Awesome
goMalleable
🔎🪲 Malleable C2 profiles parser and assembler library written in golang
Latest supported CobaltStrike version: 4.9.1
Table of Contents
WARNING
goMalleable treats you as a consenting adult and assumes you know how to write Malleable C2 Profiles. It's able to detect syntax errors, however there are no runtime checks implemented. It'll gladly generate profiles that don't actually work in production if instructed to do so. Always run the generated profiles through c2lint before using them in production!
Installation
Package can be installed with:
go get github.com/D00Movenok/goMalleable@v1
Usage
Parse
Function Parse
parses Malleable profile string to easy-to-read structure. Full example Link.
package main
import (
"os"
malleable "github.com/D00Movenok/goMalleable"
)
func main() {
...
data, _ := os.Open("example.profile")
parsed, _ := malleable.Parse(data)
...
}
Full definition of structure can be found here.
Assembly
You may print this structure as string to get Malleable profile file. Full example: Link.
fmt.Println(parsed)
Output:
...
set host_stage "false";
set jitter "33";
set tcp_frame_header "";
set useragent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36";
https-certificate {
set CN "whatever.com";
set L "California";
set O "whatever LLC.";
set OU "local.org";
set ST "CA";
set validity "365";
set C "US";
}
...
Examples
Link | Description |
---|---|
Link | Example of profile parsing |
Link | Example of profile creation |
TODO
- Use map[Name]Type instead of []Type with Name field