c2profile-dump
The command c2profile-dump
can be used to parse and dump Malleable C2 profiles. The command is mainly useful for debugging the parsed AST tree. Using the library directly is more useful for extracting information using Python.
$ c2profile-dump /path/to/profile.c2
To load from a beacon and dump as properties:
$ c2profile-dump -b <beacon> -t properties
If the command is not in your path, you can also use run the command using the following Python module:
$ python -m dissect.cobaltstrike.c2profile --help
c2profile-dump - CLI interface
c2profile-dump [-h] [-b] [-a] [-t {pretty,ast,c2profile,properties}] [-v] FILE
c2profile-dump positional arguments
FILE
- c2 profile or beacon to dump (default:None
)