github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/main.go (about) 1 package main 2 3 import ( 4 "bufio" 5 "flag" 6 "fmt" 7 "io" 8 "io/ioutil" 9 "os" 10 "strings" 11 "sync" 12 13 "github.com/ck00004/CobaltStrikeParser-Go/beaconscan" 14 ) 15 16 var u = flag.String("u", "", "This can be a url (if started with http/s)") 17 var f = flag.String("f", "", "This can be a file path (if started with http/s)") 18 var o = flag.String("o", "", "out file") 19 var t = flag.Int("t", 30, "timeout. default:30") 20 var br = flag.Int("br", 1, "thread,import file valid. default:1") 21 var IsSave = flag.Bool("issave", false, "save not decrypted data to file ,Saved in the data directory. default:false") 22 var BeaconFile = flag.String("beaconfile", "", "beacon config file path") 23 24 func main() { 25 flag.Parse() 26 if flag.NFlag() == 0 { 27 flag.Usage() 28 os.Exit(1) 29 } 30 if *f != "" && *u == "" { 31 var wg sync.WaitGroup 32 var ChanUrlList chan string 33 var num = 0 34 var mutex sync.Mutex 35 var urllist []string 36 filepath := *f 37 file, err := os.OpenFile(filepath, os.O_RDWR, 0666) 38 if err != nil { 39 fmt.Println("Open file error!", err) 40 return 41 } 42 defer file.Close() 43 44 buf := bufio.NewReader(file) 45 for { 46 line, err := buf.ReadString('\n') 47 line = strings.TrimSpace(line) 48 if line != "" { 49 urllist = append(urllist, line) 50 } 51 if err != nil { 52 if err == io.EOF { 53 break 54 } else { 55 return 56 } 57 } 58 } 59 ChanUrlList = make(chan string, len(urllist)) 60 for filelen := 0; filelen < len(urllist); filelen++ { 61 ChanUrlList <- urllist[filelen] 62 } 63 for i := 0; i < *br; i++ { 64 wg.Add(1) 65 go beaconscan.BeaconInitThread(&wg, &num, &mutex, ChanUrlList, *o, *t, *IsSave) 66 } 67 68 close(ChanUrlList) 69 wg.Wait() 70 } else if *BeaconFile != "" { 71 var Bodygot beaconscan.BodyMap 72 filebuf, BeaconFileerr := os.OpenFile(*BeaconFile, os.O_RDWR, 0666) 73 if BeaconFileerr != nil { 74 fmt.Println("Open file error!", BeaconFileerr) 75 return 76 } 77 defer filebuf.Close() 78 BeaconBuf, _ := ioutil.ReadAll(filebuf) 79 got := beaconscan.Beacon_config(BeaconBuf) 80 if got.C2Server != "" { 81 Bodygot.Beaconconfig = got 82 Bodygot.IsCobaltStrike = true 83 } 84 if *IsSave { 85 Bodygot = beaconscan.Write_decrypted_data(Bodygot, *BeaconFile) 86 } 87 if *o == "" { 88 fmt.Println(beaconscan.StructToJson(Bodygot)) 89 } else { 90 beaconscan.JsonFileWrite(*o, beaconscan.StructToJson(Bodygot)) 91 } 92 } else { 93 if *o == "" { 94 beaconinfo, err := beaconscan.Beaconinit(*u, "", *t, *IsSave) 95 if err != nil { 96 fmt.Println(err) 97 } else { 98 if beaconinfo.IsCobaltStrike { 99 fmt.Println(beaconscan.StructToJson(beaconinfo)) 100 } else if beaconinfo.Confidence > 0 { 101 fmt.Println(*u + beaconinfo.ConfidenceInfo) 102 } else { 103 fmt.Println(*u + "Not CobaltStrike") 104 } 105 } 106 } else { 107 beaconscan.Beaconinit(*u, *o, *t, *IsSave) 108 } 109 } 110 }