github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/README.md (about) 1 # CobaltStrikeParser-go 2 Golang parser for CobaltStrike Beacon's configuration, reference CobaltStrikeParser project 3 4 CobaltStrike Beacon 配置解析器,参考CobaltStrikeParser项目进行开发 5 6 # 使用 7 8 ``` 9 go build -o CobaltStrikeParser.exe main.go 10 11 CobaltStrikeParser.exe -u http://127.0.0.1 -o c2configflie.txt -t 10 12 CobaltStrikeParser.exe -f c2urlflie -o c2configflie.txt -t 10 -br 5 13 14 -u This can be a url (if started with http/s) 15 -f This can be a file path (if started with http/s) 16 -o out file 17 -t timeout. default:30 18 -br thread,import file valid. default:1 19 -issave save not decrypted data to file ,Saved in the data directory. default:false 20 -beaconfile beacon config file path 21 ``` 22 23 # 使用作为函数调用 24 25 不要调用 beaconscan.BeaconInitThread 这是多线程模式启动 26 27 beaconscan.Beaconinit(url, fliename, timeout) 28 29 当flienmae 为""时返回数据返回json格式的数据和错误信息 30 31 当fliename 不为""时会将json数据写入flienmae中 32 33 当 IsSave 为true时,会将未解密的beacon保存到当前目录下data文件夹中 34 35 ``` 36 url := "https://www.google.com" 37 timeout : = 5 38 beaconinfo, err := beaconscan.Beaconinit(url, "", timeout,false) 39 if err != nil { 40 fmt.Println(err) 41 } else { 42 if beaconinfo.IsCobaltStrike { 43 fmt.Println(beaconscan.StructToJson(beaconinfo)) 44 } else if beaconinfo.Confidence > 0 { 45 fmt.Println(url + beaconinfo.ConfidenceInfo) 46 } else { 47 fmt.Println(url + "Not CobaltStrike") 48 } 49 } 50 ```