These functions apply to Cobalt Strike's custom report capability only.
Pull information from the applications model.
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the applications model.
printAll(agApplications($model));
Pull information from the c2info model.
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the c2info model.
printAll(agC2Info($model));
Pull information from the credentials model
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the credentials model.
printAll(agCredentials($model));
Pull information from the services model
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the services model.
printAll(agServices($model));
Pull information from the sessions model
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the sessions model.
printAll(agSessions($model));
Pull information from the targets model.
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the targets model.
printAll(agTargets($model));
Pull information from the phishing tokens model.
$1
- the model to pull this information from.An array of dictionary objects that describes each entry in the phishing tokens model.
printAll(agTokens($model));
Maps a MITRE ATT&CK tactic ID to its longer description.
The full description of the tactic
println(attack_describe("T1134"));
Maps a MITRE ATT&CK tactic ID to its detection strategy
The detection strategy for this tactic.
println(attack_detect("T1134"));
Maps a MITRE ATT&CK tactic ID to its mitigation strategy
The mitigation strategy for this tactic.
println(attack_mitigate("T1134"));
Maps a MITRE ATT&CK tactic ID to its short name.
The name or short description of the tactic.
println(attack_name("T1134"));
An array of MITRE ATT&CK tactics known to Cobalt Strike.
An array of tactic IDs (e.g., T1001, T1002, etc.).
printAll(attack_tactics());
Maps a MITRE ATT&CK tactic ID to the URL where you can learn more.
The URL associated with this tactic.
println(attack_url("T1134"));
Define a bookmark [PDF document only]
$1
- The bookmark to define [must be the same as &h1 or &h2 title].$2
- (Optional) Define a child bookmark [must be the same as &h1 or &h2 title].# build out a document structure h1("First"); h2("Child #1"); h2("Child #2"); # define bookmarks for it bookmark("First"); bookmark("First", "Child #1"); bookmark("First", "Child #2");
Print a line-break.
br();
Set a description for a report.
$1
- The report to set a default description for.$2
- The default descriptiondescribe("Foo Report", "This report is about my foo"); report "Foo Report" { # yada yada yada... }
Prints a title heading.
$1
- the heading to print.h1("I am the title");
Prints a sub-title heading.
$1
- the text to print.h2("I am the sub-title");
Prints a sub-sub-title heading.
$1
- the text to print.h3("I am not important.");
Prints a sub-sub-sub-title heading.
$1
- the text to print.h4("I am really not important.");
Prints a table with key/value pairs.
$1
- a dictionary with key/value pairs to print.# use an ordered-hash to preserve order $table = ohash(); $table["#1"] = "first"; $table["#2"] = "second"; $table["#3"] = "third"; kvtable($table);
Changes the orientation of this document to landscape.
landscape();
Prints a table with no borders and no column headers.
$1
- an array with column names$2
- an array with width values for each column$3
- an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.@cols = @("First", "Second", "Third"); @widths = @("2in", "2in", "auto"); @rows = @( %(First => "a", Second => "b", Third => "c"), %(First => "1", Second => "2", Third => "3")); layout(@cols, @widths, @rows);
Prints an unordered list
$1
- an array with individual bullet points.@list = @("apple", "bat", "cat"); list_unordered(@list);
Group report elements together without a line break.
$1
- the function with report elements to group together.# keep this stuff on the same page... nobreak({ h2("I am the sub-title"); p("I am the initial information"); });
Print elements against a grey backdrop. Line-breaks are preserved.
$1
- the function with report elements to group as output.output({ p("This is line 1 and this is line 2."); });
Prints a paragraph of text.
$1
- the text to print.p("I am some text!");
Prints a paragraph of text with some format preservation.
$1
- the text to print.1. This function preserves newlines
2. You may specify bulleted lists:
* I am item 1 * I am item 2 * etc.
3. You may specify a heading
===I am a heading===
p_formatted("===Hello World===\n\nThis is some text.\nI am on a new line\nAnd, I am:\n* Cool\n* Awesome\n* A bulleted list");
Prints a table
$1
- an array with column names$2
- an array with width values for each column$3
- an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.@cols = @("First", "Second", "Third"); @widths = @("2in", "2in", "auto"); @rows = @( %(First => "a", Second => "b", Third => "c"), %(First => "1", Second => "2", Third => "3")); table(@cols, @widths, @rows);
Prints a time/date stamp in italics.
ts();