A beacon generator using Cobalt Strike and a variety of tools.

Overview

Beaconator

release license issues stars forks

Beaconator is an aggressor script for Cobalt Strike used to generate either staged or stageless shellcode and packing the generated shellcode using your tool of choice.

Currently, it supports the following tools:

Staged Beacon Generator

Stageless Beacon Generator

How to Use

Beaconator

  1. Load the beaconator.cna file via Cobalt Strike > Script Manager.
  2. Access Beaconator from the menu bar by clicking the Generate Beacon menu.

Staged Beacon Generator

Alaris

  1. Clone the repo.
git clone https://github.com/cribdragg3r/Alaris.git
  1. Open beaconator.cna and change the value of the $ALARIS_DIR variable and point it to where Alaris is located.

Stageless Beacon Generator

PEzor

  1. Install PEzor using the following:
git clone https://github.com/phra/PEzor.git
cd PEzor
./install.sh
  1. Add PEzor's $PATH variable in your ~/.profile or ~/.bashrc (if using Bash), OR ~/.zprofile or ~/.zshrc (if using ZSH).

ScareCrow

  1. Install the dependencies.
sudo apt update -y && sudo apt install -y openssl osslsigncode mingw-w64
go get github.com/fatih/color
go get github.com/yeka/zip
go get github.com/josephspurrier/goversioninfo
  1. Clone the repo and build ScareCrow.
git clone https://github.com/optiv/ScareCrow.git
cd ScareCrow
go build ScareCrow.go
  1. Open beaconator.cna and change the value of the $SCARECROW_DIR variable and point it to where ScareCrow is located.

Screenshots

Beaconator

option-staged.png option-stageless.png

Alaris

alaris-options.png alaris-console.png

PEzor

pezor-options.png pezor-console.png

ScareCrow

scarecrow-options.png scarecrow-console.png

Credits

Comments
  • null value error - Not fixed

    null value error - Not fixed

    The issue is not fixed by creating the folder output. See below:

    Executing: PEzor.sh -64 -unhook -antidebug -shellcode -format=exe /home/simon.davies/Cobalt_Strike_Aggressor_Scripts/Beaconator/output/shellcode.bin[10:31:56] null value error at beaconator.cna:140

    bug 
    opened by Simon-Davies 4
  • options persist after payload creation

    options persist after payload creation

    If I create a payload with an option like -unhook and -x64. It will correctly create the payload. However if I then create a payload with just -x64 and -sgn, the script console says Executing: PEzor.sh -64 -unhook -sgn -shellcode -format=exe. It is keeping the old option of -unhook when not selected(the only option I have seen that does not persist to the next generation attempt is -32). I have to reload the script after every payload generation in order to get the correct options again.

    bug 
    opened by foehammer762 3
  • Null error

    Null error

    The shellcode is being correctly generated but not the binary/dll in the directoty ../output/pezor/shellcode.bin.

    [*] Executing: PEzor -64 -unhook -antidebug -shellcode -format=dll /opt/tools/Beaconator/output/pezor/shellcode.bin[18:17:32] null value error at beaconator.cna:248

    FYI : The command is working fine when I run it manually in a terminal.

    opened by TH3xACE 2
  • null value error

    null value error

    When I try to create a payload using beaconater i get the folllowing error: null value error at beaconator.cna:140

    I can then copy paste the whole command from the script console to the terminal and that works properly. I already installed pezor and updated the PATH variable.
    Once I manually created the subfolder output and hard coded the full path to pezor, It is now creating the shellcode.bin file in the output folder but not creating the final payload even though it says Success beacon can be found at path/to/cna/output

    bug 
    opened by foehammer762 2
  • Not sure if Bug??

    Not sure if Bug??

    null value error at beaconator.cna:243

    Tried with x86 and x64 using PEZor. With and without Syscalls in case that made any difference.

    Line 243 reads:

    closef($process);

    opened by 4r33d0m 1
  • Fixed output folder issue and fixed issue with options persisting to subsequent payload generations

    Fixed output folder issue and fixed issue with options persisting to subsequent payload generations

    Added folder "output" and added .gitignore to ignore the generated payloads but keep the folder. This fixes the null value error. Added code to reset the options back to null so that you don't have to reload the cna script after every payload generation.

    opened by foehammer762 0
Releases(2.0)
  • 2.0(Aug 10, 2021)

    • Added Alaris for generating staged shellcode
    • Added ScareCrow for generating stageless shellcode
    • Created a helper script for ScareCrow
    • Categorized selection as Staged or Stageless
    • Added tool output subfolders
    Source code(tar.gz)
    Source code(zip)
  • 1.1(Jul 23, 2021)

    • Fixed error check with the use of x86 arch & syscalls
    • Fixed the "null value error" due to missing output folder
    • Fixed issue with options persisting to subsequent payload generations
    • Added PEzor's BOF format
    • Added the -cleanup option for BOFs
    • Added the -sleep option
    • Added more error checks
    • Cleaned up the code
    Source code(tar.gz)
    Source code(zip)
Owner
Capt. Meelo
Infosec Noob
Capt. Meelo
Code and yara rules to detect and analyze Cobalt Strike

Cobalt Strike Resources This repository contains: analyze.py: a script to analyze a Cobalt Strike beacon (python analyze.py BEACON) extract.py; extrac

Tek 224 Jan 4, 2023
Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

SysWhispers2BOF Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs. Introduction This script was initially created to fix specific

FalconForce 101 Dec 20, 2022
Cobalt Strike Sleep Python Bridge

This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. NOTE: This project is very much in BETA. The goal is to provide a playground for testing and is in no way an officially support feature. Perhaps this could be something added in the future to the core product.

Cobalt Strike 140 Jan 4, 2023
Python: Wrangled and unpivoted gaming datasets. Tableau: created dashboards - Market Beacon and Player’s Shopping Guide.

Created two information products for GameStop. Using Python, wrangled and unpivoted datasets, and created Tableau dashboards.

Zinaida Dvoskina 2 Jan 29, 2022
Block fingerprinting for the beacon chain, for client identification & client diversity metrics

blockprint This is a repository for discussion and development of tools for Ethereum block fingerprinting. The primary aim is to measure beacon chain

Sigma Prime 49 Dec 8, 2022
Beacon Object File (BOF) to obtain a usable TGT for the current user.

Beacon Object File (BOF) to obtain a usable TGT for the current user.

Connor McGarr 109 Dec 25, 2022
Kellogg bad | Union good | Support strike funds

KelloggBot Credit to SeanDaBlack for the basis of the script. req.py is selenium python bot. sc.js is a the base of the ios shortcut [COMING SOON] Set

null 407 Nov 17, 2022
This is a calculator of strike price distance for options.

Calculator-of-strike-price-distance-for-options This is a calculator of strike price distance for options. Options are a type of derivative. One strat

André Luís Lopes da Silva 4 Dec 30, 2022
DownTime-Score is a Small project aimed to Monitor the performance and the availabillity of a variety of the Vital and Critical Moroccan Web Portals

DownTime-Score DownTime-Score is a Small project aimed to Monitor the performance and the availabillity of a variety of the Vital and Critical Morocca

adnane-tebbaa 5 Apr 30, 2022
Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like.

Advent Of Code 2021 - Python English Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels th

Coral Izquierdo Muñiz 2 Jan 9, 2022
An Advent calendar of small programming puzzles for a variety of skill sets and skill levels.

Advent of Code 2021 The Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be sol

Evan Cope 0 Feb 13, 2022
An kind of operating system portal to a variety of apps with pure python

pyos An kind of operating system portal to a variety of apps. Installation Run this on your terminal: git clone https://github.com/arjunj132/pyos.git

null 1 Jan 22, 2022
A simple Python script for generating a variety of hashes from safe urandom entropy.

Hashgen A simple Python script for generating a variety of hashes from safe urandom entropy. For whenever you need a random hash (e.g. generating an a

Xanspie 1 Feb 17, 2022
x-tools is a collection of tools developed in Python

x-tools X-tools is a collection of tools developed in Python Commands\

null 5 Jan 24, 2022
You can easily send campaigns, e-marketing have actually account using cash will thank you for using our tools, and you can support our Vodafone Cash +201090788026

*** Welcome User Sorry I Mean Hello Brother ✓ Devolper and Design : Mokhtar Abdelkreem ========================================== You Can Follow Us O

Mo Code 1 Nov 3, 2021
Get you an ultimate lexer generator using Fable; port OCaml sedlex to FSharp, Python and more!

NOTE: currently we support interpreted mode and Python source code generation. It's EASY to compile compiled_unit into source code for C#, F# and othe

Taine Zhao 15 Aug 6, 2022
External Network Pentest Automation using Shodan API and other tools.

Chopin External Network Pentest Automation using Shodan API and other tools. Workflow Input a file containing CIDR ranges. Converts CIDR ranges to ind

Aditya Dixit 9 Aug 4, 2022
Tools for teachers and students using nng (Natural Number Game)

nngtools Usage Place your nngsave.json to the directory in which you want to extract the level files. Place nngmap.json on the same directory. Run nng

Thanos Tsouanas 1 Dec 12, 2021
A feed generator. Currently supports generating RSS feeds from Google, Bing, and Yahoo news.

A feed generator. Currently supports generating RSS feeds from Google, Bing, and Yahoo news.

Josh Cardenzana 0 Dec 13, 2021