support

Reporting

Cobalt Strike has several report options to help make sense of your data and convey a story to your clients. You may configure the title, description, and hosts displayed in most reports.

Go to View -> Reporting and choose one of the reports to generate. Cobalt Strike will export your report as an MS Word or PDF document.

Report Types

  • Activity Report (.pdf)
    The activity report provides a timeline of red team activities. Each exploit, session, and many post-exploitation activities are documented here.
  • Client Vulnerability Report (.pdf)
    The client vulnerability report summarizes the vulnerabilities found by the system profiler tool. It is not necessary to exploit these vulnerabilities for them to show in this report.
  • Hosts Report (.pdf)
    The hosts report documents each host encountered during the engagement. Vulnerabilities, services, and credentials are documented on a host-by-host basis.
  • Social Engineering Report (.docx)
    The social engineering report documents each round of spear phishing emails, who clicked, and what was collected from each user that clicked. This report also shows applications discovered by the system profiler and keystrokes logged from cloned sites.
  • Vulnerability Report (.pdf)
    This report documents remote vulnerabilities discovered during the engagement.

Report Customization

Cobalt Strike reports display a Cobalt Strike logo at the top of the first page. You may replace this with an image of your choosing. Go to Cobalt Strike -> Preferences and set the reporting.header_image.file option to your preferred image.

Your custom image should be 1192x257px set to 300dpi. The 300dpi setting is necessary for the reporting engine to render your image at the right size.

You may also set reporting.accent.color to a color of your choosing. This accent color is the color of the thick line below your image on the first page of the report. Links inside reports use the accent color too.