forked from ramen0x3f/AggressorScripts
-
Notifications
You must be signed in to change notification settings - Fork 1
/
save_log.cna
57 lines (45 loc) · 1.26 KB
/
save_log.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#### Aggressor script to simplify exporting command output
### Author: Alyssa (ramen0x3f)
### Usage ###
# 1. Import into Cobalt Strike
# 2. From beacon run
# > start_log
# > [commands]
# > stop_log
### Output ###
# cobaltstrike/saved_logs/[beacon id]_yyyyMMdd_HHmmssSSS.log
global('%logging');
alias start_log {
if ( %logging[$1] ) { #check if already logging
berror($1, "Logging already started on this beacon.");
return;
}
if (!-exists "./saved_logs/" ) { #check if saved_logs exists
mkdir("./saved_logs"); #create otherwise
}
$filepath = "./saved_logs/" . $1 . "_" . formatDate("yyyyMMdd_HHmmssSSS") . ".log";
if (!-exists $filepath) { #create and save handle to log
createNewFile($filepath);
blog($1, "Saving output to " . $filepath . "\n");
%logging[$1] = openf(">" . $filepath);
}
}
alias stop_log {
if ( !%logging[$1] ) { #check if actually logging
berror($1, "Logging not started on this beacon.");
return;
}
closef(%logging[$1]); #close handle and delete key
removeAt(%logging, $1);
blog($1, "Output saved.");
}
on beacon_output {
if ( %logging[$1] ) {
println(%logging[$1], $2);
}
}
on beacon_tasked {
if ( %logging[$1] ) {
println(%logging[$1], "[" . formatDate($3, 'yyyy-MM-dd HH:mm:ss z') . "] BID " . $1 . " " . $2);
}
}