creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 13:14:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c47eed6a64a9bf44432050e78e2438e69503c8d1
Anthropic-Cybersecurity-Skills/skills/analyzing-cobalt-strike-malleable-profiles.bak/references/api-reference.md
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

1.8 KiB
Raw Blame History

API Reference: Analyzing Cobalt Strike Malleable Profiles

pyMalleableC2

from malleablec2 import Profile
from malleablec2.components import HttpGetBlock, HttpPostBlock, ClientBlock, ServerBlock

# Parse from file or string
p = Profile.from_file("amazon.profile")
p = Profile.from_string(code_string)
p = Profile.from_scratch()

# Set global options
p.set_option("sleeptime", "3000")
p.set_option("jitter", "0")
p.set_option("pipename", "mojo__##")

# HTTP blocks
http_get = HttpGetBlock()
http_get.set_option("uri", "/updates")
client = ClientBlock()
client.add_statement("header", "Accept", "*/*")
http_get.add_code_block(client)
p.add_code_block(http_get)

# AST and reconstruction
print(p.ast.pretty())   # Display AST
print(p)                # Reconstruct source

JARM TLS Fingerprinting

# Scan a single host
python3 jarm.py www.example.com

# Scan with specific port
python3 jarm.py 192.168.1.1 -p 8443

# Batch scan from file
python3 jarm.py -i targets.txt -o results.csv

Fingerprint format: 62-char hybrid hash

  • First 30 chars: cipher + TLS version (10 handshakes x 3 chars)
  • Last 32 chars: truncated SHA256 of cumulative extensions

Known Cobalt Strike JARM Hashes

JARM Hash Description
07d14d16d21d21d07c42d41d00041d... CS default config
07d14d16d21d21d00042d41d00041d... CS with Java 11

dissect.cobaltstrike (Alternative)

from dissect.cobaltstrike import beacon
b = beacon.BeaconConfig.from_file("beacon.bin")
print(b.protocol, b.port, b.sleeptime)

References

Reference in New Issue View Git Blame Copy Permalink