NotificationsYou must be signed in to change notification settings
Fork32
Star211

Commita80156d

authored

Merge pull request#6 from leebaird/master

Alphabetized and removed duplicates.

2 parentsd54603d +dc8ceb9 commita80156dCopy full SHA for a80156d

File tree

1 file changed

+10

-10

lines changed

HelpColor.cna

1 file changed

+10

-10

lines changed

`‎HelpColor.cna‎`

Lines changed: 10 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,24 +20,24 @@ alias helpx {`
`20`	`20`	`# highlight the following commands`
`21`	`21`	`# CS built-in commands based on: https://www.cobaltstrike.com/help-opsec`
`22`	`22`
`23`		`- @ApiOnly_builtin = @("!", "cd", "cp", "connect", "clipboard", "download", "drives", "exit", "getprivs", "getuid", "history", "inline-execute", "jobkill", "kill", "link", "ls", "make_token", "mkdir", "mv", "ps", "pwd", "rev2self", "rm", "rportfwd", "rportfwd_local", "setenv", "socks", "steal_token", "unlink", "upload");`
	`23`	`+ @ApiOnly_builtin = @("!", "cd", "clipboard", "connect", "cp", "download", "drives", "exit", "getprivs", "getuid", "history", "inline-execute", "jobkill", "kill", "link", "ls", "make_token", "mkdir", "mv", "ps", "pwd", "rev2self", "rm", "rportfwd", "rportfwd_local", "setenv", "socks", "steal_token", "unlink", "upload");`
`24`	`24`	`@ApiOnly_custom = @("ps-find");`
`25`		`- @Housekeeping_builtin = @("argue", "blockdlls", "cancel", "checkin", "clear", "downloads", "file_browser", "help", "jobs", "mode dns", "modedns-txt", "modedns6", "note", "powershell-import", "ppid", "process_browser", "sleep", "socks stop", "spawnto", "windows_error_code");`
	`25`	`+ @Housekeeping_builtin = @("argue", "blockdlls", "cancel", "checkin", "clear", "downloads", "file_browser", "help", "jobs", "mode dns", "modedns6", "modedns-txt", "note", "powershell-import", "ppid", "process_browser", "sleep", "socks stop", "spawnto", "windows_error_code");`
`26`	`26`	`@Housekeeping_custom = @("helpx");`
`27`	`27`	`@ForkRun_builtin = @("chromedump", "covertvpn", "dcsync", "execute-assembly", "hashdump", "logonpasswords", "mimikatz", "net", "portscan", "powerpick", "pth", "ssh", "ssh-key");`
`28`		`- @ForkRun_custom = @("shovel", "sharpgen");`
`29`		`- @ForkRunOrTargetExplictProcess_builtin = @(,"browserpivot", "psinject", "desktop", "keylogger", "printscreen", "screenshot", "screenwatch");`
	`28`	`+ @ForkRun_custom = @("sharpgen", "shovel");`
	`29`	`+ @ForkRunOrTargetExplictProcess_builtin = @("browserpivot", "desktop", "keylogger", "printscreen", "psinject", "screenshot", "screenwatch");`
`30`	`30`	`@Bof_builtin = @("getsystem", "kerberos_ccache_use", "kerberos_ticket_purge", "kerberos_ticket_use", "reg", "timestomp");`
`31`		- @Bof_CS-Situational-Awareness-BOF = @("adcs_enum", "adcs_enum_com", "adcs_enum_com2", "adv_audit_policies", "arp", "cacls", "dir", "driversigs", "domainenum", "enumLocalSessions", "enum_filter_driver", "env", "findLoadedModule", "get_password_policy", "ipconfig", "ldapsearch", "listdns", "listmods", "listpipes", "locale", "netGroupList", "netGroupListMembers", "netLocalGroupList", "netLocalGroupListMembers", "netsession", "netshares", "netsharesAdmin", "netstat", "netuse_add", "netuse_delete", "netuse_list", "netuser", "netview", "notepad", "nslookup", "probe", "reg_query", "reg_query_recursive", "resources", "routeprint", "sc_enum", "sc_qc", "sc_qdescription", "sc_qfailure", "sc_qtriggerinfo", "sc_query", "schtasksenum", "schtasksquery", "tasklist", "uptime", "userenum", "vssenum", "whoami", "windowlist", "wmi_query");
`32`		`- @Bof_bofnet = @("bofnet_init", "bofnet_shutdown", "bofnet_list", "bofnet_listassemblies", "bofnet_execute", "bofnet_executeassembly", "bofnet_load", "bofnet_loadbig", "bofnet_job", "bofnet_jobs", "bofnet_jobstatus", "bofnet_jobkill", "bofnet_boo");`
	`31`	+ @Bof_CS-Situational-Awareness-BOF = @("adcs_enum", "adcs_enum_com", "adcs_enum_com2", "adv_audit_policies", "arp", "cacls", "dir", "domainenum", "driversigs", "enum_filter_driver", "enumLocalSessions", "env", "findLoadedModule", "get_password_policy", "ipconfig", "ldapsearch", "listdns", "listmods", "listpipes", "locale", "netGroupList", "netGroupListMembers", "netLocalGroupList", "netLocalGroupListMembers", "netsession", "netshares", "netsharesAdmin", "netstat", "netuse_add", "netuse_delete", "netuse_list", "netuser", "netview", "notepad", "nslookup", "probe", "reg_query", "reg_query_recursive", "resources", "routeprint", "sc_enum", "sc_qc", "sc_qdescription", "sc_qfailure", "sc_query", "sc_qtriggerinfo", "schtasksenum", "schtasksquery", "tasklist", "uptime", "userenum", "vssenum", "whoami", "windowlist", "wmi_query");
	`32`	`+ @Bof_bofnet = @("bofnet_boo","bofnet_execute","bofnet_executeassembly","bofnet_init","bofnet_job", "bofnet_jobs", "bofnet_jobkill","bofnet_jobstatus","bofnet_list","bofnet_listassemblies","bofnet_load","bofnet_loadbig","bofnet_shutdown");`
`33`	`33`	`@Bof_Outflank_credpack = @("credpack-dumpertng", "credpack-handledupminidump", "credpack-passwordspy", "credpack-processdupminidump");`
`34`		`- @Bof_custom = @("Askcreds", "Domaininfo", "dumpertng", "GetMachineAccountQuota", "AddMachineAccount", "DelMachineAccount", "shovelng", "Kerberoast", "Lapsdump", "Psw", "Smbinfo", "SprayAD", "StartWebClient", "Winver", "exitthread", "inlineExecute-Assembly", "hollow", "sec-inject", "sec-shinject", "kerberoast", "nanodump", "unhook");`
`35`		`- @ProcessExecution_builtin = @("execute", "run", "runas", "runu", "runasadmin");`
	`34`	`+ @Bof_custom = @("AddMachineAccount", "Askcreds", "DelMachineAccount", "Domaininfo", "dumpertng", "exitthread", "GetMachineAccountQuota", "hollow", "inlineExecute-Assembly", "Kerberoast", "Lapsdump", "nanodump", "Psw", "sec-inject", "sec-shinject", "shovelng", "Smbinfo", "SprayAD", "StartWebClient", "unhook", "Winver");`
	`35`	`+ @ProcessExecution_builtin = @("execute", "run", "runas", "runasadmin", "runu");`
`36`	`36`	`@ProcessSpawnAndInject_builtin = @("elevate", "shspawn", "spawn", "spawnas", "spawnu", "spunnel", "spunnel_local" );`
`37`	`37`	`@ProcessRemoteInject_builtin = @("dllinject", "dllload", "inject", "shinject");`
`38`	`38`	`@ProcessRemoteInject_custom = @("dumpert");`
`39`		`- @ProcessOrServiceCreation_builtin = @("shell", "pth", "jump", "powershell", "remote-exec");`
`40`		`- @DllSpawn_custom = @("HiddenDesktop", "psc", "psh", "psk", "psm", "psw", "psw", "psx", "Recon-AD-AllLocalGroups", "Recon-AD-Computers", "Recon-AD-Domain", "Recon-AD-Groups", "Recon-AD-LocalGroups", "Recon-AD-SPNs", "Recon-AD-Users", "Spray-AD", "PetitPotam");`
	`39`	`+ @ProcessOrServiceCreation_builtin = @("jump", "powershell", "pth", "remote-exec", "shell");`
	`40`	`+ @DllSpawn_custom = @("HiddenDesktop", "PetitPotam", "psc", "psh", "psk", "psm", "psw", "psx", "Recon-AD-AllLocalGroups", "Recon-AD-Computers", "Recon-AD-Domain", "Recon-AD-Groups", "Recon-AD-LocalGroups", "Recon-AD-SPNs", "Recon-AD-Users", "Spray-AD");`
`41`	`41`
`42`	`42`	`# start printing to current beacon`
`43`	`43`	`blog($1, "Available beacon commands with command type highlighting\n");`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita80156d

File tree

1 file changed

1 file changed

`‎HelpColor.cna‎`

0 commit comments