Introduction

maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet but the official API is stable, anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.

Features

This are the different categories:

Cryptography
- AES
- RC4
- Xor
- Base32
- Base64
- Md5
- Sha1
- Sha256
- Sha512
- Rot13
- Rot47
- Bcrypt
- Elliptic Curve
- ChaCha20
- Triple DES
- Compare hashes
Network
- List all interfaces
- Get info about an interface
- List active ports wih its info
- Check internet connection
- Get public ip
- Download a file from URL
- Get status code from URL
- Send http POST request with custom data
Misc
- Generate random strings
- Generate random integers
- Convert dates to epoch format
- Convert epoch to dates
- Convert text to leet
Shellcode
- Tons of shellcode injection techniques
- Retrieve shellcode from file
- Retrieve shellcode from url
- Write shellcode to file
- Convert DLL to shellcode (sRDI)
Red Team
- 3 different ways to dump system hashes
- Steal token from PID (Impersonation)
- Enable/disable Sticky Keys backdoor
- Create malicious SCF on given path
Antiforensics
- Wiping
- Timestomping
Processes
- List all process
- Get process name by PID
- Get list of processes by name (i.e. firefox.exe)
Exec
- Execute bash commands
- Execute powershell commands
- Execute cmd commands
- Execute command with Token
System
- Whoami
- Get current dir
- Get home dir
- Get current user groups
- Find installed useful software
- List files and folders
- Get environment variables
- Get generic system information
- Get SID and RID from windows system
- Find installed AVs/EDRs
Scanning
- Ping an ip
- Hostscan
- Portscan
- Enumerate all subdomains of a domain
- Check if a domain uses http or https
- Whois
- Wappalyzer (identify technologies)
Logging
- Status functions
- ASCII banners
- Progress bars
- Colors
- "log" and "fmt" wrappers
Working with slices
- Check if contains a string
- Check if contains a string (insensitive)
- Remove duplicates from []string
- Remove duplicates from []int
- Lowercase all characters from []string entries
Working with files
- Check if file exists
- Check if path is file
- Check if path is dir
- Copy a file or dir (recursive)
- Get content of a file
- Directly create a file with content

Installation

Just execute this and it should be installed without problems:

go get -u https://github.com/D3Ext/maldev

Usage

To import all the functions at the same time do it like this:

import (
    maldev "github.com/D3Ext/maldev/all"
)

Anyway if you want to use functions from an especific topic, you can do it like this:

Example with cryptography

import "github.com/D3Ext/maldev/crypto"

Examples

In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more

TODO

🔲 Kerberos protocol implementation

🔲 Publish official package documentation (pkg.go.dev)

🔲 Stable progress bars

Third party

As said above I have tried to implement all functions from scratch but I have also used some external packages:

https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure

Contributing

See CONTRIBUTING.md

Disclaimer

Creator has no responsibility for any kind of:

Illegal use of the project.
Law infringement by third parties and users.
Malicious act, capable of causing damage to third parties, promoted by the user through this software.