CSASC

Cobalt Strike Aggressor Script Collection

This repository is to collect and share various Aggressor Scripts. All credit is due to the authors of these scripts.
Please note that there may be some duplicated and overlap between collections.

TODO: Add descriptions for each script

Und3rf10w

Original Github source: https://github.com/Und3rf10w
Twitter: https://twitter.com/Und3rf10w
Contains:

• Ebowla
• External C2 Framework
• Inveigh
• Kits
• Pushover
• Reports
• auto-keylogger.cna
• webservice.sl

RhinoSecurityLabs

Original Github source: https://github.com/RhinoSecurityLabs
Twitter: https://twitter.com/RhinoSecurity
Contains:

• External C3 Framework (fork from Und3rf10w)

tevora-threat

Original Github source: https://github.com/tevora-threat
Twitter:
Contains:

• PowerView.cna

rvrsh3ll

Original Github source: https://github.com/rvrsh3ll
Twitter: https://twitter.com/424f424f
Contains:

• Logging
• Persistence
• All_In_One.cna
• ArtifactPayloadGenerator.cna
• AVQuery.cna
• CertUtilWebDelivery.cna
• ProcessColor.cna
• ProcessMonitor.cna
• RedTeamRepo.cna

001SPARTaN

Original Github source: https://github.com/001SPARTaN
Twitter: https://twitter.com/001SPARTaN
Contains:

• csfm
• ElevateKit
• visualizations
• bot.cna
• custom_defaults.cna
• dcom_lateral_movement.cna
• download_screenshots.cna
• http.cna
• powershell.cna
• web.cna

vysec

Original Github source: https://github.com/vysec
Twitter: https://twitter.com/vysecurity
Contains:

• ANGRYPUPPY
• CACTUSTORCH
• auto-keylog-consent.cna
• auto-prepenv.cna
• Blacklist.cna
• credleak.cna
• http.cna
• mimikatz_addons.cna
• ping.cna
• portfwd.cna
• pushover-ng.cna
• test.cna
• virustotal-ng.cna
• vnc-psh.cna

ZonkSec

Original Github source: https://github.com/ZonkSec
Twitter: https://twitter.com/ZonkSec
Contains:

• persistence.cna

rasta-mouse

Original Github source: https://github.com/rasta-mouse
Twitter: https://twitter.com/_RastaMouse
Contains:

• DDEAutoCS
• elevate
• persistence
• loader.cna

ramen0x3f

Original Github source: https://github.com/ramen0x3f
Twitter: https://twitter.com/ramen0x3f
Contains:

• cdolla.cna
• compromised_log.rpt
• credpocalypse.cna
• save_log.cna
• utils.cna

bluscreenofjeff

Original Github source: https://github.com/bluscreenofjeff
Twitter: https://twitter.com/bluscreenofjeff
Contains:

• Beaconpire
• CCDC
• OPSEC Profiles
• apache-style-weblog-output.cna
• beacon_to_empire.cna
• beaconestablishednote.cna
• beaconid_note.cna
• checkin_jobs_context.cna
• eventlog-to-slack.cna
• forcecheckin.cna
• mass-dcsync.cna
• mimikatz-every-30m.cna
• mimikatz-timestamp-note-BETA.cna
• ping_aliases.cna
• powershell.cna
• ps-window-alias.cna
• silver-tickets.cna
• slack-notify-beacon.cna
• slack-notify-webhit.cna
• sleep-down-when-no-operators.cna
• sleeptimer.cna
• stale-beacon-notifier.cna
• timestamped_activitylog_export.cna

killswitch-GUI

Original Github source: https://github.com/killswitch-GUI
Twitter: https://twitter.com/Killswitch_GUI
Contains:

• host
• DA-Watch.cna
• Initial-DACheck.cna
• Initial-LAdminCheck.cna

harleyQu1nn

Original Github source: https://github.com/harleyQu1nn
Twitter: https://twitter.com/r3dQu1nn
Contains:

• Logging
• Persistence
• All_In_One.cna
• ArtifactPayloadGenerator.cna
• AVQuery.cna
• CertUtilWebDelivery.cna
• EDR.cna
• logvis.cna
• ProcessColor.cna
• ProcessMonitor.cna
• RedTeamRepo.cna