Skip to content
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
DriverSearcher Added more drivers for Carbon Black Aug 22, 2018
Logging Added Newer Symantec processes Nov 7, 2017
Persistence Fixed script to show as popup item Nov 20, 2018
AVQuery.cna Fixed line 21 errors and added a pause for execution Mar 15, 2018
All_In_One.cna Remaking this completely, keep an eye out for v2 :) Feb 9, 2018
ArtifactPayloadGenerator.cna Automatic Artifact Payload Generator Jul 6, 2017
EDR.cna Added more drivers for Carbon Black Aug 21, 2018
ProcessColor.cna Added more processes Feb 8, 2019
ProcessMonitor.ps1 Update Feb 9, 2018

Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

  • All_In_One.cna v1 - Removed and outdated

    • All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
    • Version 2 is currently in development!
  • ArtifactPayloadGenerator.cna

    • Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

    • Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads

  • AVQuery.cna

    • Queries the Registry with powershell for all AV Installed on the target

    • Quick and easy way to get the AV you are dealing with as an attacker


  • CertUtilWebDelivery.cna

    • Stageless Web Delivery using CertUtil.exe

    • Powerpick is used to spawn certutil.exe to download the stageless payload on target and execute with rundll32.exe


  • RedTeamRepo.cna

    • A common collection of OS commands, and Red Team Tips for when you have no Google or RTFM on hand.

    • Script will be updated on occasion, feedback and more inputs are welcomed!


  • ProcessColor.cna


You can’t perform that action at this time.