https://github.com/harleyQu1nn/AggressorScripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
https://github.com/harleyQu1nn/AggressorScripts

aggressor aggressor-scripts cna cobalt-strike red-team scripts

Last synced: 7 months ago
JSON representation

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

• Host: GitHub
• URL: https://github.com/harleyQu1nn/AggressorScripts
• Owner: harleyQu1nn
• Created: 2017-04-21T12:14:35.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2023-06-30T15:26:52.000Z (over 2 years ago)
• Last Synced: 2025-03-11T00:48:31.658Z (7 months ago)
• Topics: aggressor, aggressor-scripts, cna, cobalt-strike, red-team, scripts
• Language: C#
• Size: 189 KB
• Stars: 1,494
• Watchers: 65
• Forks: 300
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources (C# #)

README

          
# Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

* All_In_One.cna v1 - Removed and outdated

    

   * All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence,        Enumeration, and 3rd party script integration.

    * Version 2 is currently in development!

* ArtifactPayloadGenerator.cna

    * Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

    

    * Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads

    

* AVQuery.cna

    * Queries the Registry with powershell for all AV Installed on the target

    

    * Quick and easy way to get the AV you are dealing with as an attacker

    

    ![av](https://user-images.githubusercontent.com/27856212/28275624-7331ab2e-6ae2-11e7-8405-3393e917863e.png)

* CertUtilWebDelivery.cna

    * Stageless Web Delivery using CertUtil.exe 

    

    * Powerpick is used to spawn certutil.exe to download the stageless payload on target and execute with rundll32.exe

    

    ![certutil2](https://user-images.githubusercontent.com/27856212/29992549-12d45854-8f6c-11e7-95c7-c2892582f56f.PNG)

    

* EDR.cna

    

    * Detects EDR solutions running on local/remote hosts

    

* RedTeamRepo.cna

    * A common collection of OS commands, and Red Team Tips for when you have no Google or RTFM on hand.

    

    * Script will be updated on occasion, feedback and more inputs are welcomed!

    

    ![redrepo](https://user-images.githubusercontent.com/27856212/30020754-00fedd70-9133-11e7-80d4-dff3be7ab876.PNG)

    

* ProcessColor.cna

    * Color coded process listing without the file requirement.

    

    * Thanks to @oldb00t for the original version: https://github.com/oldb00t/AggressorScripts/tree/master/Ps-highlight

    

    ![process](https://user-images.githubusercontent.com/27856212/33582815-575d368e-d914-11e7-8d48-fd4c915af5d6.png)