Armitage是一款Java写的Metasploit图形界面的渗透测试软件,可以用它结合Metasploit已知的exploit来针对存在的漏洞自动化攻击。
bt5、kali LINX下集成免费版本阿米蒂奇,Cobaltstrike是它的商业版本,乃们懂得,图形界面非常友好,一键傻瓜化使用MSF高级功能,自动渗透测试。
2 Dec 15 - Cobalt Strike 3.1
--------
+ Beacon help command complains when asked about a command that doesn't exist
+ VNC server stage is now encoded
+ Bypass UAC on Windows 10 now takes steps to use an artifact that's OK with
blocking DLL_PROCESS_ATTACH [not all techniques are OK with this].
+ Updated integrated mimikatz to 2.0 alpha 20151008
+ Added dcsync command to Beacon. Uses mimikatz to pull a hash from a DC. CS
parses its output and adds the credential to the creds model too.
+ Fixed null pointer exception when trying to save an edited listener.
+ mimikatz @module::command will force mimikatz to use beacon's thread token
+ Download cancel now properly releases file handle in Beacon.
+ client now trims large data structures in the same way the team server does
+ Screenshot tool is now smarter. If user is idle, it returns one screenshot
every three minutes. If user is active, it will return one each check-in.
+ Session metadata is now in the Beacon logs on the team server.
+ CS now offers to direct user to team server documentation when they get a
Connection refused error.
+ Added headless option to run Aggressor Scripts. Use the agscript launcher
included with the Linux package.
+ Obfuscated Artifact Kit's service entry point slightly.
+ DNS Beacon export option was not showing up in the stageless payload export
dialog if windows/beacon_dns/reverse_dns_txt was set as the listener. Fixed.
+ Scan dialog now complains if a Beacon session wasn't selected.
+ Export Data and Sync Files features now mkdir folders that don't exist.
+ Added check to prevent you from using CS with Java 1.6.
+ %TOKEN% is now replaced everywhere in phishing template, not just URL.
+ Added Export button to View -> Credentials. Exports creds in PWDump format
+ Fixed stager crash on exit after failure; caused by wrong byte order exitfunk
+ Added a sanity check for phishing target files w/ reversed email/name info
+ View -> Targets now has an import button. Imports: NMap XML & flat host files
+ IoC Report now only shows each hash once.
+ Fixed several bugs that could affect report generation.
+ Spear Phishing tool no longer strips attachments with a Content-ID header.
+ Added several APIs to Aggressor Script
+ DNS Stager now exits after all attempts exhausted (better than crashing)
http://pan.baidu.com/s/1o60pRZ0#dir 【已失效】
https://eyun.baidu.com/s/3dEES1u5 【新更新,安全性问题自己把控】
【来自 Cobalt Strike 忠实粉 投递于安全脉搏】