teams.cna

# author: derekt2 based on work by bluescreenofjeff

#Script to send event log events to teams

#%teams_options["webhookURL"] = 'https://hooks.teams.com/services/AAAAAAAAA/BBBBBBBBB/CCCCCCCCCCCCCCCCCCCCCCCC';
%teams_options["teamserver"] = localip();

%teams_options["path_to_send_teams.py"] = './';

#set this value to 'true' (MUST BE LOWERCASE) if you are going to use agscript to leave this running even when all users disconnect
%teams_options["enabled"] = 'false';



#settings dialog

sub settings {

	$dialog = dialog("Event Log to teams Settings", %(webhookURL => %teams_options["webhookURL"], path_to_send_teams => %teams_options["path_to_send_teams.py"], teamserver => %teams_options["teamserver"], enabled => %teams_options["enabled"]), lambda({
		%teams_options["webhookURL"] = $3['webhookURL'];
		%teams_options["enabled"] = $3['enabled'];
		%teams_options["path_to_send_teams.py"] = $3['path_to_send_teams']
		%teams_options["teamserver"] = $3['teamserver'];
		if (%teams_options["enabled"] eq 'true') {
			#initialize script with message to event log
			elog("Event Log to teams enabled on teamserver.");
		}		
	}));

	dialog_description($dialog, "Set up Cobalt Strike to send all messages in the Event Log to teams via an incoming webhook.");
	
	drow_text($dialog, "webhookURL",  "teams Webhook URL:");
	drow_text($dialog, "path_to_send_teams",  "send_teams python location:");
	drow_text($dialog, "teamserver", "Teamserver Identifier:");
	drow_checkbox($dialog, "enabled", "Enabled:");
	
	dbutton_action($dialog, "Save");
	
	dialog_show($dialog);

}

#send the message to teams
sub sendMessage {
	$cmd = 'python3 ' . %teams_options["path_to_send_teams.py"] . "send_teams.py --teamserver " . %teams_options["teamserver"] . " --webhook_url " . %teams_options["webhookURL"] . " --text " . $2;
	println("Sending Teams Notification: " . $cmd);
	exec($cmd);
}

#event triggers
on event_action {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($3,"$1 - $2");
	}
}

on event_beacon_initial {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($2,"initial Beacon from $1");
	}
}

on event_join {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($2,"$1 joined the server");
	}
}

on event_newsite {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($3,"$1 $2");
	}
}

on event_notify {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($2,$1);
	}
}

on event_nouser {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($2,"$1 timed out");
	}
}

on event_public {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($3,"$1 - $2");
	}
}

on event_quit {
	if (%teams_options["enabled"] eq 'true') {
		sendMessage($2,"$1 logged out of the server");
	}
}

if (%teams_options["enabled"] eq 'true') {
	#initialize script with message to event log
	elog("Event Log to teams enabled on teamserver.");
}

#menubar options
menubar("Event Log to teams", "eventlog-to-teams", 2);

# modify the main "Attacks" menu
popup eventlog-to-teams {
    item "Settings" {
        settings();
    }
}