coldfire

package module
v0.0.0-...-07d7928 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2024 License: MIT Imports: 51 Imported by: 6

README

ColdFire II


Golang malware development framework

Table of Contents

Introduction

ColdFire II provides various methods useful for malware and security infra development in Golang.

Most functions are compatible with both Linux and Windows operating systems.

Installation

go get github.com/redcode-labs/Coldfire

Docs

Coming soon

Types of functions included (for maldev)

  • Logging
  • Auxiliary
  • Reconnaissance
  • Evasion
  • Administration
  • Sandbox detection
  • Disruptive
  • Low-level

Types of functions included (for infra)

  • Network manipulations
  • Cryptography
  • IO with specialized readers
  • Tunneling
  • Target processing

Requirements

"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/robfig/cron"
"github.com/anvie/port-scanner"
"github.com/matishsiao/goInfo"
"github.com/fatih/color"
"github.com/minio/minio/pkg/disk"
"github.com/dustin/go-humanize"
"github.com/mitchellh/go-ps"
"github.com/GeertJohan/yubigo"
"github.com/go-sql-driver/mysql"
"github.com/ztrue/tracerr"
"github.com/yalue/elf_reader"

Disclaimer

Developers are not responsible for any misuse regarding this tool. Use it only against systems that you are permitted to attack.

License

This software is under MIT license

Documentation

Overview

Package coldfire is a framework that provides functions for malware development that are mostly compatible with Linux and Windows operating systems.

Package coldfire is a framework that provides functions for malware development that are mostly compatible with Linux and Windows operating systems.

Index

Constants

This section is empty.

Variables

View Source 
var (
	Red     = color.New(color.FgRed).SprintFunc()
	Green   = color.New(color.FgGreen).SprintFunc()
	Cyan    = color.New(color.FgBlue).SprintFunc()
	Bold    = color.New(color.Bold).SprintFunc()
	Yellow  = color.New(color.FgYellow).SprintFunc()
	Magenta = color.New(color.FgMagenta).SprintFunc()
)

Functions

func AddPersistentCommand 

func AddPersistentCommand(cmd string) error

AddPersistentCommand creates a task that runs a given command on startup.

func Alloc 

func Alloc(size string)

Allocates anonymous memory without using it.

func AutoDoc 

func AutoDoc(port ...int)

Launches live documentation of the library on port 8080 or arbitrary

func B64D 

func B64D(str string) string

B64D decodes a given string encoded in Base64.

func B64E 

func B64E(str string) string

B64E encodes a string in Base64.

func BannerGrab 

func BannerGrab(target string, port int) (string, error)

BannerGrab returns a service banner string from a given port.

func Bind 

func Bind(port int)

Bind tells the process to listen to a local port for commands.

func BoolCheck 

func BoolCheck(boolean interface{}) bool

Generic boolean truth checker

func Caves 

func Caves(file string, min_size int) map[string]map[string]int

func Check 

func Check(e error)

Basic error handilng and reporting Similar to exitOnError() but more verbose and does not exit

func CheckRootSSH 

func CheckRootSSH(client ssh.Client) bool

Checks if an SSH client connection has a root context

func ClearLogs 

func ClearLogs() error

Removes logfiles within the machine.

func CloseListener 

func CloseListener(lst net.Listener)

Gracefully closes an instance of net.Listener

func CmdBlind 

func CmdBlind(command string)

CmdBlind runs a command without any side effects.

func CmdDir 

func CmdDir(dirs_cmd map[string]string) ([]string, error)

CmdDir executes commands which are mapped to a string indicating the directory where the command is executed.

func CmdOut 

func CmdOut(command string) (string, error)

CmdOut executes a given command and returns its output.

func CmdOutPlatform 

func CmdOutPlatform(commands map[string]string) (string, error)

CmdOutPlatform executes a given set of commands based on the OS of the machine.

func CmdRun 

func CmdRun(command string)

CmdRun executes a command and writes output as well as error to STDOUT.

func Contains 

func Contains(s interface{}, elem interface{}) bool

Contains is used to check if an element exists in an array type agnostically.

func ContainsAny 

func ContainsAny(str string, elements []string) bool

Checks if a string exists within a list of strings.

func CopyFile 

func CopyFile(src, dst string) error

CopyFile copies a file from one directory to another.

func CreateWordlist 

func CreateWordlist(words []string) []string

CreateWordList generates possible variations of each word in the wordlist.

func DecryptBytes 

func DecryptBytes(encrypted_message []byte, key []byte) []byte

func DecryptString 

func DecryptString(encrypted_message []byte, key []byte) string

func Disks 

func Disks() ([]string, error)

Disks returns a list of storage drives within the machine.

func DnsLookup 

func DnsLookup(hostname string) ([]string, error)

DnsLookup returns the list of Ip adddress associated with the given hostname.

func Download 

func Download(url string) error

Download downloads a file from a url.

func EncryptBytes 

func EncryptBytes(secret_message []byte, key []byte) []byte

func EncryptString 

func EncryptString(message string, key []byte) []byte

func EqualBytes 

func EqualBytes(b1, b2 byte) bool

func EraseMbr 

func EraseMbr(device string, partition_table bool) error

EraseMbr zeroes out the Master Boot Record. This is linux only, so should live in `coldfier_linux.go`

func Exists 

func Exists(file string) bool

Exists checks if a given file is in the system.

func ExitOnError 

func ExitOnError(e error)

ExitOnError prints a given error and then stops execution of the process.

func ExpandCidr 

func ExpandCidr(cidr string) ([]string, error)

ExpandCidr returns a list of Ip addresses within a given CIDR.

func ExtractIntFromString 

func ExtractIntFromString(s string) []int

ExtractIntFromString extracts a list of possible integers from a given string.

func F 

func F(str string, arg ...interface{}) string

F is a wrapper for the Sprintf function.

func File2Slice 

func File2Slice(file string) []string

File2Slice reads a textfile and returns all lines as an array.

func FilePermissions 

func FilePermissions(filename string) (bool, bool)

FilePermissions checks if a given file has read and write permissions.

func FilesPattern 

func FilesPattern(directory, pattern string) (map[string]string, error)

FilesPattern is used to return data mapped to files where their filenames match a given pattern.

func Forkbomb 

func Forkbomb()

Forkbomb spawns goroutines in order to crash the machine.

func FullRemove 

func FullRemove(str string, to_remove string) string

FullRemove removes all instances of a string from another string.

func GenCpuLoad 

func GenCpuLoad(cores int, interval string, percentage int)

GenCpuLoad gives the Cpu work to do by spawning goroutines.

func GenerateIV 

func GenerateIV() []byte

func GenerateKey 

func GenerateKey() []byte

func GetGatewayIP 

func GetGatewayIP() string

GetGatewayIP returns the Ip address of the gateway in the network where the machine resides.

func GetGlobalIP 

func GetGlobalIP() string

GetGlobalIp is used to return the global Ip address of the machine.

func GetLocalIP 

func GetLocalIP() string

GetLocalIp is used to get the local Ip address of the machine.

func GetNgrokURL 

func GetNgrokURL() (string, error)

GetNgrokURL returns the URL of the Ngrok tunnel exposing the machine.

func GetUser 

func GetUser() (string, error)

func HarvestDB 

func HarvestDB(ip, username, password string, port int)

Exfiltrates data slowly from either MySQL or Postgres

func IOReader 

func IOReader(file string) io.ReaderAt

func IP2Hex 

func IP2Hex(ip string) string

Converts an IPv4 address to hex

func Iface 

func Iface() (string, string)

Iface returns the currently used wireless interface and its MAC address.

func IfaceIP 

func IfaceIP(ifname string) string

Returns an IP address of a given interface

func Ifaces 

func Ifaces() []string

Ifaces returns the names of all local interfaces.

func Info 

func Info() map[string]string

Info is used to return basic system information. Note that if information can not be resolved in a specific field it returns "N/A"

func Int2Str 

func Int2Str(i int) string

IntToStr converts an integer into a string.

func Interval2Seconds 

func Interval2Seconds(interval string) int

Interval2Seconds converts a human friendly string indicating time into a proper integer.

func Introspect 

func Introspect(strct interface{}) (map[string]interface{}, []string)

Returns names of fields and their values in struct + names of fields with unitialized/empty values -1 value is treated as unitialized int field - you can change "val == -1" according to your needs

func IpIncrement 

func IpIncrement(ip net.IP)

IpIncrement increments an IP address by 1.

func Is64Bit 

func Is64Bit(fname string) bool

Checks if an ELF file is designed for AMD x86_64

func IsELF 

func IsELF(fname string) bool

func IsEXE 

func IsEXE(fname string) bool

func IsFileExec 

func IsFileExec(file string) bool

Returns true if a file is executable

func IsIterable 

func IsIterable(v interface{}) bool

Checks if a generic is iterable and non-emptty

func IsRoot 

func IsRoot() bool

IsRoot checks if the current user is the administrator of the machine.

func KillProcByPID 

func KillProcByPID(pid int) error

KillProcByPID kills a process given its PID.

func ListDB 

func ListDB(db *sql.DB, tables bool) []string

Lists remote SQL databases

func MakeZip 

func MakeZip(zip_file string, files []string) error

MakeZip packs a list of given files within a zip archive.

func Md5Hash 

func Md5Hash(str string) string

MD5Hash hashes a given string using the MD5.

func Networks 

func Networks() ([]string, error)

Networks returns a list of nearby wireless networks.

func P 

func P()

F is a wrapper for the Println function.

func Ping 

func Ping(target string) bool

Returns true if host is alive

func PkillAv 

func PkillAv() error

PkillAv kills Anti-Virus processes that may run within the machine.

func PkillName 

func PkillName(name string) error

PkillName kills a process by its name.

func PkillPid 

func PkillPid(pid int) error

PkillPid kills a process by its PID.

func Port2Hex 

func Port2Hex(port int) string

Converts a port to hex

func PortFree 

func PortFree(port int) int

Returns a random free port

func PortReuse 

func PortReuse(network string, address string, conn syscall.RawConn) error

func Portscan 

func Portscan(target string, timeout, threads int) (pr []int)

Portscan checks for open ports in a given target.

func PortscanSingle 

func PortscanSingle(target string, port int) bool

PortscanSingle checks if a specific port is open in a given target.

func PortscanSingleTimeout 

func PortscanSingleTimeout(target string, port, timeout, threads int) bool

PortscanSingleTimeout checks if a specific port is open in a given target. Connection timeout as well as no. of threads can be adjusted

func PrintError 

func PrintError(msg string)

PrintError is used to print output indicating failure.

func PrintGood 

func PrintGood(msg string)

PrintGood is used to print output indicating success.

func PrintInfo 

func PrintInfo(msg string)

PrintInfo is used to print output containing information.

func PrintWarning 

func PrintWarning(msg string)

PrintWarning is used to print output indicating potential failure.

func Processes 

func Processes() (map[int]string, error)

Processes returns a map of a PID to its respective process name.

func RandomBool 

func RandomBool() bool

Returns a random true/false

func RandomFloatSlice 

func RandomFloatSlice(min, max float64, n int) []float64

func RandomInt 

func RandomInt(min int, max int) int

RandomInt returns an integer within a given range.

func RandomIntSlice 

func RandomIntSlice(length int) []int

Creates and populates a slice with random numeric values up to 1000

func RandomSelectInt 

func RandomSelectInt(list []int) int

RandomSelectInt returns an integer that was randomly selected from a list of integers.

func RandomSelectStr 

func RandomSelectStr(list []string) string

RandomSelectStr returns a string that was randomly selected from a list of strings.

func RandomSelectStrNested 

func RandomSelectStrNested(list [][]string) []string

RandomSelectStrNested returns a string array that was randomly selected from a nested list of strings

func RandomString 

func RandomString(n int) string

RandomString randomly generates an alphabetic string of a given length.

func RandomStringCharset 

func RandomStringCharset(strlen int, chars string) string

RandomStringCharset returns a string of a given length from provided charset

func RdnsLookup 

func RdnsLookup(ip string) ([]string, error)

RdnsLookup returns the list of hostnames associated with the given Ip address.

func ReadFile 

func ReadFile(filename string) (string, error)

ReadFile is used to read a given file and return its data as a string.

func RegexMatch 

func RegexMatch(regex_type, str string) bool

Checks if a string contains valuable information through regex.

func Remove 

func Remove()

Remove is used to self delete.

func RemoveDuplicatesInt 

func RemoveDuplicatesInt(slice []int) []int

RemoveDuplicatesInt returns an array of integers that are unique to each other.

func RemoveDuplicatesStr 

func RemoveDuplicatesStr(slice []string) []string

RemoveDuplicatesStr returns an array of strings that are unique to each other.

func RemoveFromSlice 

func RemoveFromSlice(slice []string, element string) []string

RemoveFromSlice removes a string from a list of strings if it exists.

func RemoveInactive 

func RemoveInactive(targets []string)

Removes hosts from slice that did not respond to a ping request

func RemoveInt 

func RemoveInt(slice []int, s int) []int

RemoveInt removes a given integer from a list of integers.

func RemoveNewlines 

func RemoveNewlines(s string) string

RemoveNewLines removes possible newlines from a string.

func RemoveNth 

func RemoveNth(slic interface{}, idx int) interface{}

Removes Nth index from generic slice if idx != 0; removes last element otherwise

func RemoveStr 

func RemoveStr(slice []string, s string) []string

RemoveStr removes a given string from a list of strings.

func Reverse 

func Reverse(host string, port int)

Reverse initiates a reverse shell to a given host:port.

func Revert 

func Revert(s string) string

Revert returns a reversed string.

func RevertSlice 

func RevertSlice(s interface{})

RevertSlice reverses a slice type agnostically.

func Rot13 

func Rot13(str string) string

func RunShellcode 

func RunShellcode(sc []byte, bg bool)

Injects a bytearray into current process and executes it

func SandboxAll 

func SandboxAll() bool

SandboxAll is used to check if an environment is virtualized by testing all sandbox checks.

func SandboxAlln 

func SandboxAlln(num int) bool

SandboxAlln checks if an environment is virtualized by testing all sandbox checks and checking if the number of successful checks is equal or greater to a given integer.

func SandboxCpu 

func SandboxCpu(cores int) bool

SandboxCpu is used to check if the environment's cores are less than a given integer.

func SandboxFilepath 

func SandboxFilepath() bool

SandboxFilePath checks if the process is being run inside a virtualized environment.

func SandboxMac 

func SandboxMac() bool

SandboxMac is used to check if the environment's MAC address matches standard MAC adddresses of virtualized environments.

func SandboxProc 

func SandboxProc() bool

SandboxProc checks if there are processes that indicate a virtualized environment.

func SandboxProcnum 

func SandboxProcnum(proc_num int) bool

SandboxProcnum is used to check if the environment has processes less than a given integer.

func SandboxRam 

func SandboxRam(ram_mb int) bool

SandboxRam is used to check if the environment's RAM is less than a given size.

func SandboxSleep 

func SandboxSleep() bool

SandboxSleep is used to check if the virtualized environment is speeding up the sleeping process.

func SandboxTmp 

func SandboxTmp(entries int) bool

SandboxTmp is used to check if the environment's temporary directory has less files than a given integer.

func SandboxUtc 

func SandboxUtc() bool

SandboxUtc is used to check if the environment is in a properly set Utc timezone.

func SendDataTCP 

func SendDataTCP(host string, port int, data string) error

SendDataTCP sends data to a given host:port using the TCP protocol.

func SendDataUDP 

func SendDataUDP(host string, port int, data string) error

SendDataUDP sends data to a given host:port using the UDP protocol.

func Serializer 

func Serializer(gobpath string, obj interface{})

Unified serializer/deserializer for structs - logic is based on whether a .gob file already exists

func Sha1Hash 

func Sha1Hash(str string) string

SHA1Hash hashes a given string using the SHA1.

func Sha256Hash 

func Sha256Hash(str string) string

func ShuffleSlice 

func ShuffleSlice(s []string) []string

ShuffleSlice randomly shuffles a list of strings.

func ShuffleSliceInt 

func ShuffleSliceInt(s []int) []int

ShuffleSliceInt randomly shuffles a list of integers.

func Shutdown 

func Shutdown() error

Shutdown forces the machine to shutdown.

func Size2Bytes 

func Size2Bytes(size string) int

Size2Bytes converts a human friendly string indicating size into a proper integer.

func SliceTransform 

func SliceTransform(s []interface{}, f func(interface{}) interface{})

Applies a function to each element of a generic slice.

func SplitChunks 

func SplitChunks(s string, chunk int) []string

Split string to a slice with chunks of desired length

func SplitJoin 

func SplitJoin(s, splittBy, joinBy string) string

SplitJoin splits a string then joins them using given delimiters.

func SplitMultiSep 

func SplitMultiSep(s string, seps []string) []string

Split a string by multiple sepaators to a single slice

func StartNgrokHTTP 

func StartNgrokHTTP(port int) error

StartNgrokHTTP exposes a web server on a given port.

func StartNgrokTCP 

func StartNgrokTCP(port int) error

StartNgrokTCP exposes a TCP server on a given port.

func Str2Int 

func Str2Int(string_integer string) int

Str2Int converts a string into an integer.

func Str2Words 

func Str2Words(s string) []string

Str2Words returns a list of strings which was split by spaces.

func TimeNTP 

func TimeNTP() time.Time

Obtains current time from NTP server

func TraverseCurrentDir 

func TraverseCurrentDir() ([]string, error)

TraverseCurrentDir lists all files that exist within the current directory.

func TraverseDir 

func TraverseDir(dir string) ([]string, error)

TraverseDir lists all files that exist within a given directory.

func UnixToTime 

func UnixToTime(time_num int64) string

func Url2Lines 

func Url2Lines(url string) []string

Returns a slice with lines of file from URL

func Users 

func Users() ([]string, error)

Users returns a list of known users within the machine.

func VerifyELFMagic 

func VerifyELFMagic(fname string) bool

func Wait 

func Wait(interval string)

Wait uses a human friendly string that indicates how long a system should wait.

func WifiDisconnect 

func WifiDisconnect() error

WifiDisconnect is used to disconnect the machine from a wireless network.

func Wipe 

func Wipe() error

Deletes all data in the machine.

func WriteFile 

func WriteFile(filename, data string) error

WriteFile is used to write data into a given file.

func Yubi 

func Yubi(id, token, otp string) bool

Verifies Yubico OTP

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.