go get github.com/deranged0tter/hellsgopher
I recommend importing hellsgopher in the following manner:
import (
hg "github.com/deranged0tter/hellsgopher"
)
This way, you can use hg.FUNCTION()
The goal of hellsgopher is to make malware development easier to learn and get into. Since this source is public, it will most likely get burned and caught by AVs. As such it is not intended for actual use, but for learning purposes. This library is designed to only work on windows.
see contributing
CmdReturn(command string) (string, error)
will run cmd.exe and return output
CmdStdOUT(command string)
will run cmd.exe and print output to STDOUT
CmdNoOut(command string)
will run cmd.exe and provide no output
PsReturn(command string) (string, error)
will run powershell command and return output
PsStdOut(command string)
will run powershell command and print output to STDOUT
PsNoOut(command string)
will run powershell command and provide no output
PsReturnT(command string, token windows.Token) (string, error)
will run powershell command and return output (with token)
PsStdOutT(command string, token windows.Token)
will run powershell command and print output to STDOUT (with token)
PsNoOutT(command string, token windows.Token)
will run powershell command and provide no output (with token)
CopyFile(sourcePath string, destinationPath string) error
copy a file from sourcePath to destinationPath
MoveFile(sourcePath string, destinationPath string) error
move a file from sourcePath to destinationPath
DeleteFile(path string) error
delete a file
DeleteDir(dir string) error
delete a directory
Chmod(path string, perms os.FileMode) error
change permissions of a file
ZipFiles(paths []string, zipFileName string) error
take a slice of file paths and creates a zip archive
note: zipFileName should not include ".zip"
DoesFileExist(path string) bool
check if a file exists
returns true if file exists
GetPwd() (string, error)
return the present working dir
ListFiles(dir string) ([]string, error)
returns a slice of files in a given dir
ListFilesInPwd() ([]string, error)
return a slice of files in the present working dir
DownFile(source string, dest string) error
download a file from a source url to a destination path
ReadFileToSlice(path string) ([]string, error)
read a file line by line and return a slice with each line as a value
ReadFileToString(path string) (string, error)
read a file and return a string of its content
WipeFile(path string) error
wipe a file of all its contents (truncates the file)
PrependToFile(path string, s string) error
prepend text to a file
creates a new first line
AppendToFile(path string, s string) error
append text to a file
creates a new last line
NewFile(path string) error
create a new blank file
NewFileWithContent(path string, content string) error
create a new file containing content
GenerateSecureBytes(l int) ([]byte, error)
generate a secure []byte of length l
GenerateKey() ([]byte, error)
generate a 32 byte secure key
GenerateIV() ([]byte, error)
generate a 16 byte secure IV
EncryptBytes(message []byte, key []byte) ([]byte, error)
encrypt a []byte using given key
EncryptString(s string, key []byte) ([]byte, error)
return encrypted string using given key
DecryptBytes(message []byte, key []byte) ([]byte, error)
decrypt []byte with given key
DecryptString(s string, key []byte) (string, error)
return a decrypted string using given key
RandomInt(min int, max int) (int, error)
return a random int between min and max
RandomStr(l int) string
return a random string of length l
uses a-zA-Z
RandomStrI(l int) string
returns a random string combining letters and numbers of length l
uses a-zA-Z0-9
RandomStrFromCharset(l int, charset string) string
returns a random string from provided charset of length l
Base64EncodeStr(s string) string
encode a string to base64
Base64DecodeStr(s string) (string, error)
decode a string from base64
Base32EncodeStr(s string) string
encode a string to
Base32DecodeStr(s string) (string, error)
decode a string from base32
Md5String(s string) string
get the md5 hash of a string
Md5File(path string) string
get the md5 hash of a file
Sha1String(s string) string
get the sha1 hash of a string
Sha1File(path string) string
get the sha1 hash of a file
Sha256String(s string) string
get the sha256 hash of a string
Sha256File(path string) string
get the sha256 hash of a file
Sha512String(s string) string
get the sha512 hash of a string
Sha512File(path string) string
get the sha512 hash of a file
RotX(s string, shift rune) string
rot cipher
GetCurrentUser() (*user.User, error)
return a user.User for the current user
GetCurrentUsername() (string, error)
get the current username
GetCurrentUid() (string, error)
get the current uid
GetCurrentGid() (string, error)
get the main gid for the current user
GetCurrentGids() ([]string, error)
get all gids for the current user
GetUidFromName(name string) (string, error)
return a uid from a given username
GetNameFromUid(uid string) (string, error)
return a username from a given uid
GetUserFromName(name string) (*user.User, error)
return a user.User from username
GetUserFromUid(uid string) (*user.User, error)
return a user.User from uid
GetAllUsers() ([]*user.User, error)
return a slice of all users on the machine
GetAllUsernames() ([]string, error)
return a slice of all usernames on the machine
GetHostname() (string, error)
return the machine's hostname
GetDomainName() (string, error)
return the domain name of the machine
GetOS() string
return the machine's OS
GetOSBuild() string
return the machine's OS Build Number
GetOSVersion() string
return the machine's OS Version
Uptime() int
return the machine's uptime in seconds
GetPipes() ([]string, error)
return a slice of all pipes on the machine
GetEnvironmentVariables() []string
return a slice of environment variables on system
GetPidFromName(name string) ([]int, error)
return the pid(s) from the process name
GetNameFromPid(pid int) (string, error)
get the name from the pid
ListAllProcesses() ([]WinProcess, error)
list all running processes
GetCurrentPid() int
get the pid of current process
GetCurrentPpid() int
get ppid of current process
GetCurrentProcPath() (string, error)
get the path of the current process
GetCurrentProcName() (string, error)
get the name of the current process
GetCurrentProcArch() string
get the arch of the current process
IsHostUp(host string) (bool, error)
ping a given ip
returns true if host is up
IsUrlUp(url string) bool
check if a given url is up
returns true if url is up
ScanPortsCommon(host string) []int
scan the top 500 most common ports on a host
ScanPortsAll(host string) []int
scan all ports on a host
CheckHooks(path string) ([]string, error)
detect whether any functions in a dll are hooked by AV/EDR
defaults to NTDLL, provide blank string for default
otherwise provide a full path to dll
If you only want the Anti-Sandboxing functions, I have a library for you!
VmCheckFiles() (bool, error)
check if known VM files exist on system
VmCheckProcesses() (bool, error)
check if known VM related processes are running
VmCheckCores(count int) (bool, error)
check whether the machine has less than or equal to x number of cores (default is 2, leave as 0 for default)
VmCheckRam(mb uint64) (bool, error)
check whether the machine has less than or equal to x mb of ram (default is 4196, leave as 0 for default)
VmCheckOnline() bool
check if machine can access 8.8.8.8
GetCurrentToken() (windows.Token, error)
get the token from the current process
GetTokenFromPid(pid int) (windows.Token, error)
get the token from a process given its pid
GetTokenFromName(procName string) (windows.Token, error)
get the token from a process given its process name
Warn(message string)
output a warning message to STDOUT ("[!] message")
Error(message string)
output an error message to STDOUT ("[-] message")
Okay(message string)
output a success message to STDOUT ("[+] message")
Info(message string)
output an information message to STDOUT ("[*] message")
github.com/fourcorelabs/wintoken
github.com/go-ping/ping
github.com/Binject/debug/pe
Thank you to the creators of these amazing projects!
The creator nor any person who has contributed to this project is liable for any kind of malicious of illegal use of this software. Only use this on targets, systems, networks, etc that you have own and/or have permission to use on.
DO NOT USE THIS FOR:
- illegal actions
- malicious actions
- damaging actions to property you do not have direct permission to use this on
Any use of this software for illegal actions is not the responsibility of the creator or any contributor of this project. We hold no liability for any actions taken by this software.
This project is licensed under the GNU General Public License V3
Copyright © 2024, Deranged0tter