Parses Cobalt Strike malleable C2 profiles
Project description
pyMalleableProfileParser
Parses Cobalt Strike malleable C2 profiles.
Installation :gear:
pip3 install pymalleableprofileparser
Usage
MalleableProfile class
from mpp import MalleableProfile
mp = MalleableProfile(profile='/path/to/profile')
mp.profile # profile as a dictionary
Get attributes easily
mp.sleeptime # option
mp.http_get # group
Profile attribute structure (dict)
profile = {
'option': '',
'group_name': {
'option': '',
'statements': ['statement'],
'sub_group_name': {
'option': '',
'statements': ['statement'],
}
}
}
Example: amazon.profile
{'sleeptime': '5000',
'jitter': '0',
'maxdns': '255',
'useragent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
'http-get': {'statements': [],
'uri': '/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books',
'client': {'statements': ['header "Accept" "*/*";',
'header "Host" "www.amazon.com";'],
'metadata': {'statements': ['base64;',
'prepend "session-token=";',
'prepend "skin=noskin;";',
'append "csm-hit=s-24KU11BB82RZSYGJ3BDK|1419899012996";',
'header "Cookie";']}},
'server': {'statements': ['header "Server" "Server";',
'header "x-amz-id-1" "THKUYEZKCKPGY5T42PZT";',
'header "x-amz-id-2" "a21yZ2xrNDNtdGRsa212bGV3YW85amZuZW9ydG5rZmRuZ2tmZGl4aHRvNDVpbgo=";',
'header "X-Frame-Options" "SAMEORIGIN";',
'header "Content-Encoding" "gzip";'],
'output': {'statements': ['print;']}}},
'http-post': {'statements': [],
'uri': '/N4215/adj/amzn.us.sr.aps',
'client': {'statements': ['header "Accept" "*/*";',
'header "Content-Type" "text/xml";',
'header "X-Requested-With" "XMLHttpRequest";',
'header "Host" "www.amazon.com";',
'parameter "sz" "160x600";',
'parameter "oe" "oe=ISO-8859-1;";',
'parameter "s" "3717";',
'parameter "dc_ref" "http%3A%2F%2Fwww.amazon.com";'],
'id': {'statements': ['parameter "sn";']},
'output': {'statements': ['base64;', 'print;']}},
'server': {'statements': ['header "Server" "Server";',
'header "x-amz-id-1" "THK9YEZJCKPGY5T42OZT";',
'header "x-amz-id-2" "a21JZ1xrNDNtdGRsa219bGV3YW85amZuZW9zdG5rZmRuZ2tmZGl4aHRvNDVpbgo=";',
'header "X-Frame-Options" "SAMEORIGIN";',
'header "x-ua-compatible" "IE=edge";'],
'output': {'statements': ['print;']}}}}
Help :construction_worker:
Join us in discussions
I use GitHub Discussions to talk about all sorts of topics related to this repo.
Open an issue
First, check out the existing issues. If you spot something new, open an issue. We'll use the issue to have a conversation about the problem you want to fix, and I'll try to get to it as soon as I can.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Close
Hashes for pyMalleableProfileParser-0.2.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c81b353e23a8fda98ee6bd1c4a9138ce2f5fe6e8e34a18c546daa9548415366d |
|
| MD5 | 4e6c9a0e22dc59dde98911178f8a3bdc |
|
| BLAKE2b-256 | 31b33004ed4454f4dae6cbb19c02bffe2ae7e0bf656919b35217110fe4413200 |
