CSASC
Cobalt Strike Aggressor Script Collection
This repository is to collect and share various Aggressor Scripts. All credit is due to the authors of these scripts.
Please note that there may be some duplicated and overlap between collections.
TODO: Add descriptions for each script
Und3rf10w
Original Github source: https://github.com/Und3rf10w
Twitter: https://twitter.com/Und3rf10w
Contains:
- Ebowla
- External C2 Framework
- Inveigh
- Kits
- Pushover
- Reports
- auto-keylogger.cna
- webservice.sl
RhinoSecurityLabs
Original Github source: https://github.com/RhinoSecurityLabs
Twitter: https://twitter.com/RhinoSecurity
Contains:
- External C3 Framework (fork from Und3rf10w)
tevora-threat
Original Github source: https://github.com/tevora-threat
Twitter:
Contains:
- PowerView.cna
rvrsh3ll
Original Github source: https://github.com/rvrsh3ll
Twitter: https://twitter.com/424f424f
Contains:
- Logging
- Persistence
- All_In_One.cna
- ArtifactPayloadGenerator.cna
- AVQuery.cna
- CertUtilWebDelivery.cna
- ProcessColor.cna
- ProcessMonitor.cna
- RedTeamRepo.cna
001SPARTaN
Original Github source: https://github.com/001SPARTaN
Twitter: https://twitter.com/001SPARTaN
Contains:
- csfm
- ElevateKit
- visualizations
- bot.cna
- custom_defaults.cna
- dcom_lateral_movement.cna
- download_screenshots.cna
- http.cna
- powershell.cna
- web.cna
vysec
Original Github source: https://github.com/vysec
Twitter: https://twitter.com/vysecurity
Contains:
- ANGRYPUPPY
- CACTUSTORCH
- auto-keylog-consent.cna
- auto-prepenv.cna
- Blacklist.cna
- credleak.cna
- http.cna
- mimikatz_addons.cna
- ping.cna
- portfwd.cna
- pushover-ng.cna
- test.cna
- virustotal-ng.cna
- vnc-psh.cna
ZonkSec
Original Github source: https://github.com/ZonkSec
Twitter: https://twitter.com/ZonkSec
Contains:
- persistence.cna
rasta-mouse
Original Github source: https://github.com/rasta-mouse
Twitter: https://twitter.com/_RastaMouse
Contains:
- DDEAutoCS
- elevate
- persistence
- loader.cna
ramen0x3f
Original Github source: https://github.com/ramen0x3f
Twitter: https://twitter.com/ramen0x3f
Contains:
- cdolla.cna
- compromised_log.rpt
- credpocalypse.cna
- save_log.cna
- utils.cna
bluscreenofjeff
Original Github source: https://github.com/bluscreenofjeff
Twitter: https://twitter.com/bluscreenofjeff
Contains:
- Beaconpire
- CCDC
- OPSEC Profiles
- apache-style-weblog-output.cna
- beacon_to_empire.cna
- beaconestablishednote.cna
- beaconid_note.cna
- checkin_jobs_context.cna
- eventlog-to-slack.cna
- forcecheckin.cna
- mass-dcsync.cna
- mimikatz-every-30m.cna
- mimikatz-timestamp-note-BETA.cna
- ping_aliases.cna
- powershell.cna
- ps-window-alias.cna
- silver-tickets.cna
- slack-notify-beacon.cna
- slack-notify-webhit.cna
- sleep-down-when-no-operators.cna
- sleeptimer.cna
- stale-beacon-notifier.cna
- timestamped_activitylog_export.cna
killswitch-GUI
Original Github source: https://github.com/killswitch-GUI
Twitter: https://twitter.com/Killswitch_GUI
Contains:
- host
- DA-Watch.cna
- Initial-DACheck.cna
- Initial-LAdminCheck.cna
harleyQu1nn
Original Github source: https://github.com/harleyQu1nn
Twitter: https://twitter.com/r3dQu1nn
Contains:
- Logging
- Persistence
- All_In_One.cna
- ArtifactPayloadGenerator.cna
- AVQuery.cna
- CertUtilWebDelivery.cna
- EDR.cna
- logvis.cna
- ProcessColor.cna
- ProcessMonitor.cna
- RedTeamRepo.cna