🔎🪲 Malleable C2 profiles parser and assembler library written in golang
Latest supported CobaltStrike version: 4.9.1
goMalleable treats you as a consenting adult and assumes you know how to write Malleable C2 Profiles. It's able to detect syntax errors, however there are no runtime checks implemented. It'll gladly generate profiles that don't actually work in production if instructed to do so. Always run the generated profiles through c2lint before using them in production!
Package can be installed with:
go get github.com/evendill/goMalleable@v1Function Parse parses Malleable profile string to easy-to-read structure. Full example Link.
package main
import (
"os"
malleable "github.com/evendill/goMalleable"
)
func main() {
...
data, _ := os.Open("example.profile")
parsed, _ := malleable.Parse(data)
...
}Full definition of structure can be found here.
You may print this structure as string to get Malleable profile file. Full example: Link.
fmt.Println(parsed)Output:
...
set host_stage "false";
set jitter "33";
set tcp_frame_header "";
set useragent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36";
https-certificate {
set CN "whatever.com";
set L "California";
set O "whatever LLC.";
set OU "local.org";
set ST "CA";
set validity "365";
set C "US";
}
...
| Link | Description |
|---|---|
| Link | Example of profile parsing |
| Link | Example of profile creation |
- Use map[Name]Type instead of []Type with Name field