Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Related tags

Miscellaneousopsec-aggressor
Overview

opsec-aggressor

Aggressor script that gets the latest commands from CobaltStrikes opsec page and creates an aggressor script based on tool options.

Grabs latest commands from https://www.cobaltstrike.com/help-opsec and sets block/allow based on tool input.

Options of commands to block/allow are:

  • API-only
  • House-keeping Commands
  • Inline Execute (BOF)
  • Post-Exploitation Jobs (Fork&Run)
  • Process Execution
  • Process Execution (cmd.exe)
  • Process Execution (powershell.exe)
  • Process Injection (Remote)
  • Process Injection (Spawn&Inject)
  • Service Creation

Credit

Thanks to bluescreenofjeff and _tifkin for the original opsec aggressor scripts. It was more better since it rewrote some of the dropdown options but it hasn't been updated in 4 years, much has changed since then.

Usage

usage: get_opsec.py [-h] [-c COMMANDS]

optional arguments:
  -h, --help            show this help message and exit
  -c COMMANDS, --commands COMMANDS
                        Beacon commands to enable (comma delimted) Options: API-only House-keeping bof Post-Exploitation cmd.exe powershell.exe remote spawn&inject service

Example

$ python3 get_opsec.py -c API-only,House-keeping,bof,cmd.exe | tee opsec.cna
#TTP: API-only
%commands["cd"]="true";
%commands["cp"]="true";
%commands["connect"]="true";
%commands["download"]="true";
%commands["drives"]="true";
%commands["exit"]="true";
.
.
.
#configuring the block commands
foreach $key (sorta(keys(%commands))) {
        if (%commands[$key] eq "block") {
                alias($key, {
                        berror($1,"This command's execution has been blocked. Remove the opsec profile to run the command.");
                });
        }
}

#Adding the opsec command to check the current settings
beacon_command_register("opsec", "Show the settings of the loaded opsec profile",
        "Synopsis: opsec

" .
        "Displays a list of command settings for the currently loaded opsec profile.");

alias("opsec",{
        blog($1,"The current opsec profile has the following commands set to block/block: ");
        foreach $key (sorta(keys(%commands))) {
                blog2($1,$key . " - " . %commands[$key]);
        }
});
Owner
JP
JP
GitHub Repository
Wordle Solver

Wordle Solver Installation Install the following onto your computer: Python 3.10.x Download Page Run pip install -r requirements.txt Instructions To r

John Bucknam 1 Feb 15, 2022
🗽 Like yarn outdated/upgrade, but for pip. Upgrade all your pip packages and automate your Python Dependency Management.

pipupgrade The missing command for pip Table of Contents Features Quick Start Usage Basic Usage Docker Environment Variables FAQ License Features Upda

Achilles Rasquinha 529 Dec 31, 2022
Thinky nature dots with python

Thinky Nature Welcome to my rice dotfiles of my ThinkPad X230 You surely will need to change some configs to fit your files and stuff and maybe tweak

Daniel Mironow 26 Dec 02, 2022
This is a calculator of strike price distance for options.

Calculator-of-strike-price-distance-for-options This is a calculator of strike price distance for options. Options are a type of derivative. One strat

André Luís Lopes da Silva 4 Dec 30, 2022
Mdisk - 🚧 On Construction 🚧

Mdisk Install For Package pip install mdisk pip install git+https://github.com/HeimanPictures/Mdisk.git Usage You can use this as python module or via

AkKiL 6 Aug 08, 2022
Autogenerador tonto de paquetes para ROSCPP

Autogenerador tonto de paquetes para ROSCPP Autogenerador de paquetes que usan C++ en ROS. Por ahora tiene las siguientes capacidades: Permite crear p

1 Nov 26, 2021
Simple macOS StatusBar app to remind you to unplug your laptop when sufficiently charged

ChargeMon Simple macOS StatusBar app to monitor battery charge status and remind you to unplug your Mac when the battery is sufficiently charged Overv

Rhet Turnbull 5 Jan 25, 2022
Python module used to generate random facts

Randfacts is a python library that generates random facts. You can use randfacts.get_fact() to return a random fun fact. Disclaimer: Facts are not gua

Tabulate 14 Dec 14, 2022
Easy to use phishing tool with 65 website templates. Author is not responsible for any misuse.

PyPhisher [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, github, reddit, gmail and m

KasRoudra 1.1k Dec 31, 2022
API wrapper for VCS hosting system.

PythonVCS API wrapper for VCS hosting system. Supported platforms Gitea Github, Gitlab, Bitbucket support will not, until that packages is not updated

MisileLaboratory 1 Apr 02, 2022
Stack-overflow-import - Import arbitrary code from Stack Overflow as Python modules.

StackOverflow Importer Do you ever feel like all you’re doing is copy/pasting from Stack Overflow? Let’s take it one step further. from stackoverflow

Filip Haglund 3.7k Jan 08, 2023
Fully cross-platform toolkit (and library!) for MachO+Obj-C editing/analysis

fully cross-platform toolkit (and library!) for MachO+Obj-C editing/analysis. Includes a cli kit, a curses GUI, ObjC header dumping, and much more.

cynder 301 Dec 28, 2022
System Information Utility With Python

System-Information-Utility This is a simple utility, for the terminal, which allows you to find out information about your PC. It's very easy to run t

2 Apr 15, 2022
This repository requires you to solve a problem by writing some basic python code.

Can You Solve a Problem? A beginner friendly repository that requires you to solve familiar problems with python. This could be as simple as implement

Precious Kolawole 11 Nov 30, 2022
Anonymous Dark Web Tool

Anonymous Dark Web Tool v1.0 Features Anonymous Mode Darkweb Search Engines Check Onion Url/s Scanning Host/IP Keep eyes on v2.0 soon. Requirement Deb

Mounib Kamhaz 11 Apr 10, 2022
Import some key/value data to Prometheus custom-built Node Exporter in Python

About the app In one particilar project, i had to import some key/value data to Prometheus. So i have decided to create my custom-built Node Exporter

Hamid Hosseinzadeh 1 May 19, 2022
An app about keyboards, originating from the design of u/Sonnenschirm

keebapp-backend An app about keyboards, originating from the design of u/Sonnenschirm Setup Firstly, ensure that the environment for python is install

8 Sep 04, 2022
Pygments is a generic syntax highlighter written in Python

Welcome to Pygments This is the source of Pygments. It is a generic syntax highlighter written in Python that supports over 500 languages and text for

1.2k Jan 06, 2023
The fastest way to copy to (not from) high speed flash storage.

FastestCopy The fastest way to copy to (not from) high speed flash storage. This is about 3-6x faster than file copy on explorer.exe to usb flash driv

Derek Frombach 0 Nov 03, 2021
Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm

w95keygen-python windowskeygen.py - Generates Windows 95 and 95 OEM keys using the modulus 7 check algorithm Just download and drop in the directory y

Joshua Alto 1 Dec 06, 2021