cowbird
| Crates.io | cowbird |
| lib.rs | cowbird |
| version | 0.1.1 |
| source | src |
| created_at | 2022-02-01 07:26:20.314719 |
| updated_at | 2022-02-01 09:00:00.233525 |
| description | EDR tool |
| homepage | |
| repository | https://github.com/erikwilson/cowbird |
| max_upload_size | |
| id | 525056 |
| size | 67,723 |
Erik Wilson (erikwilson)
documentation
README
cowbird
About
cowbird is a tool for triggering endpoint detection and response (EDR)
agents, and produces structured logs for regression testing.
Installation
Select an installation method for installing cowbird:
Install from Releases
- Download the latest pre-built binary for your architecture from Releases.
- Verify shasum and decompress to your path, eg:
RELEASE=cowbird-0.1.1-macos-x86_64
sha256sum -c ${RELEASE}.shasum
tar -C /usr/local/bin ${RELEASE}.tar.gz
Install from Cargo
- Install the rust toolchain in order to have cargo installed by following this guide.
- run
cargo install cowbird
Commands
cowbird 0.1.1
EDR tool
USAGE:
cowbird [OPTIONS] <SUBCOMMAND>
OPTIONS:
-l, --log <LOG> Log file location [default: cowbird.log]
-h, --help Print help information
-V, --version Print version information
SUBCOMMANDS:
start Starts a new process
create Create a file
modify Modify a file
delete Delete a file
send Send data over network
script Run commands from YAML input
cowbird-start
Starts a new process
USAGE:
cowbird start <EXEC> [ARGS]...
ARGS:
<EXEC>
<ARGS>...
cowbird-create
Create a file
USAGE:
cowbird create <FILE>
ARGS:
<FILE> File to create
cowbird-modify
Modify a file
USAGE:
cowbird modify <FILE> <DATA> [OFFSET]
ARGS:
<FILE> File to modify
<DATA> Bytes to write, decode hex if value starts with "0x"
<OFFSET> Byte offset for writing data [default: 0]
cowbird-delete
Delete a file
USAGE:
cowbird delete <FILE>
ARGS:
<FILE> File to delete
cowbird-send
Send data over network
USAGE:
cowbird send <DEST> [ARGS]
ARGS:
<DEST> Destination address:port
<DATA> Bytes to write, decode hex if value starts with "0x" [default: ]
<PROTO> Network protocol to use [default: udp] [possible values: tcp, udp]
cowbird-script
Run commands from YAML input
USAGE:
cowbird script [FILE]
ARGS:
<FILE> File to read [default: -]
OPTIONS:
-h, --help Print help information
Scripting Example
See examples/test.yaml as an example for using YAML document separators for ingesting multiple commands, and how those command inputs are formatted.
If building from source on a unix like system the example can be run with ./examples/test.yaml,
or the script can be run with a pre-built binary using cowbird script ./examples/test.yaml.
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
See CONTRIBUTING.md.