beacon-artifact
The command beacon-artifact
can be used to dump payloads from executables generated by ArtifactKit.
Usually the artifact executable is a stageless beacon, but it could also contain stager shellcode.
$ beacon-artifact <artifactkit-file> | xxd
The beacon-artifact
tool only dumps the extracted payload (default to stdout).
If the extracted payload is a beacon (stageless artifact) and not a stager, you can pipe the output directly to beacon-dump -
to dump the beacon configuration.
$ beacon-artifact <artifactkit-file> | beacon-dump -
If the command is not in your path, you can also run the command using the following Python module:
$ python -m dissect.cobaltstrike.artifact --help
beacon-artifact - CLI interface
beacon-artifact [-h] [-v] [-o OUTPUT] FILE
beacon-artifact positional arguments
FILE
- FILE to decode (default:None
)