Features • Installation • Examples • Third-party • Contributing • Disclaimer
maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet but the official API is stable, anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.
This are the different categories:
- Cryptography
- AES
- RC4
- Xor
- Base32
- Base64
- Md5
- Sha1
- Sha256
- Sha512
- Rot13
- Rot47
- Bcrypt
- Elliptic Curve
- ChaCha20
- Triple DES
- Compare hashes
- Network
- List all interfaces
- Get info about an interface
- List active ports wih its info
- Check internet connection
- Get public ip
- Download a file from URL
- Get status code from URL
- Send http POST request with custom data
- Misc
- Generate random strings
- Generate random integers
- Convert dates to epoch format
- Convert epoch to dates
- Convert text to leet
- Shellcode
- Tons of shellcode injection techniques
- Retrieve shellcode from file
- Retrieve shellcode from url
- Write shellcode to file
- Convert DLL to shellcode (sRDI)
- Red Team
- 3 different ways to dump system hashes
- Steal token from PID (Impersonation)
- Enable/disable Sticky Keys backdoor
- Create malicious SCF on given path
- Antiforensics
- Wiping
- Timestomping
- Processes
- List all process
- Get process name by PID
- Get list of processes by name (i.e. firefox.exe)
- Exec
- Execute bash commands
- Execute powershell commands
- Execute cmd commands
- Execute command with Token
- System
- Whoami
- Get current dir
- Get home dir
- Get current user groups
- Find installed useful software
- List files and folders
- Get environment variables
- Get generic system information
- Get SID and RID from windows system
- Find installed AVs/EDRs
- Scanning
- Ping an ip
- Hostscan
- Portscan
- Enumerate all subdomains of a domain
- Check if a domain uses http or https
- Whois
- Wappalyzer (identify technologies)
- Logging
- Status functions
- ASCII banners
- Progress bars
- Colors
- "log" and "fmt" wrappers
- Working with slices
- Check if contains a string
- Check if contains a string (insensitive)
- Remove duplicates from []string
- Remove duplicates from []int
- Lowercase all characters from []string entries
- Working with files
- Check if file exists
- Check if path is file
- Check if path is dir
- Copy a file or dir (recursive)
- Get content of a file
- Directly create a file with content
Just execute this and it should be installed without problems:
go get -u https://github.com/D3Ext/maldevTo import all the functions at the same time do it like this:
import (
maldev "github.com/D3Ext/maldev/all"
)Anyway if you want to use functions from an especific topic, you can do it like this:
Example with cryptography
import "github.com/D3Ext/maldev/crypto"In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more
🔲 Kerberos protocol implementation
🔲 Publish official package documentation (pkg.go.dev)
🔲 Stable progress bars
As said above I have tried to implement all functions from scratch but I have also used some external packages:
https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure
See CONTRIBUTING.md
Creator has no responsibility for any kind of:
- Illegal use of the project.
- Law infringement by third parties and users.
- Malicious act, capable of causing damage to third parties, promoted by the user through this software.
This project is under MIT license
Copyright © 2023, D3Ext