Awesome
CS-Aggressor-Scripts
Aggressor script for easier team collaboration with Cobalt Strike.
Description
:information_source: This project contains CNA files for Cobalt Strike, parsers for automated editing of the CNA files, and guides to set up webhooks on the Slack application.
These CNA files will notify you via the Slack application when:
- A new client connects to the team server.
- A CS client disconnects from the team server.
- A new incoming beacon.
- A new web hit occurs.
- A CS client posts something in the event log.
- New site hosts.
- New credentials come in from keylogging.
- A new screenshot is taken from Cobalt Strike.
:information_source: The scripts are compatible with both the Windows and Linux operating systems.
The following table illustrates the CNA files included in this project:
| Name | OS | App | Description |
|---|---|---|---|
| slack-alerts_linux.cna | Linux | Slack | Slack CNA file for Linux CS client |
| slack-alerts_windows.cna | Windows | Slack | Slack CNA file for Windows CS client |
Acknowledgement
The official author of this project is @sec_groundzero.
Special thanks to my friend @nickvourd for his contributions.
This aggressor script was inspired by @bluescreenofjeff's projects.
Table of Contents
Webhooks
Setup Slack and Webhooks
:information_source: To set up a Slack server and webhook, you can follow these guides provided on the Slack website.
Parsers
In this project, there are two parsers that automate the editing of CNA file according to your personal preferences.
:information_source: However, you can manually edit the CNA files without using the parsers.
In the following table, the parsers of this project are presented:
| Name | Language | OS | App | Description |
|---|---|---|---|---|
| slack-cna-parser_linux.sh | Bash | Linux | Slack | Slack CNA Parser for Linux systems |
| slack-cna-parser_windows.ps1 | PowerShell | Windows | Slack | Slack CNA Parser for Windows systems |
Linux Parser for Slack
The Linux parser for Slack uses three mandatory arguments:
- hostname
- channel
- webhook
To run the linux parser, you should use the following usage:
./slack-cna-parser_linux.sh --channel "#XXXX" --hostname "XXXX" --webhook "https://hooks.slack.com/services/XXXX"
Example:
Windows Parser for Slack
The Windows parser for Slack uses three mandatory arguments:
- hostname
- channel
- webhook
To run the windows parser, you should use the following usage:
.\slack-cna-parser_windows.ps1 -hostname "XXXX" -channel "#XXXX" -webhook "https://hooks.slack.com/services/XXXX"
Example:
