maldev

module

v0.1.4 Latest Latest Go to latest Published: Aug 29, 2023 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/D3Ext/maldev

Links

Open Source Insights

README ¶

Gopher

Maldev

Golang library for malware development

Coded with 💙 by D3Ext

Features • Installation • Examples • Third-party • Contributing • Disclaimer

Introduction

maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet but the official API is stable, anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.

Features

This are the different categories:

Cryptography
- AES
- RC4
- Xor
- Base32
- Base64
- Md5
- Sha1
- Sha256
- Sha512
- Rot13
- Rot47
- Bcrypt
- Elliptic Curve
- ChaCha20
- Compare hashes
Network
- List all interfaces
- Get info about an interface
- List active ports wih its info
- Check internet connection
- Get public ip
- Download a file from URL
- Get status code from URL
- Send http POST request with custom data
Misc
- Generate random strings
- Generate random integers
- Convert dates to epoch format
- Convert epoch to dates
- Convert text to leet
Shellcode
- Tons of shellcode injection techniques
- Retrieve shellcode from file
- Retrieve shellcode from url
- Write shellcode to file
- Convert DLL to shellcode (sRDI)
Red Team
- 3 different ways to dump system hashes
- Steal token from PID (Impersonation)
- Enable/disable Sticky Keys backdoor
- Create malicious SCF on given path
Antiforensics
- Wiping
- Timestomping
Processes
- List all process
- Get process name by PID
- Get list of processes by name (i.e. firefox.exe)
Exec
- Execute bash commands
- Execute powershell commands
- Execute cmd commands
- Execute command with Token
System
- Whoami
- Get current dir
- Get home dir
- Get current user groups
- Find installed useful software
- List files and folders
- Get environment variables
- Get generic system information
- Get SID and RID from windows system
- Find installed AVs/EDRs
Scanning
- Ping an ip
- Hostscan
- Portscan
- Enumerate all subdomains of a domain
- Check if a domain uses http or https
- Whois
- Wappalyzer (identify technologies)
Logging
- Status functions
- ASCII banners
- Progress bars
- Colors
- "log" and "fmt" wrappers
Working with slices
- Check if contains a string
- Check if contains a string (insensitive)
- Remove duplicates from []string
- Remove duplicates from []int
- Lowercase all characters from []string entries
Working with files
- Check if file exists
- Check if path is file
- Check if path is dir
- Copy a file or dir (recursive)
- Get content of a file
- Directly create a file with content

Installation

Just execute this and it should be installed without problems:

go get -u https://github.com/D3Ext/maldev

Usage

To import all the functions at the same time do it like this:

import (
    maldev "github.com/D3Ext/maldev/all"
)

Anyway if you want to use functions from an especific topic, you can do it like this:

Example with cryptography

import "github.com/D3Ext/maldev/crypto"

Examples

In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more

TODO

🔲 Kerberos protocol implementation

🔲 Publish official package documentation (pkg.go.dev)

🔲 Stable progress bars

Third party

As said above I have tried to implement all functions from scratch but I have also used some external packages:

https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure

Contributing

See CONTRIBUTING.md

Disclaimer

Creator has no responsibility for any kind of:

Illegal use of the project.
Law infringement by third parties and users.
Malicious act, capable of causing damage to third parties, promoted by the user through this software.

License

This project is under MIT license

Directories ¶

Path	Synopsis
all
antiforensics
crypto
examples
exec
files
logging
misc
network
process
redteam
regex
revshell
scanning
shellcode
slices
system

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL