EGESPLOIT

package module

v0.0.0-...-1a6c432 Latest Latest Go to latest Published: Jan 26, 2017 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/EgeBalci/EGESPLOIT

Links

Open Source Insights

README ¶

EGESPLOIT

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration.

#DOCUMENTATION

        CalculateChecksum(x) : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string.
        
        Meterpreter(ConType, Address) : Function launches a meterpreter connection, takes 2 parameters connection type (HTTP/HTTPS/TCP) and Address (127.0.0.1:4444), function returns a string for error handling.
        
        Persistence() : Function copys and adds the running binary to startup registry.
        
        Sysguide() : Function returns the current directory, running OS version, username, antivirus name as strings.
        
        Keylogger(LOGS) : Function takes a string pointer as parameter and starts a keylogger,all key logs are saved at given parameter.
        
        Please(Command) : Function executes the given parameter with runas command. (Asks permission for higher level operations)  
        
        BypassAV() : Function bypasses the anti virus heroustic detections, takes a integer as parameter for defining the intensity level.
        
        Dispatch(Base64_Binary,BinaryName, Parameters) : Function drops a binary and executes it, takes tree strings as parameter base64 encoded binary, binary name and parameters.
        
        Distract() : Functions execute a forkbomb bat file for distracting the user.
        
        Dos() : Function start a dos atack to given target (http://example.com)
        
        SyscallExecute(Shellcode) : Function executes the given shellcode(byte array) with system call.
        
        ThreadExecute(Shellcode) : Function executes the given shellcode(byte array) with CreateThread function.

        WifiList() : Functions returns he wifi connection history.
        
        #RSE#
        RSE stands for "Reduced Sized Exploits", functions under RSE folder are build with windows api calls for reducing payload sizes.

Bitcoin: 16GvMV7eZH22p4rLQuu8h2gbgSLYr11KBM

Documentation ¶

Index ¶

Constants ¶

View Source

const MEM_COMMIT = 0x1000

View Source

const MEM_RESERVE = 0x2000

View Source

const PAGE_EXECUTE_READWRITE = 0x40

View Source

const PROCESS_CREATE_THREAD = 0x0002

View Source

const PROCESS_QUERY_INFORMATION = 0x0400

View Source

const PROCESS_VM_OPERATION = 0x0008

View Source

const PROCESS_VM_READ = 0x0010

View Source

const PROCESS_VM_WRITE = 0x0020

Variables ¶

View Source

var CreateRemoteThread = K32.MustFindProc("CreateRemoteThread")

View Source

var CreateThread = K32.MustFindProc("CreateThread")

View Source

var GetAsyncKeyState = USER32.MustFindProc("GetAsyncKeyState")

View Source

var GetLastError = K32.MustFindProc("GetLastError")

View Source

var IsDebuggerPresent = K32.MustFindProc("IsDebuggerPresent")

View Source

var K32 = syscall.MustLoadDLL("kernel32.dll") //kernel32.dll

View Source

var MagicNumber int64 = 0

View Source

var OpenProcess = K32.MustFindProc("OpenProcess")

View Source

var USER32 = syscall.MustLoadDLL("user32.dll") //user32.dll

View Source

var VirtualAlloc = K32.MustFindProc("VirtualAlloc")

View Source

var VirtualAllocEx = K32.MustFindProc("VirtualAllocEx")

View Source

var WaitForSingleObject = K32.MustFindProc("WaitForSingleObject")

View Source

var WriteProcessMemory = K32.MustFindProc("WriteProcessMemory")

Functions ¶

func AllocateFakeMemory ¶

func AllocateFakeMemory()

func Brute ¶

func Brute(Address string) bool

func BypassAV ¶

func BypassAV(Rate int)

func CalculateChecksum ¶

func CalculateChecksum(Length int) string

func CheckDebugger ¶

func CheckDebugger()

func Dispatch ¶

func Dispatch(B64_Binary string, BinaryName string, Parameters string)

func Distrackt ¶

func Distrackt()

func Dos ¶

func Dos(Target string)

func Jump ¶

func Jump()

func Keylogger ¶

func Keylogger(LOGS *string)

func Meterpreter ¶

func Meterpreter(ConType string, Address string) (bool, string)

func Migrate ¶

func Migrate(Pid string, Address string) (bool, string)

func Persistence ¶

func Persistence()

func Please ¶

func Please(RawCommand string) string

func ProcessRecon ¶

func ProcessRecon()

func SyscallExecute ¶

func SyscallExecute(Shellcode []byte) bool

func Sysguide ¶

func Sysguide() (string, string, string, string)

func ThreadExecute ¶

func ThreadExecute(Shellcode []byte)

func WifiList ¶

func WifiList() string

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
RSE

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL