Features • Installation • Examples • Third-party • Contributing • Disclaimer

maldev aims to help malware developers, red teamers and anyone who is interested in cybersecurity. It uses native Golang code and some other useful packages like Hooka which I created to perform complex low-level red teaming stuff. The project isn't finished yet but the official API is stable, anyway if you find a bug feel free to open an issue or create a pull-request which fixes it.

This are the different categories:

• Cryptography
  • AES
  • RC4
  • Xor
  • Base32
  • Base64
  • Md5
  • Sha1
  • Sha256
  • Sha512
  • Rot13
  • Rot47
  • Bcrypt
  • Elliptic Curve
  • ChaCha20
  • Triple DES
  • Compare hashes
• Network
  • List all interfaces
  • Get info about an interface
  • List active ports wih its info
  • Check internet connection
  • Get public ip
  • Download a file from URL
  • Get status code from URL
  • Send http POST request with custom data
• Misc
  • Generate random strings
  • Generate random integers
  • Convert dates to epoch format
  • Convert epoch to dates
  • Convert text to leet
• Shellcode
  • Tons of shellcode injection techniques
  • Retrieve shellcode from file
  • Retrieve shellcode from url
  • Write shellcode to file
  • Convert DLL to shellcode (sRDI)
• Red Team
  • 3 different ways to dump system hashes
  • Steal token from PID (Impersonation)
  • Enable/disable Sticky Keys backdoor
  • Create malicious SCF on given path
• Antiforensics
  • Wiping
  • Timestomping
• Processes
  • List all process
  • Get process name by PID
  • Get list of processes by name (i.e. firefox.exe)
• Exec
  • Execute bash commands
  • Execute powershell commands
  • Execute cmd commands
  • Execute command with Token
• System
  • Whoami
  • Get current dir
  • Get home dir
  • Get current user groups
  • Find installed useful software
  • List files and folders
  • Get environment variables
  • Get generic system information
  • Get SID and RID from windows system
  • Find installed AVs/EDRs
• Scanning
  • Ping an ip
  • Hostscan
  • Portscan
  • Enumerate all subdomains of a domain
  • Check if a domain uses http or https
  • Whois
  • Wappalyzer (identify technologies)
• Logging
  • Status functions
  • ASCII banners
  • Progress bars
  • Colors
  • "log" and "fmt" wrappers
• Working with slices
  • Check if contains a string
  • Check if contains a string (insensitive)
  • Remove duplicates from []string
  • Remove duplicates from []int
  • Lowercase all characters from []string entries
• Working with files
  • Check if file exists
  • Check if path is file
  • Check if path is dir
  • Copy a file or dir (recursive)
  • Get content of a file
  • Directly create a file with content

Just execute this and it should be installed without problems:

go get -u https://github.com/D3Ext/maldev

To import all the functions at the same time do it like this:

import (
    maldev "github.com/D3Ext/maldev/all"
)

Anyway if you want to use functions from an especific topic, you can do it like this:

Example with cryptography

import "github.com/D3Ext/maldev/crypto"

In every directory there is a README.md which contains at least one example of every defined function, if you don't have enough creativity I encourage you to check out the examples/ directory where I've developed some good examples which use maldev functions like a simple ransomware, a shellcode loader and much more

🔲 Kerberos protocol implementation

🔲 Publish official package documentation (pkg.go.dev)

🔲 Stable progress bars

As said above I have tried to implement all functions from scratch but I have also used some external packages:

https://github.com/ryanuber/columnize
https://github.com/cakturk/go-netstat
https://github.com/C-Sto/gosecretsdump
https://github.com/C-Sto/BananaPhone
https://github.com/mitchellh/go-ps
https://github.com/elastic/go-sysinfo
https://github.com/fourcorelabs/wintoken
https://github.com/FourCoreLabs/EDRHunt
https://github.com/common-nighthawk/go-figure

See CONTRIBUTING.md

Creator has no responsibility for any kind of:

• Illegal use of the project.
• Law infringement by third parties and users.
• Malicious act, capable of causing damage to third parties, promoted by the user through this software.

This project is under MIT license

Copyright © 2023, D3Ext