If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to test the tool and get some lab time even though the lab itself is is pretty easy.
One key point about cobalt Strike’s licensing is its $,2500 per machine meaning you can penetration test as many customers as you desire using the same single system. I have found other vendors charge per IP making large scale penetration testing very expensive to deliver without passing that cost to the customer.
The biggest value of Cobalt Strike I’ve seen so far is how quickly you can accomplish an objective by having all the tools available in the same application. I can quickly launch NMAP scans on targets and have vulnerabilities mapped to possible exploits. I can click each target and narrow down possible exploits using a visually organized dashboard. The next screen shows scanned targets with possible attacks listed out.
Running a Nmap scan on a group of targets
Showing possible attacks to launch
Like Armitage, systems that are compromised show the red electric bolts around the image.
Running a exploit on a targeted system
Showing root on a compromised system
I found there is a Hail Mary feature that was pretty amusing. As you can see from the next screenshot, it launches a bunch of exploits without considering stealth. It takes a while and I didn’t have any luck using it on a windows system.
Hail Mary feature in Colbalt Strike
Cobalt Strike has a bunch of web-based attacks including methods to easily clone sites for social engineering based campaigns. You could do many of these attacks with other tools however Cobalt Strike makes launching the end-to-end campaign super easy. This includes providing reporting on how successful your attack was on the target network.
There are a handful of brute force modules for those hoping to take advantage of weak passwords. The next example is a VNC brute force example.
All in all, I found Cobalt Strike to be a pretty solid application. Check it out using the labs provided or on your own testing environment.