maldev icon indicating copy to clipboard operation
maldev copied to clipboard

Published 20 hours ago verified publisher icon D3Ext

Metadata

Golang library for malware development

Gopher

Maldev

Golang library for malware development

Coded with 💙 by D3Ext

go report card

FeaturesInstallationExamplesThird-partyContributingDisclaimer

Introduction

maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet but the official API is stable, anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.

Features

This are the different categories:

  • Cryptography
    • AES
    • RC4
    • Xor
    • Base32
    • Base64
    • Md5
    • Sha1
    • Sha256
    • Sha512
    • Rot13
    • Rot47
    • Bcrypt
    • Elliptic Curve
    • ChaCha20
    • Triple DES
    • Compare hashes
  • Network
    • List all interfaces
    • Get info about an interface
    • List active ports wih its info
    • Check internet connection
    • Get public ip
    • Download a file from URL
    • Get status code from URL
    • Send http POST request with custom data
  • Misc
    • Generate random strings
    • Generate random integers
    • Convert dates to epoch format
    • Convert epoch to dates
    • Convert text to leet
  • Shellcode
    • Tons of shellcode injection techniques
    • Retrieve shellcode from file
    • Retrieve shellcode from url
    • Write shellcode to file
    • Convert DLL to shellcode (sRDI)
  • Red Team
    • 3 different ways to dump system hashes
    • Steal token from PID (Impersonation)
    • Enable/disable Sticky Keys backdoor
    • Create malicious SCF on given path
  • Antiforensics
    • Wiping
    • Timestomping
  • Processes
    • List all process
    • Get process name by PID
    • Get list of processes by name (i.e. firefox.exe)
  • Exec
    • Execute bash commands
    • Execute powershell commands
    • Execute cmd commands
    • Execute command with Token
  • System
    • Whoami
    • Get current dir
    • Get home dir
    • Get current user groups
    • Find installed useful software
    • List files and folders
    • Get environment variables
    • Get generic system information
    • Get SID and RID from windows system
    • Find installed AVs/EDRs
  • Scanning
    • Ping an ip
    • Hostscan
    • Portscan
    • Enumerate all subdomains of a domain
    • Check if a domain uses http or https
    • Whois
    • Wappalyzer (identify technologies)
  • Logging
    • Status functions
    • ASCII banners
    • Progress bars
    • Colors
    • "log" and "fmt" wrappers
  • Working with slices
    • Check if contains a string
    • Check if contains a string (insensitive)
    • Remove duplicates from []string
    • Remove duplicates from []int
    • Lowercase all characters from []string entries
  • Working with files
    • Check if file exists
    • Check if path is file
    • Check if path is dir
    • Copy a file or dir (recursive)
    • Get content of a file
    • Directly create a file with content

Installation

Just execute this and it should be installed without problems:

go get -u https://github.com/D3Ext/maldev

Usage

To import all the functions at the same time do it like this:

import (
    maldev "github.com/D3Ext/maldev/all"
)

Anyway if you want to use functions from an especific topic, you can do it like this:

Example with cryptography

import "github.com/D3Ext/maldev/crypto"

Examples

In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more

TODO

:black_square_button: Kerberos protocol implementation

:black_square_button: Publish official package documentation (pkg.go.dev)

:black_square_button: Stable progress bars

Third party

As said above I have tried to implement all functions from scratch but I have also used some external packages:

https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure

Contributing

See CONTRIBUTING.md

Disclaimer

Creator has no responsibility for any kind of:

  • Illegal use of the project.
  • Law infringement by third parties and users.
  • Malicious act, capable of causing damage to third parties, promoted by the user through this software.

License

This project is under MIT license

Copyright © 2023, D3Ext

Metadata

306
Stars
29
Forks
Watchers

Owner

verified publisher icon D3Ext

Metadata

Golang library for malware development

Back