Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
beacon.h		beacon.h
bofcompile.bat		bofcompile.bat
enumhandles.c		enumhandles.c
enumhandles.cna		enumhandles.cna
enumhandles.h		enumhandles.h
enumhandles.o		enumhandles.o

README.md

EnumHandles

Enumerate process and thread handle types between processes.

Options

Search options:

all: list all processes with handles to all other processes.
h2p: list all processes that have a handle to a specific process.
p2h: list handles from a specific process to all other processes.

Handle query options:

proc: search for PROCESS type handles.
thread: search for THREAD type handles.

Targeted search options:

<pid>: for both the h2p and p2h search options, specify the PID of the process your interested in.

Usage

enumhandles all <proc | thread>
enumhandles h2p <proc | thread> <pid>
enumhandles p2h <proc | thread> <pid>

Compile

1. Make sure Visual Studio is installed and supports C/C++.
2. Open the x64 Native Tools Command Prompt for VS <2019/2022> terminal.
3. Run the bofcompile.bat script to compile the object file.
4. In Cobalt strike, use the script manager to load the .cna script to import the tool.