Report-Only Functions
These functions apply to Cobalt Strike's custom report capability only.
agApplications
Pull information from the applications model.
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the applications model.
Example
printAll(agApplications($model));
agC2info
Pull information from the c2info model.
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the c2info model.
Example
printAll(agC2Info($model));
agCredentials
Pull information from the credentials model
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the credentials model.
Example
printAll(agCredentials($model));
agServices
Pull information from the services model
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the services model.
Example
printAll(agServices($model));
agSessions
Pull information from the sessions model
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the sessions model.
Example
printAll(agSessions($model));
agTargets
Pull information from the targets model.
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the targets model.
Example
printAll(agTargets($model));
agTokens
Pull information from the phishing tokens model.
Arguments
$1 - the model to pull this information from.
Returns
An array of dictionary objects that describes each entry in the phishing tokens model.
Example
printAll(agTokens($model));
attack_describe
Maps a MITRE ATT&CK tactic ID to its longer description.
Returns
The full description of the tactic
Example
println(attack_describe("T1134"));
attack_detect
Maps a MITRE ATT&CK tactic ID to its detection strategy
Returns
The detection strategy for this tactic.
Example
println(attack_detect("T1134"));
attack_mitigate
Maps a MITRE ATT&CK tactic ID to its mitigation strategy
Returns
The mitigation strategy for this tactic.
Example
println(attack_mitigate("T1134"));
attack_name
Maps a MITRE ATT&CK tactic ID to its short name.
Returns
The name or short description of the tactic.
Example
println(attack_name("T1134"));
attack_tactics
An array of MITRE ATT&CK tactics known to Cobalt Strike.
Returns
An array of tactic IDs (e.g., T1001, T1002, etc.).
Example
printAll(attack_tactics());
attack_url
Maps a MITRE ATT&CK tactic ID to the URL where you can learn more.
Returns
The URL associated with this tactic.
Example
println(attack_url("T1134"));
bookmark
Define a bookmark [PDF document only]
Arguments
$1 - The bookmark to define [must be the same as &h1 or &h2 title].
$2 - (Optional) Define a child bookmark [must be the same as &h1 or &h2 title].
Example
# build out a document structure
h1("First");
h2("Child #1");
h2("Child #2");
# define bookmarks for it
bookmark("First");
bookmark("First", "Child #1");
bookmark("First", "Child #2");
br
Print a line-break.
Example
br();
describe
Set a description for a report.
Arguments
$1 - The report to set a default description for.
$2 - The default description
Example
describe("Foo Report", "This report is about my foo");
report "Foo Report" {
# yada yada yada...
}
h1
Prints a title heading.
Arguments
$1 - the heading to print.
Example
h1("I am the title");
h2
Prints a sub-title heading.
Arguments
$1 - the text to print.
Example
h2("I am the sub-title");
h3
Prints a sub-sub-title heading.
Arguments
$1 - the text to print.
Example
h3("I am not important.");
h4
Prints a sub-sub-sub-title heading.
Arguments
$1 - the text to print.
Example
h4("I am really not important.");
kvtable
Prints a table with key/value pairs.
Arguments
$1 - a dictionary with key/value pairs to print.
Example
# use an ordered-hash to preserve order $table = ohash(); $table["#1"] = "first"; $table["#2"] = "second"; $table["#3"] = "third"; kvtable($table);
landscape
Changes the orientation of this document to landscape.
Example
landscape();
layout
Prints a table with no borders and no column headers.
Arguments
$1 - an array with column names
$2 - an array with width values for each column
$3 - an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.
Example
@cols = @("First", "Second", "Third");
@widths = @("2in", "2in", "auto");
@rows = @(
%(First => "a", Second => "b", Third => "c"),
%(First => "1", Second => "2", Third => "3"));
layout(@cols, @widths, @rows);
list_unordered
Prints an unordered list
Arguments
$1 - an array with individual bullet points.
Example
@list = @("apple", "bat", "cat");
list_unordered(@list);
nobreak
Group report elements together without a line break.
Arguments
$1 - the function with report elements to group together.
Example
# keep this stuff on the same page...
nobreak({
h2("I am the sub-title");
p("I am the initial information");
})
output
Print elements against a grey backdrop. Line-breaks are preserved.
Arguments
$1 - the function with report elements to group as output.
Example
output({
p("This is line 1
and this is line 2.");
});
p
Prints a paragraph of text.
Arguments
$1 - the text to print.
Example
p("I am some text!");
p_formatted
Prints a paragraph of text with some format preservation.
Arguments
$1 - the text to print.
The Format Markup
1. This function preserves newlines
2. You may specify bulleted lists:
* I am item 1 * I am item 2 * etc.
3. You may specify a heading
===I am a heading===
Example
p_formatted("===Hello World===\n\nThis is some text.\nI am on a new line\nAnd, I am:\n* Cool\n* Awesome\n* A bulleted list");
table
Prints a table
Arguments
$1 - an array with column names
$2 - an array with width values for each column
$3 - an array with a dictionary object for each row. The dictionary should have keys that correspond to each column.
Example
@cols = @("First", "Second", "Third");
@widths = @("2in", "2in", "auto");
@rows = @(
%(First => "a", Second => "b", Third => "c"),
%(First => "1", Second => "2", Third => "3"));
table(@cols, @widths, @rows);
ts
Prints a time/date stamp in italics.
Example
ts();