A Bash script that automates the creation of a Cobalt Strike Malleable Profile. TLS certificates from nginx should be in a zip file called certificates.zip
. The zip file should be in the same directory as mal_gen.
Usage:
git clone https://github.com/tpmiller87/mal_gen.git
cd mal_gen
chmod +x mal_gen.sh
./mal_gen.sh
You will be prompted for the following options:
Option for TSL certs. If yes, it will generate a keystore file and random password for your certs (must be in a zip called certificates.zip in the same directory).
a. If no, it will fill in the HTTPS section with self-signed certs based on Outlook. THIS SHOULD BE FOR RANGES OR TESTING ONLY, NOT OPSEC SAFE!!!
Remember to run C2Lint against the finished file!
BIG credit goes to the SourcePoint tool made by Tylous. This tool is 90% a bash port of SourcePoint with a few additional customizations of my own.
Some of the modifications were also made by using the tools from this article from White Knight Labs.