https://github.com/ice-wzl/unixcollector
UnixCollector is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration of sensitive information from Linux systems.
https://github.com/ice-wzl/unixcollector
enumeration exfiltration golang info-gathering info-stealing linux malware-development red-team red-team-tools red-teaming
Last synced: 3 months ago
JSON representation
UnixCollector is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration of sensitive information from Linux systems.
- Host: GitHub
- URL: https://github.com/ice-wzl/unixcollector
- Owner: ice-wzl
- Created: 2025-01-05T20:06:17.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-01-06T04:24:52.000Z (9 months ago)
- Last Synced: 2025-03-23T14:35:37.370Z (7 months ago)
- Topics: enumeration, exfiltration, golang, info-gathering, info-stealing, linux, malware-development, red-team, red-team-tools, red-teaming
- Language: Go
- Homepage:
- Size: 49.8 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# UnixCollector
## Overview
- UnixCollector is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration of sensitive information from Linux systems.
- Its primary purpose is to streamline the process of gathering critical data in red teaming scenarios.
## Building
- Ensure you have golang installed on your host
- To install golang see: https://go.dev/doc/install
````
git clone https://github.com/ice-wzl/UnixCollector.git
cd UnixCollector
go build
````
- `UnixCollector` takes no arguments or flags, it knows what to do!
## Benifits
My origional inspiration for this project was https://github.com/R3DRUN3/vermilion
After attempting a PR, it was determined that we had different design ideas, thus I wanted to make my own version
1. `UnixCollector` will rebuild the directory structure of the host. For example if you collect `/etc/fstab` you will see that same directory struture reflected in your exfil directory
- See below for a visual example of the rebuilt directory structure. This makes it much easier to analyze the files you have collected, as you know the exact position they are on the remote host
2. Creates an archive for easy exfiltration
- When the tool finishes its run, it will `tar/gzip` the contents to make the file transfer process as easy as possible.
## Contributing
- Im always happy to accept PRs!
- Ive attempted to make this code as module as possible to make it as easy as possible to add a new module.
- If there is a super important file you should always collect on a Red Team engagement, add it via a PR.
- If its a file not under `/home` or `/root` then add it in `internals/systemCollector.go`
- If its a file typically found in `/root` or a users home direcotry add it in `internals/userCollector.go`
- For example if you wanted to always collect `/etc/fstab` you could easily find the correct function and add it in
## FAQ
1. Should you look to automate all of this through `Sliver` or `Havoc`?
- Yes that would be nice, however sometimes you dont have an oppertunity to use those tools. If you have a way to automate collection of sensitive files through `Sliver` or `Havoc` do that, however for those times you dont, `UnixCollector` is here for you.
2. This program doesnt really do any host enumeration, why?
- This tool is designed to collect sensitive files from a linux system. If you are looking to priv esc or enumerate the host, use `linpeas`. Its 100x better than anything I could write for host enumeration. Different tools for different jobs.