github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/README.md

github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/README.md (about)

     1  # CobaltStrikeParser-go
     2  Golang parser for CobaltStrike Beacon's configuration, reference CobaltStrikeParser project
     3  
     4  CobaltStrike Beacon 配置解析器，参考CobaltStrikeParser项目进行开发
     5  
     6  # 使用
     7  
     8  ```
     9  go build -o CobaltStrikeParser.exe main.go
    10  
    11  CobaltStrikeParser.exe -u http://127.0.0.1 -o c2configflie.txt -t 10
    12  CobaltStrikeParser.exe -f c2urlflie -o c2configflie.txt -t 10 -br 5
    13  
    14  -u       This can be a url (if started with http/s)
    15  -f       This can be a file path (if started with http/s)
    16  -o       out file
    17  -t       timeout. default:30
    18  -br      thread,import file valid. default:1
    19  -issave  save not decrypted data to file ,Saved in the data directory. default:false
    20  -beaconfile  beacon config file path
    21  ```
    22  
    23  # 使用作为函数调用
    24  
    25  不要调用 beaconscan.BeaconInitThread 这是多线程模式启动
    26  
    27  beaconscan.Beaconinit(url, fliename, timeout)
    28  
    29  当flienmae 为""时返回数据返回json格式的数据和错误信息
    30  
    31  当fliename 不为""时会将json数据写入flienmae中
    32  
    33  当 IsSave 为true时，会将未解密的beacon保存到当前目录下data文件夹中
    34  
    35  ```
    36  url := "https://www.google.com"
    37  timeout : = 5
    38  beaconinfo, err := beaconscan.Beaconinit(url, "", timeout,false)
    39  if err != nil {
    40      fmt.Println(err)
    41  } else {
    42      if beaconinfo.IsCobaltStrike {
    43          fmt.Println(beaconscan.StructToJson(beaconinfo))
    44      } else if beaconinfo.Confidence > 0 {
    45          fmt.Println(url + beaconinfo.ConfidenceInfo)
    46      } else {
    47          fmt.Println(url + "Not CobaltStrike")
    48      }
    49  }
    50  ```