Scripting Cobalt Strike

Cobalt Strike includes Cortana, a scripting technology developed through DARPA's Cyber Fast Track program. With Cortana, you may write red team bots and extend Cobalt Strike with new features. You may also make use of scripts written by others.

Cortana is based on Sleep, an extensible Perl-like language. Cortana scripts have a .cna suffix.

Cortana Architecture

To load a script, navigate to Cobalt Strike -> Scripts. Press Load and choose the script you would like to load.

Highlight a script and press Unload to remove it. In most cases, you can load, unload, and reload a script without restarting Cobalt Strike

Cortana has a developer console. Go to View -> Script Console to open it.

A stand-alone version of Cortana is distributed with Armitage. You may connect the stand-alone Cortana interpreter to a Cobalt Strike team server.

To learn more about how to develop Cortana scripts or run stand-alone bots, read the Cortana Tutorial.