{"id":22209523,"url":"https://github.com/aquilao/gotokentheft","last_synced_at":"2025-04-05T00:06:14.568Z","repository":{"id":59385334,"uuid":"390583498","full_name":"Aquilao/GoTokenTheft","owner":"Aquilao","description":"Token stealing tool written by Go. Bypass Kaspersky,Defender,Avira, etc./Go 编写的 Token 窃取工具。免杀卡巴、Defender、小红伞等杀软","archived":false,"fork":false,"pushed_at":"2025-01-16T02:20:00.000Z","size":18,"stargazers_count":177,"open_issues_count":0,"forks_count":20,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-28T23:05:15.414Z","etag":null,"topics":["token","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Aquilao.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-29T03:06:14.000Z","updated_at":"2025-03-26T16:29:52.000Z","dependencies_parsed_at":"2025-02-24T16:12:22.487Z","dependency_job_id":"b676b3da-a3ab-4cb3-8a0b-f85960140526","html_url":"https://github.com/Aquilao/GoTokenTheft","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aquilao%2FGoTokenTheft","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aquilao%2FGoTokenTheft/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aquilao%2FGoTokenTheft/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aquilao%2FGoTokenTheft/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Aquilao","download_url":"https://codeload.github.com/Aquilao/GoTokenTheft/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247266563,"owners_count":20910836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["token","windows"],"created_at":"2024-12-02T19:31:38.802Z","updated_at":"2025-04-05T00:06:14.546Z","avatar_url":"https://github.com/Aquilao.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GoTokenTheft\n\nGo 编写的 Token 窃取工具，用于后渗透时在目标机器上使用不同的用户权限来执行程序和命令\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e Token 窃取的前提是需要启用 `SeDebugPrivilege`，在大多数后渗透场景下是 `NT AUTHORITY\\SYSTEM` 权限或者 `bypass UAC`之后的人类用户权限，比如`Administrator`\n\n\n\n## 编译\n\nWindows 下编译\n\n```cmd\ngo build -o GoTokenTheft.exe main.go\n```\n\n跨平台编译\n\n```bash\nGOOS=windows GOARCH=386 CC=\"i686-w64-mingw32-gcc\" go build -o GoTokenTheft.exe main.go\n```\n\n\n\n## 使用\n\n### 快速上手\n\n指定进程\n\nUsage:\n```\nGoTokenTheft.exe -p \u003cpid\u003e -c \u003ccommand\u003e\n```\n\ne.g.\n```\nGoTokenTheft.exe -p 114514 -c cmd.exe\n```\n\n指定用户\n\nUsage:\n\n```\nGoTokenTheft.exe -u \u003cuser\u003e -c \u003ccommand\u003e\n```\n\ne.g.\n\n```\nGoTokenTheft.exe -u \"NT AUTHORITY\\SYSTEM\" -c cmd.exe\n```\n\n\n\n### 其他用法\n\n查看系统内存在的所有`token`信息，包括权限和使用它的进程 pid，在实战场景下方便快速定位需要的`token`\n\n```\nGoTokenTheft.exe -t\n```\n\n查看系统内存在的所有进程信息，包括 pid 和进程名\n\n```\nGoTokenTheft.exe -p\n```\n\n查看帮助\n\n```\nGoTokenTheft.exe -h\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquilao%2Fgotokentheft","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faquilao%2Fgotokentheft","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faquilao%2Fgotokentheft/lists"}