Scripting¶
Stentor includes a full CNA/Sleep scripting engine for automating operations, extending functionality, and building custom workflows. CNA (Cobalt Strike's Aggressor Script) allows operators to extend the platform with custom beacon commands, automate post-exploitation chains, react to beacon events, customize the UI with context menus, and build scripted engagement workflows -- all through a powerful, server-side scripting engine.
Quick Start
# hello.cna -- your first Stentor script
println("Hello from Stentor CNA!");
on beacon_initial {
bsleep($1, 30, 20);
blog($1, "Auto-configured by hello.cna");
}
Load it: Script Console > load /path/to/hello.cna
In This Section¶
- Language Guide -- Sleep language syntax, data types, variables, operators, control flow, functions, closures, arrays, hashes, string operations, and script loading.
- Function Reference -- Complete reference for all ~300+ CNA functions organized by category: beacon commands (167
b*functions), data model queries, dialog/UI helpers, output formatting, payload generation, PE manipulation, and more. - Hooks & Events -- 24+ hooks for overriding default behavior (injection techniques, payload generation, artifact output) and 57+ events for reactive automation (beacon lifecycle, operator activity, heartbeat timers).
- Headless Mode -- Run Stentor's CNA engine without the GUI for automated engagements, CI/CD pipelines, scheduled operations, and scripted workflows.
Capabilities Overview¶
| Capability | Description | Example |
|---|---|---|
| Custom commands | Add beacon console commands with alias | alias getsecrets { bhashdump($1); } |
| Event automation | React to beacon check-ins and lifecycle events | on beacon_initial { bsleep($1, 30, 20); } |
| UI customization | Add context menus, submenus, and separators | popup beacon_top { item "Quick Scan" { ... } } |
| Payload hooks | Customize payload generation and artifact output | set EXECUTABLE_ARTIFACT_GENERATOR { ... } |
| Injection control | Override process injection behavior | set PROCESS_INJECT_SPAWN { ... } |
| Console commands | Register interactive Script Console commands | command report { println(beacons()); } |
| Keyboard shortcuts | Bind hotkeys to script actions | bind Ctrl+H { println("help"); } |
| Headless ops | Automated engagement scripts without UI | agscript CLI mode |
How It Works¶
Stentor's CNA engine implements a complete Sleep interpreter server-side, written in Go:
- Lexer -- Tokenizes CNA source code
- Parser -- Builds an Abstract Syntax Tree (AST)
- Semantic Validator -- Checks for undefined functions and variable issues before execution
- Evaluator -- Executes the AST with full Sleep language support
- Registry -- Stores all keyword registrations (aliases, events, hooks, popups, commands, binds) per script
Scripts are loaded, parsed, validated, and executed atomically. When unloaded, all registrations from that script are cleanly removed without affecting other scripts.