buildcfg provides access to the build configuration described by the current environment.
Package buildcfg provides access to the build configuration described by the current environment.
internal/cfg
Package cfg holds configuration shared by the Go command and internal/testenv.
Package cfg holds configuration shared by the Go command and internal/testenv.
internal/cpu
Package cpu implements processor feature detection used by the Go standard library.
Package cpu implements processor feature detection used by the Go standard library.
internal/execabs
Package execabs is a drop-in replacement for os/exec that requires PATH lookups to find absolute paths.
Package execabs is a drop-in replacement for os/exec that requires PATH lookups to find absolute paths.
internal/fmtsort
Package fmtsort provides a general stable ordering mechanism for maps, on behalf of the fmt and text/template packages.
Package fmtsort provides a general stable ordering mechanism for maps, on behalf of the fmt and text/template packages.
internal/goexperiment
Package goexperiment implements support for toolchain experiments.
Package goexperiment implements support for toolchain experiments.
internal/lazyregexp
Package lazyregexp is a thin wrapper over regexp, allowing the use of global regexp variables without forcing them to be compiled at init.
Package lazyregexp is a thin wrapper over regexp, allowing the use of global regexp variables without forcing them to be compiled at init.
internal/lazytemplate
Package lazytemplate is a thin wrapper over text/template, allowing the use of global template variables without forcing them to be parsed at init.
Package lazytemplate is a thin wrapper over text/template, allowing the use of global template variables without forcing them to be parsed at init.
internal/nettrace
Package nettrace contains internal hooks for tracing activity in the net package.
Package nettrace contains internal hooks for tracing activity in the net package.
internal/obscuretestdata
Package obscuretestdata contains functionality used by tests to more easily work with testdata that must be obscured primarily due to golang.org/issue/34986.
Package obscuretestdata contains functionality used by tests to more easily work with testdata that must be obscured primarily due to golang.org/issue/34986.
internal/oserror
Package oserror defines errors values used in the os package.
Package oserror defines errors values used in the os package.
internal/poll
Package poll supports non-blocking I/O on file descriptors with polling.
Package poll supports non-blocking I/O on file descriptors with polling.
internal/profile
Package profile provides a representation of github.com/google/pprof/proto/profile.proto and methods to encode/decode/merge profiles in this format.
Package profile provides a representation of github.com/google/pprof/proto/profile.proto and methods to encode/decode/merge profiles in this format.
internal/race
Package race contains helper functions for manually instrumenting code for the race detector.
Package race contains helper functions for manually instrumenting code for the race detector.
internal/reflectlite
Package reflectlite implements lightweight version of reflect, not using any package except for "runtime" and "unsafe".
Package reflectlite implements lightweight version of reflect, not using any package except for "runtime" and "unsafe".
internal/singleflight
Package singleflight provides a duplicate function call suppression mechanism.
Package singleflight provides a duplicate function call suppression mechanism.
internal/syscall/windows/registry
Package registry provides access to the Windows registry.
Package registry provides access to the Windows registry.
internal/syscall/windows/sysdll
Package sysdll is an internal leaf package that records and reports which Windows DLL names are used by Go itself.
Package sysdll is an internal leaf package that records and reports which Windows DLL names are used by Go itself.
internal/sysinfo
Package sysinfo implements high level hardware information gathering that can be used for debugging or information purposes.
Package sysinfo implements high level hardware information gathering that can be used for debugging or information purposes.
internal/testenv
Package testenv provides information about what functionality is available in different testing environments run by the Go team.
Package testenv provides information about what functionality is available in different testing environments run by the Go team.
internal/testlog
Package testlog provides a back-channel communication path between tests and package os, so that cmd/go can see which environment variables and files a test consults.
Package testlog provides a back-channel communication path between tests and package os, so that cmd/go can see which environment variables and files a test consults.
internal/unsafeheader
Package unsafeheader contains header declarations for the Go runtime's slice and string implementations.
Package unsafeheader contains header declarations for the Go runtime's slice and string implementations.
internal/xcoff
Package xcoff implements access to XCOFF (Extended Common Object File Format) files.
Package xcoff implements access to XCOFF (Extended Common Object File Format) files.
url
Package url parses URLs and implements query escaping.
Package url parses URLs and implements query escaping.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL