You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Marcel K. 5f47556ab0 tor test 1 month ago
cmd tor test 1 month ago
screenshots update and push screenshot to repo 11 months ago
scripts hello,geacon! 1 year ago
tools/BeaconTool fix metadata for cs 4.1, but there is still a bug on Linux. 6 months ago
.gitignore hello,geacon! 1 year ago update to recommend Crossc2. 5 months ago


Using Go to implement CobaltStrike's Beacon

This project is for learning protocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY

How to play

  1. Setup the teamserver and start a http lisenter, the teamserver will generate the file .cobaltstrike.beacon_keys.
  2. Compile the BeaconTool with Jetbrains Idea, use command java -jar BeaconTool.jar to convert java keystore to PEM format.
  3. Replace the RSA key pair in the file cmd/config/config.go (the RSA private key is not required, I wrote it in the code just for the record)
  4. Compile the geacon whatever platform you want to run: for example, use the command export GOOS="darwin" && export GOARCH="amd64" && go build cmd/main.go to compile an executable binary running on MacOS.
  5. Having fun ! PR and issue is welcome ;)
  6. Geacon has just been tested on CobaltStrike 3.14 and only support default c2profile, so many hardcode in the project and I will not try to implement more C2profile support at this moment.
  7. Thanks for @xxxxxyyyy's PR, And now Geacon supports CobaltStrike 4.0, please checkout the branch 4.0 to compile.
  8. Geacon's branch master supports CobaltStrike 4.1, currently available functions include: executing commands, uploading, downloading, file browser, switching the current working directory, and exiting the current process.
  9. Geacon only focuses on protocol analysis, but if you want to experience more features, you can use another project of our partners, check out CrossC2 now!


Get the Geacon's command execution results on Linux. login

Protocol analysis

To be continued, I will update as soon as I have time ...


  1. Support CobaltStrike 4.x

  2. Fix the OS icon issue in session table

  3. String encoding issue

[email protected]