Collection of various aggressor scripts for Cobalt Strike from awesome people. Will be sure to update this repo with credit to each person.
Queries the registry for AV installed
Persistence, Enumeration, Lateral Movement and Logging Aggressor Script
Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener
CertUtil Scripted Web Delivery (Stageless)
Requirement for Initial-LAdminCheck.cna
Perform the same DA monitoring but using all Aggressor script to perform DA Group checks
Currently uses a PowerShell based check, combined with an aggressor script to check for the initial agent user name. While using .NET 3.5 to perform Domain Group enumeration (PowerShell 2+ safe). This allows for alerting on Pen-Test of a DA level beacons
This script will Auto check for LocalAdmin User on intial agent
Requirement for Invoke-DACheck.cna
Logging script that captures all the Beacon outputs. Formats the Beacon input line to display timestamps. Use with logs.py to export all the logs for each operator.
Script to write weblog entries to an Apache-like format
Adds the guest account to the local admins or domain and enterprise admins group
Receive SMS alert upon new beacons
Send your beacons to an empire listener
Sets a beacons note to first seen date and time stamp
Sets a beacons note to its beacon ID value
An Aggressor script used to control Empire listeners and pass sessions between Cobalt Strike and Empire.
Cobalt Strike bot that will welcome users to your teamserver, play ping pong, list beacons by ID, list listeners, PsExec from the event log, automatically bypass UAC, screenshot all beacons
Adds context menu options to run "checkin" or "jobs" on Beacon session to help detect stale beacons in bulk
Monitor beacons and pick off users as they log in
Custom defaults for Cobalt Strike
Lateral movement techniques based on research by enigma0x3 (Matt Nelson)
Script to send event log events to Slack
Forces SMB Beacons to check-in on a specified interval
Enable and add guest account to local admins group
Loads the "elevate" directory into Cobalt Strike
Various annoying red team attacks
Mass DCSync a list of usernames from the specified domain
Runs the mimikatz logonpasswords alias on all beacons
Adds a timestamp to the source column in new credentials
Various capabilities to add to Cobalt Strike
Various persistence additions
Various persistence additions
Alias for "qping" to "shell ping -n 1 [target]" and "smbscan" to "portscan [target] 445 none"
Aliases for PowerUp and PowerView
Aggressor script to simplify exporting command output
Create a audio alert on MacOS for new admin context beacons
Create persistence via new service
GUI to make Silver Tickets for a session. monitors output for machine hashes and adds them to the cred store
Send alerts to slack channel for new beacons
Send alerts to slack channel for webhits
Provides a configuration to automatically set sleep interval based on the time
Create a sticky keys backdoor
Output all event and activity logs with human-readable timestamp to activitylog.txt in your working directory
Bloodhound Attack Path Execution for Cobalt Strike
Exploit local priviledge escalation vulnerabilities