Created
March 26, 2021 21:59
-
-
Save thesubtlety/594ff8387d7ee232415c4989ce20bb3b to your computer and use it in GitHub Desktop.
Stale beacon slacker, only messages once
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CNA script to alert on dead beacons. Doesn't repeat messages. | |
| # author: noah @thesubtlety | |
| # credit https://github.com/bluscreenofjeff/AggressorScripts/blob/master/stale-beacon-notifier.cna - bluescreenofjeff | |
| $webhook_url = "https://hooks.slack.com/services/xxxxx"; | |
| $slack_channel = "#crackers"; | |
| %beacon_status = %(); | |
| # default stale value of 5 minutes (300000ms) | |
| $stale_value = 300000; | |
| on heartbeat_5m { | |
| foreach $beacon (beacons()) { | |
| $computer = $beacon['computer']; | |
| $pid = $beacon['pid']; | |
| $bid = $beacon['id']; | |
| if (($beacon["last"] > $stale_value) && ($beacon["pbid"] eq '')) { | |
| if (%beacon_status[$bid]["status"] eq "dead") { | |
| break; | |
| } | |
| %beacon_status[$bid] = %(status => "dead"); | |
| $last_checkin = $beacon["last"] / 1000; | |
| println("The beacon on " . $beacon['computer'] . " hasn't checked in for " . $last_checkin . " seconds."); | |
| @curl_command = @('curl','-X','POST','--data-urlencode','payload={"username": "Continuous Op Bot", "icon_emoji": ":skeleton:", "channel": "' . $slack_channel . '", "text":"Beacon on ' . $beacon['computer'] . ' (' . $beacon['pid'] . ') now alive. "}',$webhook_url); | |
| exec(@curl_command); | |
| } else { | |
| %beacon_status[$bid] = %(status => "alive"); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment