github.com/ck00004/CobaltStrikeParser-Go@v1.0.14/main.go (about)

     1  package main
     2  
     3  import (
     4  	"bufio"
     5  	"flag"
     6  	"fmt"
     7  	"io"
     8  	"io/ioutil"
     9  	"os"
    10  	"strings"
    11  	"sync"
    12  
    13  	"github.com/ck00004/CobaltStrikeParser-Go/beaconscan"
    14  )
    15  
    16  var u = flag.String("u", "", "This can be a url (if started with http/s)")
    17  var f = flag.String("f", "", "This can be a file path (if started with http/s)")
    18  var o = flag.String("o", "", "out file")
    19  var t = flag.Int("t", 30, "timeout. default:30")
    20  var br = flag.Int("br", 1, "thread,import file valid. default:1")
    21  var IsSave = flag.Bool("issave", false, "save not decrypted data to file ,Saved in the data directory. default:false")
    22  var BeaconFile = flag.String("beaconfile", "", "beacon config file path")
    23  
    24  func main() {
    25  	flag.Parse()
    26  	if flag.NFlag() == 0 {
    27  		flag.Usage()
    28  		os.Exit(1)
    29  	}
    30  	if *f != "" && *u == "" {
    31  		var wg sync.WaitGroup
    32  		var ChanUrlList chan string
    33  		var num = 0
    34  		var mutex sync.Mutex
    35  		var urllist []string
    36  		filepath := *f
    37  		file, err := os.OpenFile(filepath, os.O_RDWR, 0666)
    38  		if err != nil {
    39  			fmt.Println("Open file error!", err)
    40  			return
    41  		}
    42  		defer file.Close()
    43  
    44  		buf := bufio.NewReader(file)
    45  		for {
    46  			line, err := buf.ReadString('\n')
    47  			line = strings.TrimSpace(line)
    48  			if line != "" {
    49  				urllist = append(urllist, line)
    50  			}
    51  			if err != nil {
    52  				if err == io.EOF {
    53  					break
    54  				} else {
    55  					return
    56  				}
    57  			}
    58  		}
    59  		ChanUrlList = make(chan string, len(urllist))
    60  		for filelen := 0; filelen < len(urllist); filelen++ {
    61  			ChanUrlList <- urllist[filelen]
    62  		}
    63  		for i := 0; i < *br; i++ {
    64  			wg.Add(1)
    65  			go beaconscan.BeaconInitThread(&wg, &num, &mutex, ChanUrlList, *o, *t, *IsSave)
    66  		}
    67  
    68  		close(ChanUrlList)
    69  		wg.Wait()
    70  	} else if *BeaconFile != "" {
    71  		var Bodygot beaconscan.BodyMap
    72  		filebuf, BeaconFileerr := os.OpenFile(*BeaconFile, os.O_RDWR, 0666)
    73  		if BeaconFileerr != nil {
    74  			fmt.Println("Open file error!", BeaconFileerr)
    75  			return
    76  		}
    77  		defer filebuf.Close()
    78  		BeaconBuf, _ := ioutil.ReadAll(filebuf)
    79  		got := beaconscan.Beacon_config(BeaconBuf)
    80  		if got.C2Server != "" {
    81  			Bodygot.Beaconconfig = got
    82  			Bodygot.IsCobaltStrike = true
    83  		}
    84  		if *IsSave {
    85  			Bodygot = beaconscan.Write_decrypted_data(Bodygot, *BeaconFile)
    86  		}
    87  		if *o == "" {
    88  			fmt.Println(beaconscan.StructToJson(Bodygot))
    89  		} else {
    90  			beaconscan.JsonFileWrite(*o, beaconscan.StructToJson(Bodygot))
    91  		}
    92  	} else {
    93  		if *o == "" {
    94  			beaconinfo, err := beaconscan.Beaconinit(*u, "", *t, *IsSave)
    95  			if err != nil {
    96  				fmt.Println(err)
    97  			} else {
    98  				if beaconinfo.IsCobaltStrike {
    99  					fmt.Println(beaconscan.StructToJson(beaconinfo))
   100  				} else if beaconinfo.Confidence > 0 {
   101  					fmt.Println(*u + beaconinfo.ConfidenceInfo)
   102  				} else {
   103  					fmt.Println(*u + "Not CobaltStrike")
   104  				}
   105  			}
   106  		} else {
   107  			beaconscan.Beaconinit(*u, *o, *t, *IsSave)
   108  		}
   109  	}
   110  }