Golang parser for CobaltStrike Beacon's configuration, reference CobaltStrikeParser project
CobaltStrike Beacon 配置解析器,参考CobaltStrikeParser项目进行开发
go build -o CobaltStrikeParser.exe main.go
CobaltStrikeParser.exe -u http://127.0.0.1 -o c2configflie.txt -t 10
CobaltStrikeParser.exe -f c2urlflie -o c2configflie.txt -t 10 -br 5
-u This can be a url (if started with http/s)
-f This can be a file path (if started with http/s)
-o out file
-t timeout. default:30
-br thread,import file valid. default:1
-issave save not decrypted data to file ,Saved in the data directory. default:false
-beaconfile beacon config file path
不要调用 beaconscan.BeaconInitThread 这是多线程模式启动
beaconscan.Beaconinit(url, fliename, timeout)
当flienmae 为""时返回数据返回json格式的数据和错误信息
当fliename 不为""时会将json数据写入flienmae中
当 IsSave 为true时,会将未解密的beacon保存到当前目录下data文件夹中
url := "https://www.google.com"
timeout : = 5
beaconinfo, err := beaconscan.Beaconinit(url, "", timeout,false)
if err != nil {
fmt.Println(err)
} else {
if beaconinfo.IsCobaltStrike {
fmt.Println(beaconscan.StructToJson(beaconinfo))
} else if beaconinfo.Confidence > 0 {
fmt.Println(url + beaconinfo.ConfidenceInfo)
} else {
fmt.Println(url + "Not CobaltStrike")
}
}