/maldev

Golang library for malware development and red teamers

Primary LanguageGoMIT LicenseMIT

Gopher

Maldev

FeaturesInstallationExamplesThird-partyContributingDisclaimer

Introduction

maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet and the API may be unstable so your code may break in a future, sorry about this. Anyway if you find a bug feel free to open an issue or create a pull-request which fixes it

Features

This are the different categories:

  • Cryptography
    • AES
    • RC4
    • Xor
    • Base32
    • Base64
    • Md5
    • Sha1
    • Sha256
    • Sha512
    • Rot13
    • Rot47
    • Bcrypt
    • Elliptic Curve
    • Compare hashes
  • Network
    • List all interfaces
    • Get info about an interface
    • List active ports wih its info
    • Check internet connection
    • Get public ip
    • Download a file from URL
    • Get status code from URL
    • Send http POST request with custom data
  • Misc
    • Generate random strings
    • Generate random integers
    • Convert dates to epoch format
    • Convert epoch to dates
    • Convert text to leet
  • Shellcode
    • Tons of shellcode injection techniques
    • Retrieve shellcode from file
    • Retrieve shellcode from url
    • Write shellcode to file
    • Convert DLL to shellcode (sRDI)
  • Red Team
    • 3 different ways to dump system hashes
    • Steal token from PID (Impersonation)
    • Enable/disable Sticky Keys backdoor
    • Create malicious SCF on given path
  • Antiforensics
    • Wiping
    • Timestomping
  • Processes
    • List all process
    • Get process name by PID
    • Get list of processes by name (i.e. firefox.exe)
  • Exec
    • Execute bash commands
    • Execute powershell commands
    • Execute cmd commands
    • Execute command with Token
  • System
    • Whoami
    • Get current dir
    • Get home dir
    • Get current user groups
    • Find installed useful software
    • List files and folders
    • Get environment variables
    • Get generic system information
    • Get SID and RID from windows system
    • Find installed AVs/EDRs
  • Scanning
    • Ping an ip
    • Hostscan
    • Portscan
    • Enumerate all subdomains of a domain
    • Check if a domain uses http or https
    • Whois
    • Wappalyzer (identify technologies)
  • Logging
    • Status functions
    • ASCII banners
    • Progress bars
    • Colors
    • "log" and "fmt" wrappers
  • Working with slices
    • Check if contains a string
    • Check if contains a string (insensitive)
    • Remove duplicates from []string
    • Remove duplicates from []int
    • Lowercase all characters from []string entries
  • Working with files
    • Check if file exists
    • Check if path is file
    • Check if path is dir
    • Copy a file or dir (recursive)
    • Get content of a file
    • Directly create a file with content

Installation

Just execute this and it should be installed without problems:

go get -u https://github.com/D3Ext/maldev

Usage

To import all the functions at the same time do it like this:

import (
    maldev "github.com/D3Ext/maldev/all"
)

Anyway if you want to use functions from an especific topic, you can do it like this:

Example with cryptography

import "github.com/D3Ext/maldev/crypto"

Examples

In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more

TODO

🔲 Kerberos protocol implementation

🔲 Publish official package documentation (pkg.go.dev)

🔲 Stable progress bars

🔲 Shikata Ga Nai polymorphic encoder

Third party

As said above I have tried to implement all functions from scratch but I have also used some external packages:

columnize to create tables and columns easily

go-netstat to retrieve info about local ports

gosecretsdump used to dump hashes from SAM, NTDS and SYSTEM

BananaPhone to perform CreateRemoteThread shellcode injection technique

go-ps used to work with linux processes

go-sysinfo useful to get system information mainly for Windows

wintoken used to interact with Windows API and getting privileges info

EDRHunt used in system/ to look for installed AVs/EDRs

go-figure to create banners easily

Contributing

Do you want to contribute with any interesting idea? You're in te right place

1 Open an issue to discuss your idea

2 Fork the repo

3 Create a branch

4 Commit your changes

5 Push to the branch

6 Create a new pull request

New features and bugs reports are welcome

Disclaimer

Creator isn't in charge of any and has no responsibility for any kind of:

  • Unlawful or illegal use of the project.
  • Legal or Law infringement (acted in any country, state, municipality, place) by third parties and users.
  • Act against ethical and / or human moral, ethic, and peoples of the world.
  • Malicious act, capable of causing damage to third parties, promoted or distributed by third parties or the user through this software.

License

This project is licensed under MIT

Copyright © 2023, D3Ext