Skip to content

A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Notifications You must be signed in to change notification settings

akkuman/EvilEye

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

EvilEye

EvilEye is a BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Try & Run

download EvilEye in releases

./EvilEye.exe

Screenshot

Build

go install github.com/akkuman/EvilEye

As a package to use

package main

import (
	"fmt"
	"time"

	"github.com/akkuman/EvilEye/beaconeye"
)

func banner() string {
	return `EvilEye by @akkuman(github.com/akkuman)`
}

func main() {
	fmt.Printf("%s\n\n\n", banner())
	v1 := time.Now()
	evilResults := make(chan beaconeye.EvilResult)
	go func() {
		err := beaconeye.FindEvil(evilResults, 4)
		if err != nil {
			panic(err)
		}
	}()
	count := 0
	for v := range evilResults {
		fmt.Printf("%s (%d), Keys Found:True, Configuration Address: 0x%x\n", v.Name, v.Pid, v.Address)
		fmt.Printf("%s\n", v.Extractor.GetConfigText())
		count++
	}
	v2 := time.Now()
	fmt.Printf("The program took %v to find out %d processes\n", v2.Sub(v1), count)
}

TODO

  • Extraction configuration from memory(portion done)

References

About

A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published