> For the complete documentation index, see [llms.txt](https://wbglil.gitbook.io/cobalt-strike/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md).

# Cobalt Strike脚本使用

在Cobalt Strike中有一个非常实用的功能，就是可以加载各种脚本.

![](/files/-MEWNpwwULSc4PkR3ZN_)

* Load 加载脚本
* Unload 卸载脚本
* Reload 重新加载脚本

## 说一些常用常见的脚本

脚本名称：**elevate.cna**

脚本功能：增加五种提权方式

![](/files/-MDZyxbOwLpa0NiKohRR)

脚本名称：**ProcessTree.cna**&#x20;

脚本功能：让ps命令可以显示父子关系并显示颜色

![](/files/-MDZyxbPIEEY1l0FY-kf)

脚本名称：**CVE-2018-4878.cna**

脚本功能：CVE-2018-4878.cna

脚本名称：**ArtifactPayloadGenerator.cna**

脚本功能：创建多种类型的payload。生成的文件在cs目录下的opt\cobaltstrike\\

![](/files/-MDZyxbQLoDU7HdmFG_q)

脚本名称：**AVQuery.cna**

脚本功能：查询目标所安装的所有杀软

脚本名称：**CertUtilWebDelivery.cna**

脚本功能：利用CertUtil和rundll32生成会话这个应该都知道了解

![](/files/-MDZyxbRGMs5IR_9_b6m)

脚本名称：**RedTeamRepo.cna**

脚本功能：就是提示一下常用的渗透命令

![](/files/-MDZyxbSL4CtrbZ0Kkh2)

脚本名称：**ProcessColor.cna**

脚本功能：显示带有颜色的进程列表(不同颜色有不同含义)

![](/files/-MDZyxbT-G2mFW-nO7ms)

脚本名称：**EDR.cna**

脚本功能：检查有无终端安全产品

脚本名称：**logvis.cna**

脚本功能：显示Beacon命令日志

![](/files/-MDZyxbUyOWillDyad_i)

脚本名称：**ProcessMonitor.cna**

脚本功能：记录一段时间内程序启动的情况

脚本名称：**SMBPayloadGenerator.cna**

脚本功能：生成基于SMB的payload

脚本名称：**Persistence/Persistence\_Menu.cna**

脚本功能：持久化控制集合

备注:这个脚本是同目录脚本的一个集合

![](/files/-MDZyxbVes5Uge8Atkpx)

脚本名称：Eternalblue.cna

脚本功能：ms17-010

<https://gist.github.com/rsmudge/9b54a66744a94f3950cc171254057942>

备注：调用exploit/windows/smb/ms17\_010\_eternalblue

更多:<https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg>

个人认位这位老哥整理的已经很全面了，为了方便查看我将里面的一些集合脚本介绍的图片列了出来，在此感谢这位老哥

[https://github.com/harleyQu1nn/AggressorScripts](/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md)

![](/files/-MDZyxbW08s0YfXsqe2a)

[https://github.com/bluscreenofjeff/AggressorScripts](/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md)

![](/files/-MDZyxbXboAXcwAxvC9H)

[https://github.com/michalkoczwara/aggressor\_scripts\_collection](/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md)\
![](/files/-MDZyxbYKFxusev4nRkB)

<https://github.com/vysec/Aggressor-VYSEC>

![](/files/-MDZyxbZk8zhuyloPXz_)

<https://github.com/killswitch-GUI/CobaltStrike-ToolKit>

![](/files/-MDZyxb_-bwZLmax-IWP)

<https://github.com/ramen0x3f/AggressorScripts>

![](/files/-MDZyxbahjEmBh7GxTC3)

[https://github.com/rasta-mouse/Aggressor-Script](<https://github.com/rasta-mouse/Aggressor-Script >)

![](/files/-MDZyxbbnbx2jLqpHwui)

<https://github.com/Und3rf10w/Aggressor-scripts>

![](/files/-MDZyxbcso6Q5EnUDlAV)

<https://github.com/001SPARTaN/aggressor_scripts>

![](/files/-MDZyxbdYOMw7HP69JzT)

<https://github.com/gaudard/scripts/tree/master/red-team/aggressor>

![](/files/-MDZyxbeB2XVK1oITjyI)

<https://github.com/branthale/CobaltStrikeCNA>

![](/files/-MDZyxbfOLgxgsohRI0s)

* <https://github.com/threatexpress/aggressor-scripts>
* <https://github.com/threatexpress/red-team-scripts>
* <https://github.com/threatexpress/persistence-aggressor-script>

![](/files/-MDZyxbgBB_3yzBfSch0)

<https://github.com/FortyNorthSecurity/AggressorAssessor>

![](/files/-MDZyxbhreiM7a0uI8KX)

脚本来源:

* [https://github.com/rsmudge/ElevateKit](/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md)
* [https://github.com/vysec/CVE-2018-4878](/cobalt-strike/cobalt-strikejiao-ben-shi-yong.md)
* <https://github.com/harleyQu1nn/AggressorScripts>
* <https://github.com/bluscreenofjeff/AggressorScripts>
* <https://github.com/ramen0x3f/AggressorScripts>
* <https://github.com/360-A-Team/CobaltStrike-Toolset>
* <https://github.com/ars3n11/Aggressor-Scripts>
* <https://github.com/michalkoczwara/aggressor_scripts_collection>
* <https://github.com/vysec/Aggressor-VYSEC>
* <https://github.com/killswitch-GUI/CobaltStrike-ToolKit>
* <https://github.com/ZonkSec/persistence-aggressor-script>
* <https://github.com/ramen0x3f/AggressorScripts>
* [https://github.com/rasta-mouse/Aggressor-Script ](<https://github.com/rasta-mouse/Aggressor-Script >)
* <https://github.com/RhinoSecurityLabs/Aggressor-Scripts>
* <https://github.com/Und3rf10w/Aggressor-scripts>
* <https://github.com/Kevin-Robertson/Inveigh>
* <https://github.com/Genetic-Malware/Ebowla>
* <https://github.com/001SPARTaN/aggressor_scripts>
* <https://github.com/gaudard/scripts/tree/master/red-team/aggressor>
* <https://github.com/branthale/CobaltStrikeCNA>
* <https://github.com/oldb00t/AggressorScripts>
* <https://github.com/p292/Phant0m_cobaltstrike>
* <https://github.com/p292/DDEAutoCS>
* <https://github.com/secgroundzero/CS-Aggressor-Scripts>
* <https://github.com/skyleronken/Aggressor-Scripts>
* <https://github.com/tevora-threat/aggressor-powerview>
* <https://github.com/tevora-threat/PowerView3-Aggressor>
* <https://github.com/threatexpress/aggressor-scripts>
* <https://github.com/threatexpress/red-team-scripts>
* <https://github.com/threatexpress/persistence-aggressor-script>
* <https://github.com/FortyNorthSecurity/AggressorAssessor>
* <https://github.com/mdsecactivebreach/CACTUSTORCH>
* <https://github.com/C0axx/AggressorScripts>
* <https://github.com/offsecginger/AggressorScripts>
* <https://github.com/tomsteele/cs-magik>
* <https://github.com/bitsadmin/nopowershell>
* <https://github.com/SpiderLabs/SharpCompile>
* <https://github.com/SpiderLabs/SharpCompile>
* <https://github.com/realoriginal/reflectivepotato>
