#!/usr/bin/python import os import sys import datetime operator_path = '/opt/cobaltstrike/logs/operator_logs/operator_input/' beacon_path = '/opt/cobaltstrike/logs/operator_logs/beacon_output/' args = sys.argv[1:] num = 0 date_timestamp = str(datetime.datetime.now().strftime("%Y%b%d")) log_file_path = date_timestamp+"_"+str(" ".join(args))+"_log.html" log_file = open(log_file_path,"a+") log_file.write("""

Logged @ """ + str(datetime.datetime.now().strftime("%Y%b%d %H:%M:%S")) + """

""") for filename in os.listdir(operator_path): with open(operator_path+filename,"r") as log: for line in log: if " ".join(args) in line: num += 1 cmd_info = line.split(">")[0] operator_name = cmd_info.split("[")[0] ip = str(str(cmd_info.split("[")[1]).split("]")[0]).split("_")[0] hostname = str(str(cmd_info.split("[")[1]).split("]")[0]).split("_")[1] user = str(str(cmd_info.split("|")[0]).split("]")[1]).split("/")[0] pid = str(str(cmd_info.split("|")[0]).split("]")[1]).split("/")[1] timestamp = cmd_info.split("|")[1] date = str(timestamp.split(" ")[0]) cmd = line.split(">")[1:] table = """ """ % (operator_name,ip,hostname,user,pid,timestamp,str(' '.join(cmd)),beacon_path,date,ip,hostname) log_file.write(table) log_file.write("""

OperatorName	TargetIP	TargetHostname	Username	ProcessId	Timestamp	Command	LogOutput
%s	%s	%s	%s	%s	%s	%s	Log Output

""" + str(num) + """ Log Entries

""") log_file.close()