Features • Installation • Usage • Examples
maldev
aims to help malware developers, red teamers, cybersecurity enthusiasts or simply Golang developers. Most of the available features are not too hard to implement, but it is simply better to have multiple functions with just importing one package. This project is not finished yet but the official API is mostly stable. Anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.
This are the different categories supported by maldev
:
- System
- Whoami
- Get current dir
- Get home dir
- Get current user groups
- Find installed useful software
- List files and folders
- Get environment variables
- Get generic system information
- Get SID and RID from windows system
- Find installed AVs/EDRs
- Cryptography
- AES
- RC4
- Xor
- Base32
- Base64
- Md5
- Sha1
- Sha256
- Sha512
- Rot13
- Rot47
- Bcrypt
- Elliptic Curve
- ChaCha20
- Triple DES
- Compare hashes
- Scanning
- Ping an ip
- Hostscan
- Portscan
- Enumerate all subdomains of a domain
- Check if a domain uses http or https
- Whois
- Wappalyzer (identify technologies)
- Logging
- Status functions
- ASCII banners
- Progress bars
- Colors
- Network
- List all network interfaces (i.e. eth0)
- Get info about an interface
- List active ports with its info
- Check internet connection
- Get public ip
- Download a file from URL
- Get status code from URL
- Send http POST request with custom data
- Misc
- Generate random string
- Generate random integer
- Generate string of n length based on DeBruijn algorithm
- Convert date to epoch
- Convert epoch to date
- Convert text to l33t
- Red Team
- Multiple shellcode injection techniques
- Retrieve shellcode from file
- Retrieve shellcode from remote url
- Write shellcode to file
- Convert DLL to shellcode (sRDI)
- Multiple anti-sandboxing techniques
- 3 different ways to dump system hashes
- Steal token from PID (Impersonation)
- Processes
- List all process
- Get process name by PID
- Get PIDs of processes by name (i.e. firefox.exe)
- Exec
- Execute bash commands
- Execute powershell commands
- Execute cmd commands
- Execute command with Token
- Working with slices
- Check if a slice contains a string
- Check if a slice contains a string (insensitive)
- Remove duplicates from []string
- Remove duplicates from []int
- Lowercase all characters from []string entries
- Uppercase all characters from []string entries
- Working with files
- Check if file exists
- Check if path is file
- Check if path is dir
- Copy a file or dir (recursive)
- Get content of a file
- Create a file with content
- Wipe a file
- Timestomping (change file timestamps)
Just execute this and it should be installed without problems:
go get -u https://github.com/D3Ext/maldev
To import all the functions at the same time do it like this:
import (
maldev "github.com/D3Ext/maldev/all"
)
Anyway if you want to use functions from an especific topic, you can do so like this:
Example with cryptography
import (
"github.com/D3Ext/maldev/src/crypto"
)
In every directory there is a README.md which contains at least one example of every defined function. You may also want to take a look at the examples/ directory where you can find simple tools that use maldev.
These are all the 3rd-party used packages:
https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure
new featuresredesigned project structuresome categories has been merged into the other onesgeneral improvement
Creator has no responsibility for any kind of illegal use of the project
This project is under MIT license
Copyright © 2024, D3Ext