These functions apply to Cobalt Strike's custom report capability only.
Pull information from the applications model.
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the applications model.
printAll(agApplications($model));
Pull information from the c2info model.
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the c2info model.
printAll(agC2Info($model));
Pull information from the credentials model
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the credentials model.
printAll(agCredentials($model));
Pull information from the services model
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the services model.
printAll(agServices($model));
Pull information from the sessions model
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the sessions model.
printAll(agSessions($model));
Pull information from the targets model.
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the targets model.
printAll(agTargets($model));
Pull information from the phishing tokens model.
$1 - the model to pull this information from.An array of dictionary objects that describes each entry in the phishing tokens model.
printAll(agTokens($model));
Maps a MITRE ATT&CK tactic ID to its longer description.
The full description of the tactic
println(attack_describe("T1134"));
Maps a MITRE ATT&CK tactic ID to its detection strategy
The detection strategy for this tactic.
println(attack_detect("T1134"));
Maps a MITRE ATT&CK tactic ID to its mitigation strategy
The mitigation strategy for this tactic.
println(attack_mitigate("T1134"));
Maps a MITRE ATT&CK tactic ID to its short name.
The name or short description of the tactic.
println(attack_name("T1134"));
An array of MITRE ATT&CK tactics known to Cobalt Strike.
An array of tactic IDs (e.g., T1001, T1002, etc.).
printAll(attack_tactics());
Maps a MITRE ATT&CK tactic ID to the URL where you can learn more.
The URL associated with this tactic.
println(attack_url("T1134"));
Define a bookmark [PDF document only]
$1 - The bookmark to define [must be the same as &h1 or &h2 title].$2 - (Optional) Define a child bookmark [must be the same as &h1 or &h2 title].
# build out a document structure
h1("First");
h2("Child #1");
h2("Child #2");
# define bookmarks for it
bookmark("First");
bookmark("First", "Child #1");
bookmark("First", "Child #2");
Print a line-break.
br();
Set a description for a report.
$1 - The report to set a default description for.$2 - The default description
describe("Foo Report", "This report is about my foo");
report "Foo Report" {
# yada yada yada...
}
Prints a title heading.
$1 - the heading to print.
h1("I am the title");
Prints a sub-title heading.
$1 - the text to print.
h2("I am the sub-title");
Prints a sub-sub-title heading.
$1 - the text to print.
h3("I am not important.");
Prints a sub-sub-sub-title heading.
$1 - the text to print.
h4("I am really not important.");
Prints a table with key/value pairs.
$1 - a dictionary with key/value pairs to print.# use an ordered-hash to preserve order $table = ohash(); $table["#1"] = "first"; $table["#2"] = "second"; $table["#3"] = "third"; kvtable($table);
Changes the orientation of this document to landscape.
landscape();
Prints a table with no borders and no column headers.
$1 - an array with column names$2 - an array with width values for each column$3 - an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.
@cols = @("First", "Second", "Third");
@widths = @("2in", "2in", "auto");
@rows = @(
%(First => "a", Second => "b", Third => "c"),
%(First => "1", Second => "2", Third => "3"));
layout(@cols, @widths, @rows);
Prints an unordered list
$1 - an array with individual bullet points.
@list = @("apple", "bat", "cat");
list_unordered(@list);
Group report elements together without a line break.
$1 - the function with report elements to group together.
# keep this stuff on the same page...
nobreak({
h2("I am the sub-title");
p("I am the initial information");
});
Print elements against a grey backdrop. Line-breaks are preserved.
$1 - the function with report elements to group as output.
output({
p("This is line 1
and this is line 2.");
});
Prints a paragraph of text.
$1 - the text to print.
p("I am some text!");
Prints a paragraph of text with some format preservation.
$1 - the text to print.1. This function preserves newlines
2. You may specify bulleted lists:
* I am item 1 * I am item 2 * etc.
3. You may specify a heading
===I am a heading===
p_formatted("===Hello World===\n\nThis is some text.\nI am on a new line\nAnd, I am:\n* Cool\n* Awesome\n* A bulleted list");
Prints a table
$1 - an array with column names$2 - an array with width values for each column$3 - an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.
@cols = @("First", "Second", "Third");
@widths = @("2in", "2in", "auto");
@rows = @(
%(First => "a", Second => "b", Third => "c"),
%(First => "1", Second => "2", Third => "3"));
table(@cols, @widths, @rows);
Prints a time/date stamp in italics.
ts();