{"id":19901257,"url":"https://github.com/bluscreenofjeff/aggressorscripts","last_synced_at":"2025-07-09T09:38:56.831Z","repository":{"id":41497643,"uuid":"56133616","full_name":"bluscreenofjeff/AggressorScripts","owner":"bluscreenofjeff","description":"Aggressor scripts for use with Cobalt Strike 3.0+","archived":false,"fork":false,"pushed_at":"2022-09-09T15:47:49.000Z","size":66,"stargazers_count":839,"open_issues_count":3,"forks_count":164,"subscribers_count":38,"default_branch":"master","last_synced_at":"2025-04-20T11:32:42.223Z","etag":null,"topics":["aggressor-scripts","beacon","ccdc","cna","cobalt-strike","red-team"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bluscreenofjeff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-04-13T08:16:12.000Z","updated_at":"2025-04-14T21:49:29.000Z","dependencies_parsed_at":"2022-09-16T00:41:48.927Z","dependency_job_id":null,"html_url":"https://github.com/bluscreenofjeff/AggressorScripts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bluscreenofjeff/AggressorScripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluscreenofjeff%2FAggressorScripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluscreenofjeff%2FAggressorScripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluscreenofjeff%2FAggressorScripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluscreenofjeff%2FAggressorScripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bluscreenofjeff","download_url":"https://codeload.github.com/bluscreenofjeff/AggressorScripts/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluscreenofjeff%2FAggressorScripts/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264432226,"owners_count":23607392,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aggressor-scripts","beacon","ccdc","cna","cobalt-strike","red-team"],"created_at":"2024-11-12T20:14:30.195Z","updated_at":"2025-07-09T09:38:56.783Z","avatar_url":"https://github.com/bluscreenofjeff.png","language":null,"readme":"# AggressorScripts\nAggressor scripts for use with [Cobalt Strike](https://cobaltstrike.com) 3.0+\n\n**apache-style-weblog-output.cna** - outputs weblog hits to an Apache-like access log file named weblog.log in Cobalt Strike's working directory \n\n**beacon_to_empire.cna** - a script that leverages [Powershell Empire's](http://www.powershellempire.com/) RESTful API to migrate sessions from a Beacon session on Cobalt Strike\n\n**beaconid_note.cna** - set Beacon note to its ID on load and initial checkin (primarily useful when coding Aggressor scripts)\n\n**beaconestablishednote.cna** - set Beacon note to the time it was established on initial checkin\n\n**Beaconpire** - send Beacons to Empire and pull Empire Agents into Cobalt Strike\n\n**CCDC** - a collection of scripts designed for use at CCDC\n* **lulz.cna** - includes some Blue Team annoyance functions: IE Popup (kiosk mode), Windows Alert (7+), Host Shutdown, Boo.exe (uploads/executes Boo), and Clippy popup (requires setup and Windows 7).\n* **misc.cna** - includes functions to stomp the host file with a chosen text file or add an entry to the existing host file.\n* **sysinternals-killer.cna** - Automatically kill common Blue Team processes, such as the Sysinternals tools, on launch\n\n**checkin_jobs_context.cna** - adds context menu options to run \"checkin\" or \"jobs\" on Beacon session to help detect stale beacons in bulk\n\n**eventlog-to-slack.cna** - script to send event log events to Slack. NOTE: Review code before deploying in production. Sensitive information (usernames, hostnames, teamserver IPs) will be sent to Slack.\n\n**forcecheckin.cna** - forces an SMB Beacon to checkin after a specified frequency\n\n**mass-dcsync.cna** - DCSync a line-separated list of users from a DC\n\n**mimikatz-every-30m.cna** - runs mimikatz's \"logonpasswords\" alias every thirty minutes\n\n**mimikatz-timestamp-note-BETA.cna** - POC script that adds a timestamp to the source column in new credentials. The script is considered BETA - it has not been field tested and has bugs.\n\n**OPSEC Profiles** - limits the commands Cobalt Strike can execute while loaded. Used to reduce the chance of performing high-risk actions in mature target environments.\n\n**powershell.cna** - adds context items for some common Powerup and Powerview functions. For this to work, you must put the PowerUp.ps1 and powerview.ps1 files in the same directory as this script\n\n**ping_aliases.cna** - creates an alias for quick ping (one ping packet w/ shell) and smbscan (to portscan smb w/o ping)\n\n**ps-window-alias.cna** - creates an alias to open the process browser pane for the current Beacon\n\n**silver-tickets.cna** - monitors Beacon output for machine hashes and stores them in the cred store. Also adds a dialog box for generating a [Silver Ticket](https://adsecurity.org/?p=2753) from a gathered machine hash\n\n**slack-notify-beacon.cna** - sends a generic alert to a chosen Slack channel via incoming webhook when a new Beacon is established(requires curl on team server)\n\n**slack-notify-webhit.cna** - sends a generic alert to a chosen Slack channel via incoming webhook when a specific URI or URIs are requested (requires curl on team server)\n\n**sleep-down-when-no-operators.cna** - increases the sleep interval on all Beacons when there are no operators logged in\n\n**sleeptimer.cna** - automatically sets sleep intervals based on time (i.e. from 10p to 6a, sleep for 60s). Resets to 60s sleeps when the sleep interval ends.\n\n**stale-beacon-notifier.cna** - sends a generic alert to a chosen Slack channel via incoming webhook when a Beacon's last checkin exceeds a specified time (requires curl on team server).\n\n**timestamped_activitylog_export.cna** - Outputs all event and activity logs with human-readable timestamp to activitylog.txt in your working directory (runs on script load)\n\n# Other Aggressor Repos\n\n* [https://github.com/Und3rf10w/Aggressor-scripts](https://github.com/Und3rf10w/Aggressor-scripts)\n* [https://github.com/001SPARTaN/aggressor_scripts](https://github.com/001SPARTaN/aggressor_scripts)\n* [https://github.com/vysec/Aggressor-VYSEC](https://github.com/vysec/Aggressor-VYSEC)\n* [https://github.com/harleyQu1nn/AggressorScripts](https://github.com/harleyQu1nn/AggressorScripts)\n* [https://github.com/rasta-mouse/Aggressor-Script](https://github.com/rasta-mouse/Aggressor-Script)\n* [https://github.com/ramen0x3f/AggressorScripts](https://github.com/ramen0x3f/AggressorScripts)\n* [https://github.com/invokethreatguy/CSASC](https://github.com/invokethreatguy/CSASC)\n\n# Submissions\nPlease feel free to submit a Pull Request with fixes or improvements to any of the existing scripts; however, my intention is to only keep Aggressor scripts that I've written in this repo.\n\nIf you have an idea for a script and would like to submit it somewhere, consider adding it to Lee Kagan's [Aggressor Scripts Collection](https://github.com/invokethreatguy/CSASC) repo.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbluscreenofjeff%2Faggressorscripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbluscreenofjeff%2Faggressorscripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbluscreenofjeff%2Faggressorscripts/lists"}