Features • Installation • Examples • Third-party • Contributing • Disclaimer
maldev
aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet and the API may be unstable so your code may break in a future, sorry about this. Anyway if you find a bug feel free to open an issue or create a pull-request which fixes it
This are the different categories:
- Cryptography
- AES
- RC4
- Xor
- Base32
- Base64
- Md5
- Sha1
- Sha256
- Sha512
- Rot13
- Rot47
- Bcrypt
- Elliptic Curve
- Compare hashes
- Network
- List all interfaces
- Get info about an interface
- List active ports wih its info
- Check internet connection
- Get public ip
- Download a file from URL
- Get status code from URL
- Send http POST request with custom data
- Misc
- Generate random strings
- Generate random integers
- Convert dates to epoch format
- Convert epoch to dates
- Convert text to leet
- Shellcode
- Tons of shellcode injection techniques
- Retrieve shellcode from file
- Retrieve shellcode from url
- Write shellcode to file
- Convert DLL to shellcode (sRDI)
- Red Team
- 3 different ways to dump system hashes
- Steal token from PID (Impersonation)
- Enable/disable Sticky Keys backdoor
- Create malicious SCF on given path
- Antiforensics
- Wiping
- Timestomping
- Processes
- List all process
- Get process name by PID
- Get list of processes by name (i.e. firefox.exe)
- Exec
- Execute bash commands
- Execute powershell commands
- Execute cmd commands
- Execute command with Token
- System
- Whoami
- Get current dir
- Get home dir
- Get current user groups
- Find installed useful software
- List files and folders
- Get environment variables
- Get generic system information
- Get SID and RID from windows system
- Find installed AVs/EDRs
- Scanning
- Ping an ip
- Hostscan
- Portscan
- Enumerate all subdomains of a domain
- Check if a domain uses http or https
- Whois
- Wappalyzer (identify technologies)
- Logging
- Status functions
- ASCII banners
- Progress bars
- Colors
- "log" and "fmt" wrappers
- Working with slices
- Check if contains a string
- Check if contains a string (insensitive)
- Remove duplicates from []string
- Remove duplicates from []int
- Lowercase all characters from []string entries
- Working with files
- Check if file exists
- Check if path is file
- Check if path is dir
- Copy a file or dir (recursive)
- Get content of a file
- Directly create a file with content
Just execute this and it should be installed without problems:
go get -u https://github.com/D3Ext/maldev
To import all the functions at the same time do it like this:
import (
maldev "github.com/D3Ext/maldev/all"
)
Anyway if you want to use functions from an especific topic, you can do it like this:
Example with cryptography
import "github.com/D3Ext/maldev/crypto"
In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/
directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more
🔲 Kerberos protocol implementation
🔲 Publish official package documentation (pkg.go.dev)
🔲 Stable progress bars
🔲 Shikata Ga Nai polymorphic encoder
As said above I have tried to implement all functions from scratch but I have also used some external packages:
columnize to create tables and columns easily
go-netstat to retrieve info about local ports
gosecretsdump used to dump hashes from SAM, NTDS and SYSTEM
BananaPhone to perform CreateRemoteThread shellcode injection technique
go-ps used to work with linux processes
go-sysinfo useful to get system information mainly for Windows
wintoken used to interact with Windows API and getting privileges info
EDRHunt used in system/
to look for installed AVs/EDRs
go-figure to create banners easily
Do you want to contribute with any interesting idea? You're in te right place
1
Open an issue to discuss your idea
2
Fork the repo
3
Create a branch
4
Commit your changes
5
Push to the branch
6
Create a new pull request
New features and bugs reports are welcome
Creator isn't in charge of any and has no responsibility for any kind of:
- Unlawful or illegal use of the project.
- Legal or Law infringement (acted in any country, state, municipality, place) by third parties and users.
- Act against ethical and / or human moral, ethic, and peoples of the world.
- Malicious act, capable of causing damage to third parties, promoted or distributed by third parties or the user through this software.
This project is licensed under MIT
Copyright © 2023, D3Ext