{"id":37111005,"url":"https://github.com/whiterabb17/medusa","last_synced_at":"2026-01-14T13:10:25.229Z","repository":{"id":64692261,"uuid":"576864250","full_name":"whiterabb17/medusa","owner":"whiterabb17","description":"Anti VM checks in GoLang","archived":false,"fork":false,"pushed_at":"2023-01-15T12:57:50.000Z","size":565,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-20T11:52:20.554Z","etag":null,"topics":["antivm","antivmdetection","detection","golang-antivm","helper","malware","malware-tools","red-team","redteam-tools","redteaming","virtual-detection","virtualization","vm-detection"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/whiterabb17.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-12-11T08:26:40.000Z","updated_at":"2024-04-13T18:12:00.000Z","dependencies_parsed_at":"2023-02-09T22:07:31.560Z","dependency_job_id":null,"html_url":"https://github.com/whiterabb17/medusa","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/whiterabb17/medusa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiterabb17%2Fmedusa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiterabb17%2Fmedusa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiterabb17%2Fmedusa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiterabb17%2Fmedusa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/whiterabb17","download_url":"https://codeload.github.com/whiterabb17/medusa/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/whiterabb17%2Fmedusa/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28420833,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivm","antivmdetection","detection","golang-antivm","helper","malware","malware-tools","red-team","redteam-tools","redteaming","virtual-detection","virtualization","vm-detection"],"created_at":"2026-01-14T13:10:24.623Z","updated_at":"2026-01-14T13:10:25.222Z","avatar_url":"https://github.com/whiterabb17.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Medusa\nGolang anti-vm framework\n\n\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/whiterabb17/medusa\"\u003e\n    \u003cimg src=\"https://github.com/whiterabb17/medusa/blob/main/medusa.jpg\" alt=\"Logo\" width=\"400\" height=\"400\"\u003e\n  \u003c/a\u003e\n\n  \n  \u003cp align=\"center\"\u003e\n    Let Medusa stone wall analysis\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\u003c!-- TABLE OF CONTENTS --\u003e\n\u003cdetails open=\"open\"\u003e\n  \u003csummary\u003eTable of Contents\u003c/summary\u003e\n  \u003col\u003e\n    \u003cli\u003e\n      \u003ca href=\"#About-the-project\"\u003eAbout The Project\u003c/a\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#Getting-started\"\u003eGetting Started\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#Dependencies\"\u003eDependencies\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"#Installation\"\u003eInstallation\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#Usage\"\u003eUsage\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#Anti-Debugging\"\u003eAnti-Debugging \u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"#Anti-Memory\"\u003eAnti-Memory\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"#Anti-VM\"\u003eAnti-VM\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n  \u003c/ol\u003e\n\u003c/details\u003e\n\n\n\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n## About The Project\nMedusa is an anti-vm framework.\u003cbr\u003e\nWritten in Golang in order to support Red Team operations and Pentesters during engagements.\u003cbr\u003e\nMedusa is designed for Windows environment!\u003cbr/\u003e\n!!I'm not responsible for your acts!!\n\n\n\n\u003c!-- GETTING STARTED --\u003e\n## Getting Started\nFirstly, make sure that your dependencies are satisfied.\n\n### Dependencies\nMedusa has 3 dependencies:\n* wmi\n  ```\n  go get github.com/StackExchange/wmi@v0.0.0-20210224194228-fe8f1750fd46\n  ```\n* go-ole\n  ```\n  go get github.com/go-ole/go-ole@v1.2.5 \n  ```\n* go-ps\n  ```\n  go get github.com/mitchellh/go-ps@v1.0.0 \n  ```\n  \n### Installation\nIn your prompt type\n  ```\n  go get github.com/whiterabb17/medusa\n  ```\n \n### Note\nAdditional processes and configs can be set in `util\\process_list.go`\u003cbr\u003e\nSuch as AV processes to kill/search for.\u003cbr\u003e\nAdditional strings to find or MAC addresses to add to the blacklist\n  \n## Usage\nInto your program, import the packages used by Medusa\n```\nimport (\n      \"github.com/whiterabb17/medusa/antidebug\"\n      \"github.com/whiterabb17/medusa/antimem\"\n      \"github.com/whiterabb17/medusa/antivm\"\n    )\n```\n### Anti-Debugging\n` \"github.com/whiterabb17/medusa/antidebug\"` \u003cbr/\u003e\nAntidebug package implement strategies to avoid common programs that are used for debugging.\n\n#### Process\n`antidebug.ByProcessWatcher()` return boolean \u003cbr/\u003e\nThis function look for common programs used for inspect process, like processhacker.exe, procmon.exe, xdbg.exe, etc. \u003cbr/\u003e\nExample:\n```\nif antidebug.ByProcessWatcher() { // Whether some debugger program founded, enter here.\n  // exit or wait\n}\n```\n#### Timming\n`antidebug.ByTimmingDiff(time, int)` return boolean\u003cbr/\u003e\nCompare whether the difference between initial and end time is bigger than difference allowed (in seconds).\nWhen debugging, some analisys use to take some time into a function.\nGrab the time just in the begging of the function and later in the end, before go out, and ask Medusa to compare.\u003cbr/\u003e\nExample:\n```\nfunc myFuncHere(){\n  initTime := time.Now() // grab the time here\n  // do your actions here\n  if antidebug.ByTimmingDiff(timeInit, 2){ // if your function takes 2 seconds or more, your malware must be debugged. You chose your time.\n    // exit or wait\n  }\n}\n  ```\n\n### Anti-Memory\n` \"github.com/whiterabb17/medusa/antimem\"` \u003cbr/\u003e\nAntimem package implement strategies to avoid common programs that are used for inspect memory process.\n\n#### Memory\n`antimem.ByMemWatcher()` return boolean \u003cbr/\u003e\nThis function look for common programs used for inspect memory, like rammap.exe, dumpit.exe, etc. \u003cbr/\u003e\nExample:\n```\nif antimem.ByMemWatcher() { // Whether some program used for inspect memory founded, enter here.\n  // exit or wait\n}\n```\n\n### Anti-VM\n` \"github.com/whiterabb17/medusa/antivm\"` \u003cbr/\u003e\nAntivm package implement strategies to avoid virtualized environment.\n\n#### Disk size\n`antivm.BySizeDisk( int )` return boolean \u003cbr/\u003e\nCheck total size disk, in GB. \u003cbr/\u003e\nExample:\n```\nif antivm.BySizeDisk(100) { // whether total disk size is less than 100 GB, enter here. You chose the size, always in GB.\n  // exit or wait\n}\n```\n#### Virtual disk\n`antivm.IsVirtualDisk()` boolean \u003cbr/\u003e\nCheck whether may be on virtual disk. \u003cbr/\u003e\nExample:\n```\nif antivm.IsVirtualDisk() { // If Medusa guess you are on virtual disk, enter here.\n  // exit or wait\n}\n ```\n\n#### Known virtual MAC Address\n`antivm.ByMacAddress()` boolean \u003cbr/\u003e\nLook for known virtualized MAC Address. \u003cbr/\u003e\nExample:\n```\nif antivm.ByMacAddress() { If Medusa guess you are on virtual MAC Address, enter here.\n  // exit or wait\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhiterabb17%2Fmedusa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhiterabb17%2Fmedusa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhiterabb17%2Fmedusa/lists"}