Scripts for text notifications of incoming beacons

raum01 · Sep 8, 2016 · 7948b51 · 7948b51
1 parent c6820a7
commit 7948b51
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/beacontext.py b/beacontext.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+
+import argparse
+import smtplib
+from email.MIMEMultipart import MIMEMultipart
+from email.MIMEText import MIMEText
+
+parser = argparse.ArgumentParser(description='beacon info')
+parser.add_argument('--computer')
+parser.add_argument('--ip')
+args = parser.parse_args()
+
+fromaddr = "<gmaile-mailaccounthere>"
+toaddr = ["7777777777@txt.att.net", "8888888888@vtext.com"]
+msg = MIMEMultipart()
+msg['From'] = fromaddr
+msg['To'] = ", ".join(toaddr)
+msg['Subject'] = "INCOMING BEACON"
+
+hostname = args.computer
+internal_ip = args.ip
+
+body = "Check your teamserver! \nHostname - " + hostname + "\nInternal IP - " + internal_ip
+msg.attach(MIMEText(body, 'plain'))
+
+server = smtplib.SMTP('smtp.gmail.com', 587)
+server.starttls()
+server.login(fromaddr, "<gmailpasswordhere>")
+text = msg.as_string()
+server.sendmail(fromaddr, toaddr, text)
+server.quit()
diff --git a/text_aggressor.cna b/text_aggressor.cna
@@ -0,0 +1,7 @@
+on beacon_initial {
+        local('$user');
+        local('$internal');
+        $computer = beacon_info($1, "computer");
+        $internal = beacon_info($1, "internal");
+        exec("/root/cobaltstrike/emailme.py --ip " . $internal . " --computer '" . $computer . "'");
+}