phantinuss/cobaltstrike-profile-stats

## cobaltstrike-profile-stats
It's ugly, but only intended to run it once. For reproducibility:

1. fetch data from https://gist.githubusercontent.com/MHaggis/6c600e524045a6d49c35291a21e10752/raw/9dd392bd5805386f021792264f93c42df44ddfb0/malleable_c2_profiles
# while read -r line; do curl $line|grep "spawnto"; done < in.cobaltstrike-profiles > out.cobaltstrike-profile-targets

2. clean the data, make stats
# cat out.cobaltstrike-profile-targets | awk '{$1=$1;print}' |grep -v "^#" | grep "set spawnto_" | grep -v "^job" |grep -Po "set spawnto_x.. \"(.*)\";" | cut -d\" -f2 | grep -Po "\\\([^\\\]*.exe)" | sort | uniq -c |sort -nr
	It's ugly, but only intended to run it once. For reproducibility:

	1. fetch data from https://gist.githubusercontent.com/MHaggis/6c600e524045a6d49c35291a21e10752/raw/9dd392bd5805386f021792264f93c42df44ddfb0/malleable_c2_profiles
	# while read -r line; do curl $line\|grep "spawnto"; done < in.cobaltstrike-profiles > out.cobaltstrike-profile-targets

	2. clean the data, make stats
	# cat out.cobaltstrike-profile-targets \| awk '{$1=$1;print}' \|grep -v "^#" \| grep "set spawnto_" \| grep -v "^job" \|grep -Po "set spawnto_x.. \"(.)\";" \| cut -d\" -f2 \| grep -Po "\\\([^\\\].exe)" \| sort \| uniq -c \|sort -nr