Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/TryGOTry/AutoGeaconC2

AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike
https://github.com/TryGOTry/AutoGeaconC2

cobaltstrike geacon

Last synced: 3 months ago
JSON representation

AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike

Host: GitHub
URL: https://github.com/TryGOTry/AutoGeaconC2
Owner: TryGOTry
Created: 2024-04-07T03:02:28.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-04-07T04:07:02.000Z (8 months ago)
Last Synced: 2024-06-19T15:12:47.555Z (6 months ago)
Topics: cobaltstrike, geacon
Language: Go
Homepage:
Size: 20.5 KB
Stars: 116
Watchers: 3
Forks: 6
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - TryGOTry/AutoGeaconC2 - AutoGeaconC2: 一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike (Go)

README

        ![AutoGeaconC2](https://socialify.git.ci/TryGOTry/AutoGeaconC2/image?description=1&forks=1&issues=1&language=1&name=1&owner=1&stargazers=1&theme=Light)

# AutoGeaconC2

为了方便脚本小子的工具：一键读取Profile自动化生成geacon实现跨平台上线CobaltStrike

Ps：为了增加分析成本，本项目不准备开源，目前仅支持Linux amd64上线！

已适配大量profile配置，如遇到问题，请提交issues！

已适配猫猫cs,以及cdn上线.

# 生成的文件可以尝试使用upx压缩一下。

## How To Use

1.下载releases中的AutoGeaconC2.cna，然后在cs客户端中导入cna

2.在服务端下载releases中根据系统下载AutoGeaconC2

3.下载releases中的BeaconTool.jar用于生成rsa的key。 java -jar BeaconTool.jar -i .cobaltstrike.beacon_keys

4.把上面生成的rsa的key填入AutoGeaconC2中生成Geacon客户端

```

AutoGeaconC2.exe -rsa "xxx" -profile c.profile -u https://127.0.0.1

```

## CobaltStrike Commands

已实现的功能如下

```shell

1.命令执行 执行shell version 查看当前客户端版本

2.文件管理(查看,上传,下载)

3.Sleep

4.Cd

5.Mkdir

6.Pwd

7.Cp

8.Mv

9.tasklit

10.spawn 执行shell spawn  需要当前进程文件存在.spawn上来的进程名中会包含(fork)

```

## Usage

```shell

                _         _____                             _____ ___  

     /\        | |       / ____|                           / ____|__ \ 

    /  \  _   _| |_ ___ | |  __  ___  __ _  ___ ___  _ __ | |       ) |

   / /\ \| | | | __/ _ \| | |_ |/ _ \/ _` |/ __/ _ \| '_ \| |      / / 

  / ____ \ |_| | || (_) | |__| |  __/ (_| | (_| (_) | | | | |____ / /_ 

 /_/    \_\__,_|\__\___/ \_____|\___|\__,_|\___\___/|_| |_|\_____|____|

                                                                       

Usage:

  # 是否运行后自删除，开启后无法执行spawn命令

  -delete

        DeleteSelf   

  # 进程伪装的名称，暂未实现，bug较多

  -processName string

        ProcessName (default "kwoker")

  # 指定读取的profile文件

  -profile string

        Load Your Profile

  # cs服务端的.cobaltstrike.beacon_keys中读取出来的public key,需要base64编码

  -rsa string

        base64 rsa public key.

  # 保存的geacon文件名

  -s string

        Save name (default "Mgeacon")

  # CobaltStrike Host地址，就是监听器中的host地址,需加http://或者https://,有端口的加端口

  -u string

        CobaltStrike Host,Like:https://127.0.0.1:8443

```

## Supported Systems

| Arch  | Windows | Linux | MacOS |

|-------|---|---| --- |

| amd64 | ❌      | 🐕    | ❌ |

| 386   | ❌      | ❌    | ❌ |

根据项目热度(star)后续更新更多系统和更多功能

## TODO

| 功能      | Windows | Linux | MacOS |

|---------|---|---| --- |

| 内存执行elf | ❌      | ❌    | ❌ |

| Job管理   | ❌      | ❌    | ❌ |

| 权限维持    | ❌      | ❌    | ❌ |

| 横向功能    | ❌      | ❌    | ❌ |

## 感谢以下项目

[geacon](https://github.com/darkr4y/geacon)

[geacon_pro](https://github.com/H4de5-7/geacon_pro)

[CrossC2](https://github.com/gloxec/CrossC2)