Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ahhh/GoRedLoot
A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
https://github.com/ahhh/GoRedLoot
Last synced: about 1 month ago
JSON representation
A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
- Host: GitHub
- URL: https://github.com/ahhh/GoRedLoot
- Owner: ahhh
- Created: 2018-05-31T06:12:46.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2018-06-02T02:46:10.000Z (over 6 years ago)
- Last Synced: 2024-02-15T10:34:34.694Z (10 months ago)
- Language: Go
- Homepage:
- Size: 7.81 KB
- Stars: 55
- Watchers: 2
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-starz - ahhh/GoRedLoot - A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration. (Go)
- cybersecurity-golang-security - goredloot - A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration. (General Post Exploitation)
- awesome-go-security - goredloot - A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration. (General Post Exploitation)
README
# GoRedLoot
A tool to collect secrets (keys and passwords) and stage (compress and encrypt) them for exfiltration.
More details: https://lockboxx.blogspot.com/2018/06/goredloot.html# Usage
- The tool takes two command line arguments when invoked, the directory to recursively search and the output file to create.
-- Example: ./GoRedLoot [directory to recursivly search] [out file]
- The tool has five primary, hardcoded, internal configuration options.
-- The first, and one you defiantly want to change, is the encryption password.
-- The next four are essentially your search criteria, and they are ignoreFiles, includeFiles, ignoreContents, and includeContents, and are processed in that order.
- Its also important to understand the double zipping process that occurs on the output file:
-- The first zip wrapper retains all of the collected files meta-information, such as the file names and file properties.
-- The second zip wrapper strips all of this information and encrypts the zip archive with the hard coded password.