Forked from Flangvik/gist:5fb58dffa373a50f4d560a14adaa415b
Created
February 3, 2022 15:29
-
-
Save quikilr/a7902a05488595292b78775b008bbe70 to your computer and use it in GitHub Desktop.
Revisions
-
Flangvik revised this gist
Feb 3, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ #!/usr/bin/env python # Super dirty python3 scripts that alerts Cobalt Strike operator using pushover when a new IP is found amoung network interface on beacon # Aggressor script for triggering this : https://gist.github.com/Flangvik/c31b26129743be699133dc9dab9c02c5 import argparse from datetime import datetime from base64 import b64encode,b64decode -
Feb 3, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ #!/usr/bin/env python # Super dirty python3 scripts that alerts Cobalt Strike operator using pushover when a new IP is found amoung network interface on beacon # CNA for triggering this : https://gist.github.com/Flangvik/c31b26129743be699133dc9dab9c02c5 import argparse from datetime import datetime from base64 import b64encode,b64decode -
Feb 3, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,44 @@ #!/usr/bin/env python # Super dirty python3 scripts that alerts Cobalt Strike operator using pushover when a new IP is found amoung network interface on beacon import argparse from datetime import datetime from base64 import b64encode,b64decode from pushover import init, Client from os import path parser = argparse.ArgumentParser(description='beacon info') parser.add_argument('--user') parser.add_argument('--data') parser.add_argument('--computer') args = parser.parse_args() #Replace the below keys, pushover.net pushover_user_key = "<redacted>" pushover_app_key = "<redacted>" beaconuser = args.user computer = args.computer data = args.data def pushovernotifications(user): init(pushover_app_key) Client(pushover_user_key).send_message("VPN!", title=user) didCsvExists = path.exists("/<fullpath>/ip_logs_all_beacons.csv") f = open("/<fullpath>/ip_logs_all_beacons.csv", "a+") if not didCsvExists: f.write("Type;Timestamp;User;Hostname;IP\n") ipAdresser = b64decode(data).decode('UTF-16LE').split('\n') for ip in ipAdresser: if ip: f.write("LOG;%s;%s;%s;%s\n" % (datetime.utcnow().strftime("%d/%m/%Y %H:%M:%S"),beaconuser, computer, ip.split()[0])) #Edit this based on the subnet of your beacons "home network" if(ip.split('.')[0] != "192"): pushovernotifications(beaconuser) f.write("ALERT;%s;%s;%s;%s\n" % (datetime.utcnow().strftime("%d/%m/%Y %H:%M:%S"),beaconuser, computer, ip.split()[0])) f.close()