Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Notifications You must be signed in to change notification settings

akkuman/EvilEye

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

28 Commits

Repository files navigation

EvilEye

EvilEye is a BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Try & Run

download EvilEye in releases 

./EvilEye.exe

Screenshot

Build

go install github.com/akkuman/EvilEye

As a package to use

package main
import (
	"fmt"
	"time"
	"github.com/akkuman/EvilEye/beaconeye"
)
func banner() string {
	return `EvilEye by @akkuman(github.com/akkuman)`
}
func main() {
	fmt.Printf("%s\n\n\n", banner())
	v1 := time.Now()
	evilResults := make(chan beaconeye.EvilResult)
	go func() {
		err := beaconeye.FindEvil(evilResults, 4)
		if err != nil {
			panic(err)
		}
	}()
	count := 0
	for v := range evilResults {
		fmt.Printf("%s (%d), Keys Found:True, Configuration Address: 0x%x\n", v.Name, v.Pid, v.Address)
		fmt.Printf("%s\n", v.Extractor.GetConfigText())
		count++
	}
	v2 := time.Now()
	fmt.Printf("The program took %v to find out %d processes\n", v2.Sub(v1), count)
}

TODO

  • Extraction configuration from memory(portion done)

References

About

A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

AltStyle によって変換されたページ (->オリジナル) /