A proof-of-concept custom Linux Beacon written in C that communicates with the Cobalt Strike teamserver using the HTTP/S protocol.
The goal of this project isn't to be a fully featured implant, nor is it limited to just Linux. It is to show that it is possible to make custom implants for Cobalt Strike for any platform. The only requirement is communicating with the teamserver correctly.
With custom implants you can define custom behavior, add new features, support different platforms and file types, apply obfuscation at compile time, and more. The possibilities are endless.
Hopefully one day Cobalt Strike will officially support developing custom Beacons by adding more documentation and quality of life features.
- HTTP/S listener support (default C2 profile)
- Contains some built-in commands:
sleep,cd,pwd,shell,ls,exit,upload,download - Linux BOF execution using TrustedSec's ELFLoader. Supports both TrustedSec & Outflank BOFs
- SOCKS proxy
Generating payloads with the Aggressor Script
Running commands & BOFs in the Linux Beacon
You can view the setup steps in the SETUP file.
Thank you to Kyle Avery for your help with integrating BOF execution and testing out the implant.
- Add support for custom C2 profiles
- Add TCP listener + connect functionality
- Continue fixing bugs