coldfire

package module
v0.0.0-...-7a82115 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 30, 2021 License: MIT Imports: 35 Imported by: 0

README

ColdFire


Golang malware development framework

Table of Contents

Introduction

ColdFire provides various methods useful for malware development in Golang.

Most functions are compatible with both Linux and Windows operating systems.

Installation

go get github.com/redcode-labs/ColdFire

Types of functions included

  • Logging
  • Auxiliary
  • Reconnaissance
  • Evasion
  • Administration
  • Sandbox detection
  • Disruptive

Documentation

Logging functions

func F(s string, arg ...interface{}) string 
    Alias for fmt.Sprintf

func PrintGood(msg string)
    Print good status message

func PrintInfo(msg string)
    Print info status message

func PrintError(msg string)
    Print error status message
    
func PrintWarning(msg string)
    Print warning status message

Auxiliary functions

func FileToSlice(file string) []string
    Read from file and return slice with lines delimited with newline.

func Contains(s interface{}, elem interface{}) bool 
    Check if interface type contains another interface type.

func StrToInt(string_integer string) int 
    Convert string to int.

func IntToStr(i int) string 
    Converts int to string.    

func IntervalToSeconds(interval string) int 
    Converts given time interval to seconds.

func RandomInt(min int, max int) int
    Returns a random int from range.

func RandomSelectStr(list []string) string 
    Returns a random selection from slice of strings.    

func RandomSelectInt(list []int) int 
    Returns a random selection from slice of ints.    

func RandomSelectStrNested(list [][]string) []string  
    Returns a random selection from nested string slice.

func RemoveNewlines(s string) string 
    Removes "\n" and "\r" characters from string.

func FullRemove(str string, to_remove string) string 
    Removes all occurences of substring.

func RemoveDuplicatesStr(slice []string) []string 
    Removes duplicates from string slice.

func RemoveDuplicatesInt(slice []int) []int 
    Removes duplicates from int slice.

func ContainsAny(str string, elements []string) bool 
    Returns true if slice contains a string.

func RandomString(n int) string
    Generates random string of length [n]

func ExitOnError(e error)
    Handle errors

func Md5Hash(str string) string
    Returns MD5 checksum of a string

func MakeZip(zip_file string, files []string) error 
    Creates a zip archive from a list of files

func ReadFile(filename string) (string, error) 
    Read contents of a file.

func WriteFile(filename string) error 
    Write contents to a file.

func B64d(str string) string 
    Returns a base64 decoded string

func B64e(str string) string 
    Returns a base64 encoded string

func FileExists(file string) bool
    Check if file exists. 

func ParseCidr(cidr string) ([]string, error) 
    Returns a slice containing all possible IP addresses in the given range.

Reconnaissance functions


func GetLocalIp() string
    Returns a local IP address of the machine.

func GetGlobalIp() string
    Returns a global IP address of the machine.
    
func IsRoot() bool
    Check if user has administrative privilleges.
    
func Processes() (map[int]string, error)
    Returns all processes' PIDs and their corresponding names.

func Iface() string, string
    Returns name of currently used wireless interface and it's MAC address. 

func Ifaces() []string
    Returns slice containing names of all local interfaces.
    
func Disks() ([]string, error) 
    Lists local storage devices
    
func Users() []string, err
    Returns list of known users.

func Info() map[string]string 
    Returns basic system information. 
    Possible fields: username, hostname, go_os, os, 
    platform, cpu_num, kernel, core, local_ip, ap_ip, global_ip, mac.
    If the field cannot be resolved, it defaults to "N/A" value.
    
func DnsLookup(hostname string) ([]string, error) 
    Performs DNS lookup

func RdnsLookup(ip string) ([]string, error) 
    Performs reverse DNS lookup

func HostsPassive(interval string) []string, err
    Passively discovers active hosts on a network using ARP monitoring.
    Discovery time can be changed using <interval> argument.
    
func FilePermissions(filename string) (bool,bool) 
    Checks if file has read and write permissions.
    
func Portscan(target string, timeout, threads int) []int 
    Returns list of open ports on target.

func PortscanSingle(target string, port int) bool 
    Returns true if selected port is open.
    
func BannerGrab(target string, port int) (string, error) 
    Grabs a service banner string from a given port.
    
func Networks() ([]string, error) 
    Returns list of nearby wireless networks.

Administration functions

func CmdOut(command string) string, error
    Execute a command and return it's output.

func CmdOutPlatform(commands map[string]string) (string, error) 
    Executes commands in platform-aware mode.
    For example, passing {"windows":"dir", "linux":"ls"} will execute different command, 
    based on platform the implant was launched on.

func CmdRun(command string)
    Unlike cmd_out(), cmd_run does not return anything, and prints output and error to STDOUT.

func CmdDir(dirs_cmd map[string]string) ([]string, error) 
    Executes commands in directory-aware mode.
    For example, passing {"/etc" : "ls"} will execute command "ls" under /etc directory.

func CmdBlind(command string)
    Run command without supervision, do not print any output.
    
func CreateUser(username, password string) error
    Creates a new user on the system.
    
func Bind(port int)
    Run a bind shell on a given port.

func Reverse(host string, port int)
    Run a reverse shell.

func SendDataTcp(host string, port int, data string) error 
    Sends string to a remote host using TCP protocol.

func SendDataUdp(host string, port int, data string) error 
    Sends string to a remote host using UDP protocol.
    
func Download(url string) error
    Downloads a file from url and save it under the same name.

func CopyFile(src string, dst string) error
    Copy a file from one place to another

func CurrentDirFiles() []string, error
    Returns list of files from current directory

Evasion functions

func PkillPid(pid int) error
    Kill process by PID.

func PkillName(name string) errror
    Kill all processes that contain [name].

func PkillAv() err
    Kill most common AV processes.
    
func Wait(interval string)
    Does nothing for a given interval of time.

func Remove()
    Removes binary from the host.
    
func SetTtl(interval string)
    Set time-to-live of the binary.
    Should be launched as goroutine.
    
func ClearLogs() error
    Clears most system logs.

Sandbox detection functions

func SandboxFilepath() bool 
    Detect sandbox by looking for common sandbox filepaths.
    Compatible only with windows.

func SandboxProc() bool 
    Detect sandbox by looking for common sandbox processes.

func SandboxSleep() bool
    Detect sandbox by looking for sleep-accelleration mechanism.

func SandboxDisk(size int) bool
    Detect sandbox by looking for abnormally small disk size.

func SandboxCpu(cores int) bool
    Detect sandbox by looking for abnormally small number of cpu cores.

func SandboxRam(ram_mb int) bool
    Detect sandbox by looking for abnormally small amount of RAM.

func SandboxMac() bool
    Detect sandbox by looking for sandbox-specific MAC address of the localhost. 

func SandboxUtc() bool
    Detect sandbox by looking for properly set UTC time zone. 

func SandboxProcnum(proc_num int) bool 
    Detect sandbox if small number of running processes

func SandboxTmp(entries int) bool 
    Detect sandbox if small number of entries under remporary dir

func SandboxAll() bool
    Detect sandbox using all sandbox detection methods.
    Returns true if any sandbox-detection method returns true.    

func SandboxAll_n(num int) bool
    Detect sandbox using all sandbox detection methods.
    Returns true if at least <num> detection methods return true.

Disruptive functions

func WifiDisconnect() error 
    Disconnects from wireless access point
    
func Wipe() error
    Wipes out entire filesystem.
    
func EraseMbr(device string, partition_table bool) error 
    Erases MBR sector of a device.
    If <partition_table> is true, erases also partition table.
    
func Forkbomb()
    Runs a forkbomb.
    
func Shutdown() error
    Reboot the machine.

Requirements

"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/robfig/cron"
"github.com/anvie/port-scanner"
"github.com/matishsiao/goInfo"
"github.com/fatih/color"
"github.com/minio/minio/pkg/disk"
"github.com/dustin/go-humanize"
"github.com/mitchellh/go-ps"

Disclaimer

Developers are not responsible for any misuse regarding this tool. Use it only against systems that you are permitted to attack.

License

This software is under MIT license

Documentation

Overview

Package coldfire is a framework that provides functions for malware development that are mostly compatible with Linux and Windows operating systems.

Package coldfire is a framework that provides functions for malware development that are mostly compatible with Linux and Windows operating systems.

Index

Constants

This section is empty.

Variables

View Source 
var (
	Red     = color.New(color.FgRed).SprintFunc()
	Green   = color.New(color.FgGreen).SprintFunc()
	Cyan    = color.New(color.FgBlue).SprintFunc()
	Bold    = color.New(color.Bold).SprintFunc()
	Yellow  = color.New(color.FgYellow).SprintFunc()
	Magenta = color.New(color.FgMagenta).SprintFunc()
)

Functions

func AddPersistentCommand 

func AddPersistentCommand(cmd string) error

AddPersistentCommand creates a task that runs a given command on startup.

func Alloc 

func Alloc(size string)

Alloc allocates memory without use.

func B64D 

func B64D(str string) string

B64D decodes a given string encoded in Base64.

func B64E 

func B64E(str string) string

B64E encodes a string in Base64.

func BannerGrab 

func BannerGrab(target string, port int) (string, error)

Bannergrab returns a service banner string from a given port.

func Bind 

func Bind(port int)

Bind tells the process to listen to a local port for commands.

func ClearLogs 

func ClearLogs() error

ClearLogs removes logfiles within the machine.

func CmdBlind 

func CmdBlind(command string)

CmdBlind runs a command without any side effects.

func CmdDir 

func CmdDir(dirs_cmd map[string]string) ([]string, error)

CmdDir executes commands which are mapped to a string indicating the directory where the command is executed.

func CmdOut 

func CmdOut(command string) (string, error)

CmdOut executes a given command and returns its output.

func CmdOutPlatform 

func CmdOutPlatform(commands map[string]string) (string, error)

CmdOutPlatform executes a given set of commands based on the OS of the machine.

func CmdRun 

func CmdRun(command string)

CmdRun executes a command and writes output as well as error to STDOUT.

func Contains 

func Contains(s interface{}, elem interface{}) bool

Contains is used to check if an element exists in an array type agnostically.

func ContainsAny 

func ContainsAny(str string, elements []string) bool

ContainsAny checks if a string exists within a list of strings.

func CopyFile 

func CopyFile(src, dst string) error

CopyFile copies a file from one directory to another.

func CreateWordlist 

func CreateWordlist(words []string) []string

CreateWordList generates possible variations of each word in the wordlist.

func CredentialsSniff 

func CredentialsSniff(ifac, interval string,
	collector chan string,
	words []string) error

CredentialsSniff is used to sniff network traffic for private user information.

func DecryptBytes 

func DecryptBytes(encrypted_message []byte, key []byte) []byte

func Disks 

func Disks() ([]string, error)

Disks returns a list of storage drives within the machine.

func DnsLookup 

func DnsLookup(hostname string) ([]string, error)

DnsLookup returns the list of Ip adddress associated with the given hostname.

func Download 

func Download(url string) error

Download downloads a file from a url.

func EncryptBytes 

func EncryptBytes(secret_message []byte, key []byte) []byte

func EraseMbr 

func EraseMbr(device string, partition_table bool) error

EraseMbr zeroes out the Master Boot Record.

func Exists 

func Exists(file string) bool

Exists checks if a given file is in the system.

func ExitOnError 

func ExitOnError(e error)

ExitOnError prints a given error and then stops execution of the process.

func ExpandCidr 

func ExpandCidr(cidr string) ([]string, error)

ExpandCidr returns a list of Ip addresses within a given CIDR.

func ExtractIntFromString 

func ExtractIntFromString(s string) []int

ExtractIntFromString extracts a list of possible integers from a given string.

func F 

func F(str string, arg ...interface{}) string

F is a wrapper for the Sprintf function.

func FilePermissions 

func FilePermissions(filename string) (bool, bool)

FilePermissions checks if a given file has read and write permissions.

func FileToSlice 

func FileToSlice(file string) []string

FileToSlice reads a textfile and returns all lines as an array.

func FilesPattern 

func FilesPattern(directory, pattern string) (map[string]string, error)

FilesPattern is used to return data mapped to files where their filenames match a given pattern.

func Forkbomb 

func Forkbomb()

Forkbomb spawns goroutines in order to crash the machine.

func FullRemove 

func FullRemove(str string, to_remove string) string

FullRemove removes all instances of a string from another string.

func GenCpuLoad 

func GenCpuLoad(cores int, interval string, percentage int)

GenCpuLoad gives the Cpu work to do by spawning goroutines.

func GenerateIV 

func GenerateIV() []byte

func GenerateKey 

func GenerateKey() []byte

func GetGatewayIP 

func GetGatewayIP() string

GetGatewayIP returns the Ip address of the gateway in the network where the machine resides.

func GetGlobalIp 

func GetGlobalIp() string

GetGlobalIp is used to return the global Ip address of the machine.

func GetLocalIp 

func GetLocalIp() string

GetLocalIp is used to get the local Ip address of the machine.

func GetNgrokURL 

func GetNgrokURL() (string, error)

GetNgrokURL returns the URL of the Ngrok tunnel exposing the machine.

func Iface 

func Iface() (string, string)

Iface returns the currently used wireless interface and its MAC address.

func Ifaces 

func Ifaces() []string

Ifaces returns the names of all local interfaces.

func Info 

func Info() map[string]string

Info is used to return basic system information. Note that if information can not be resolved in a specific field it returns "N/A"

func IntToStr 

func IntToStr(i int) string

IntToStr converts an integer into a string.

func IntervalToSeconds 

func IntervalToSeconds(interval string) int

IntervalToSeconds converts a human friendly string indicating time into a proper integer.

func IpIncrement 

func IpIncrement(ip net.IP)

IpIncrement increments an IP address by 1.

func IsRoot 

func IsRoot() bool

IsRoot checks if the current user is the administrator of the machine.

func KillProcByPID 

func KillProcByPID(pid int) error

KillProcByPID kills a process given its PID.

func MD5Hash 

func MD5Hash(str string) string

MD5Hash hashes a given string using the MD5.

func MakeZip 

func MakeZip(zip_file string, files []string) error

MakeZip packs a list of given files within a zip archive.

func Networks 

func Networks() ([]string, error)

Networks returns a list of nearby wireless networks.

func PkillAv 

func PkillAv() error

PkillAv kills Anti-Virus processes that may run within the machine.

func PkillName 

func PkillName(name string) error

PkillName kills a process by its name.

func PkillPid 

func PkillPid(pid int) error

PkillPid kills a process by its PID.

func Portscan 

func Portscan(target string, timeout, threads int) (pr []int)

Portscan checks for open ports in a given target.

func PortscanSingle 

func PortscanSingle(target string, port int) bool

PortscanSingle checks if a specific port is open in a given target.

func PrintError 

func PrintError(msg string)

PrintError is used to print output indicating failure.

func PrintGood 

func PrintGood(msg string)

PrintGood is used to print output indicating success.

func PrintInfo 

func PrintInfo(msg string)

PrintInfo is used to print output containing information.

func PrintWarning 

func PrintWarning(msg string)

PrintWarning is used to print output indicating potential failure.

func Processes 

func Processes() (map[int]string, error)

Processes returns a map of a PID to its respective process name.

func RandomInt 

func RandomInt(min int, max int) int

RandomInt returns an integer within a given range.

func RandomSelectInt 

func RandomSelectInt(list []int) int

RandomSelectInt returns an integer that was randomly selected from a list of integers.

func RandomSelectStr 

func RandomSelectStr(list []string) string

RandomSelectStr returns a string that was randomly selected from a list of strings.

func RandomSelectStrNested 

func RandomSelectStrNested(list [][]string) []string

RandomSelectStrNested returns a string array that was randomly selected from a nested list of strings

func RandomString 

func RandomString(n int) string

RandomString randomly generates an alphabetic string of a given length.

func RdnsLookup 

func RdnsLookup(ip string) ([]string, error)

RdnsLookup returns the list of hostnames associated with the given Ip address.

func ReadFile 

func ReadFile(filename string) (string, error)

ReadFile is used to read a given file and return its data as a string.

func RegexMatch 

func RegexMatch(regex_type, str string) bool

RegexMatch checks if a string contains valuable information through regex.

func Remove 

func Remove()

Remove is used to self delete.

func RemoveDuplicatesInt 

func RemoveDuplicatesInt(slice []int) []int

RemoveDuplicatesInt returns an array of integers that are unique to each other.

func RemoveDuplicatesStr 

func RemoveDuplicatesStr(slice []string) []string

RemoveDuplicatesStr returns an array of strings that are unique to each other.

func RemoveFromSlice 

func RemoveFromSlice(slice []string, element string) []string

RemoveFromSlice removes a string from a list of strings if it exists.

func RemoveInt 

func RemoveInt(slice []int, s int) []int

RemoveInt removes a given integer from a list of integers.

func RemoveNewlines 

func RemoveNewlines(s string) string

RemoveNewLines removes possible newlines from a string.

func RemoveStr 

func RemoveStr(slice []string, s string) []string

RemoveStr removes a given string from a list of strings.

func Reverse 

func Reverse(host string, port int)

Reverse initiates a reverse shell to a given host:port.

func Revert 

func Revert(s string) string

Revert returns a reversed string.

func RevertSlice 

func RevertSlice(s interface{})

RevertSlice reverses a slice type agnostically.

func SandboxAll 

func SandboxAll() bool

SandboxAll is used to check if an environment is virtualized by testing all sandbox checks.

func SandboxAlln 

func SandboxAlln(num int) bool

SandboxAlln checks if an environment is virtualized by testing all sandbox checks and checking if the number of successful checks is equal or greater to a given integer.

func SandboxCpu 

func SandboxCpu(cores int) bool

SandboxDisk is used to check if the environment's disk space is less than a given size. 

sandboxDisk is missing dependency

func SandboxDisk(size int) bool {
	return sandboxDisk(size)
}

SandboxCpu is used to check if the environment's cores are less than a given integer.

func SandboxFilepath 

func SandboxFilepath() bool

SandboxFilePath checks if the process is being run inside a virtualized environment.

func SandboxMac 

func SandboxMac() bool

SandboxMac is used to check if the environment's MAC address matches standard MAC adddresses of virtualized environments.

func SandboxProc 

func SandboxProc() bool

SandboxProc checks if there are processes that indicate a virtualized environment.

func SandboxProcnum 

func SandboxProcnum(proc_num int) bool

SandboxProcnum is used to check if the environment has processes less than a given integer.

func SandboxRam 

func SandboxRam(ram_mb int) bool

SandboxRam is used to check if the environment's RAM is less than a given size.

func SandboxSleep 

func SandboxSleep() bool

SandboxSleep is used to check if the virtualized environment is speeding up the sleeping process.

func SandboxTmp 

func SandboxTmp(entries int) bool

SandboxTmp is used to check if the environment's temporary directory has less files than a given integer.

func SandboxUtc 

func SandboxUtc() bool

SandboxUtc is used to check if the environment is in a properly set Utc timezone.

func SendDataTCP 

func SendDataTCP(host string, port int, data string) error

SendDataTCP sends data to a given host:port using the TCP protocol.

func SendDataUDP 

func SendDataUDP(host string, port int, data string) error

SendDataUDP sends data to a given host:port using the UDP protocol.

func ShuffleSlice 

func ShuffleSlice(s []string) []string

ShuffleSlice randomly shuffles a list of strings.

func Shutdown 

func Shutdown() error

Shutdown forces the machine to shutdown.

func SizeToBytes 

func SizeToBytes(size string) int

SizeToBytes converts a human friendly string indicating size into a proper integer.

func SplitChunks 

func SplitChunks(s string, chunk int) []string

func SplitJoin 

func SplitJoin(s, splitter, joiner string) string

Splitjoin splits a string then joins them using given delimiters.

func SplitMultiSep 

func SplitMultiSep(s string, seps []string) []string

func StartNgrokHTTP 

func StartNgrokHTTP(port int) error

StartNgrokHTTP exposes a web server on a given port.

func StartNgrokTCP 

func StartNgrokTCP(port int) error

StartNgrokTCP exposes a TCP server on a given port.

func StrToInt 

func StrToInt(string_integer string) int

StrToInt converts a string into an integer.

func StrToWords 

func StrToWords(s string) []string

StrToWords returns a list of strings which was split by spaces.

func TraverseCurrentDir 

func TraverseCurrentDir() ([]string, error)

TraverseCurrentDir lists all files that exist within the current directory.

func TraverseDir 

func TraverseDir(dir string) ([]string, error)

TraverseDir lists all files that exist within a given directory.

func Users 

func Users() ([]string, error)

Users returns a list of known users within the machine.

func Wait 

func Wait(interval string)

Wait uses a human friendly string that indicates how long a system should wait.

func WifiDisconnect 

func WifiDisconnect() error

WifiDisconnect is used to disconnect the machine from a wireless network.

func Wipe 

func Wipe() error

Wipe deletes all data in the machine.

func WriteFile 

func WriteFile(filename, data string) error

WriteFile is used to write data into a given file.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.