https://github.com/whitecat18/rust-for-malware-development
This repository contains complete resources and coding practices for malware development using Rust 🦀.
https://github.com/whitecat18/rust-for-malware-development
malware malware-development proof-of-concept research rust rustlang tips-and-tricks windows
Last synced: 5 months ago
JSON representation
This repository contains complete resources and coding practices for malware development using Rust 🦀.
- Host: GitHub
- URL: https://github.com/whitecat18/rust-for-malware-development
- Owner: Whitecat18
- License: mit
- Created: 2024-02-12T16:55:06.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-05-04T13:33:41.000Z (5 months ago)
- Last Synced: 2025-05-04T14:28:51.248Z (5 months ago)
- Topics: malware, malware-development, proof-of-concept, research, rust, rustlang, tips-and-tricks, windows
- Language: Rust
- Homepage: https://maldev.5mukx.site/
- Size: 29.2 MB
- Stars: 2,191
- Watchers: 30
- Forks: 57
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Rust for Malware Development
Rust for Malware Development
This repository contains source codes of various techniques used by malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.
Managed by @5mukx
---
## Table of Contents
- [Walkthrough](#walkthrough)
- [Malware Techniques](#malware-techniques)
- [Encryption Techniques](#encryption-techniques)
- [Related Blogs](#related-blogs)
- [Download Repository](#download-as-zip-file)
- [Contribution](#contributing-to-rust-for-malware-development)
## Malware Techniques
| Technique | Description |
|-----------|-------------|
| [Process Injection](Process-Injection) | Process injection techniques |
| [Process Injection 2](Process) | Additional process injection snippets. |
| [Process Ghosting](GhostingProcess) | Process ghosting technique |
| [Process Hypnosis](Process/hypnosis.rs) | Process hypnosis techniques |
| [Process Herpaderping](Process/Herpaderping) | Process herpaderping |
| [Waiting Thread Hijacking](WaitingThreadHijacking) | injection by overwriting the return address of a waiting thread |
| [NtCreateUserProcess](NtCreateUserProcess) | Launch processes using NtCreateUserProcess API. |
| [Custom Shellcode](./Custom_Shellcode/) | Custom Shellcode for Testing. |
| [Named Pipes](Named_Pipe) | Interprocess communication using named pipes on Windows. |
| [Api Hooking](Api_Hooking) | API Hooking Using Trampoline. |
| [PE Analyzer](https://github.com/Whitecat18/PE-Analyzer.rs) | Extract PE information via CLI. |
| [BlockHandle](BlockHandle) | Block handles using SDDL PoC. |
| [Dynamic Export Table PEB](base_addr_locator) | Call Windows functions by searching memory. |
| [API Hammering](api_hammering) | API hammering techniques. |
| [Early Cascade Injection](Early%20Cascade%20Injection) | Early-cascade injection PoC in Rust. |
| [Encryption Methods](Encryption%20Methods) | Methods to encrypt and execute payloads. |
| [Enumeration](Enumeration) | Enumeration modules for efficiency. |
| [Malware Samples](Malware-Samples) | Malware based on real-world activities. |
| [Metadata Modification](Metadata_Modification) | Extract and embed custom metadata in binaries. |
| [Keyloggers](Keyloggers) | Custom keylogger implementations in Rust. |
| [DLL Injection](dll_injection) | DLL injection in Rust. |
| [DLL Injector](DLL_Injector) | Versatile DLL injector in Rust. |
| [Code Snippets](Malware_Tips) | Snippets for malware operations. |
| [NTAPI Implementation](NtApi) | NTAPI usage snippets. |
| [Extract WiFi Passwords](Recon/extract_wifi) | Extract stored WiFi passwords on Windows. |
| [Reverse Shell](Reverse%20Shell) | Client-server reverse shell in Rust. |
| [Thread Hijacking](Threads) | Thread hijacking snippets. |
| [Self Deletion](Self-Deletion-Techniques) | Techniques for self-deleting binaries. |
| [Position Independent Series](position%20independent) | Position-independent code in Rust. |
| [Shellcode Execution](shellcode_exec) | Shellcode execution using WinAPIs. |
| [Sleep Obfuscation](Sleep_Obfuscations/Ekko) | Sleep obfuscation implementation. |
| [Direct Syscalls](syscalls/direct_syscalls) | Direct syscall implementation using STUB methods. |
| [Indirect Syscalls](syscalls/indirect_syscalls) | Indirect syscall implementation using STUB methods. |
| [BSOD](BSOD) | Triggers a Blue Screen of Death. |
| [Persistence](Persistence) | Persistence techniques. |
| [UAC Bypass CMSTP](uac-bypass-cmstp) | UAC bypass by elevating CMSTP.exe. |
| [Malware DSA](shellcode_exec/DSA_Exec) | Malware using data structures and algorithms. |
| [Shellcode Obfuscation](obfuscation) | Obfuscate shellcode using IPv4, IPv6, MAC, UUID formats. |
| [EDR Checker](EDRChecker) | Detect EDR tools, AV software, and security applications. |
| [Timer](timer) | Time-based execution control mechanism. |
| [Keylogger Dropper](keylog_dropper) | Downloads and executes keylogger in the background. |
| [Rand_Fill](Malware_Tips/rand_fill) | Deletes files and fills disk with random bytes. |
| [Encryfer-X](Malware-Samples/Encryfer/Encryfer-X) | Ransomware combining multiple PoC techniques. |
| [GitHub Stealers](stealer/GitHub_API) | Steal credentials using GitHub API. |
| [AMSI Byapss](./Amsi_Bypass/) | Using hardware breakpoints to intercept and manipulate the AmsiScanBuffer function. |
## Encryption Techniques
| Technique | Description |
|-----------|-------------|
| [AES Encryption](Encryption%20Methods/Aes_Encryption) | Encrypt/decrypt shellcodes using AES. |
| [RC4 Encryption](Encryption%20Methods/rc4_shellcode_encrypt.rs) | Encrypt/decrypt shellcodes using RC4. |
| [Khufu Encryption](Encryption%20Methods/Khufu_encryption) | Encrypt/decrypt using Khufu algorithm. |
| [Camellia Cipher](Encryption%20Methods/camellia_cipher) | Encryption using Camellia cipher. |
| [NullxFigure](Encryption%20Methods/nullxfigure) | Parse null bytes into shellcode. |
| [A5/1 Cipher](Encryption%20Methods) | Encrypt shellcode using modified A5/1 cipher. |
| [XOR Encryption](Encryption%20Methods/xor_encrypt.rs) | Shellcode encryption using XOR. |
| [Lucifer Algorithm](Encryption%20Methods/lucifer_algorithm.rs) | Encrypt/decrypt shellcodes using Lucifer algorithm. |
| [DFC Algorithm](Encryption%20Methods/dfc_algorithm.rs) | Encrypt/execute payloads using DFC algorithm. |
| [Payload Shuffling](Encryption%20Methods/payload_shuffling) | Payload shuffling techniques. |
| [ECC Encryption](Encryption%20Methods/ecc_shellcode_exec) | Encrypt/decrypt shellcodes using ECC. |
| [SystemFunction032/033](Encryption%20Methods/SystemFunction032_033) | Encrypt/decrypt shellcode using undocumented WinAPI. |
## Walkthrough
- **New to Rust?** Follow the [compilation guide](deps.md).
- **Compile Source Code**: See [README](deps.md).
- **Clean PoCs Recursively**: Use [commands](CLEAN.md).
- **Cross-Compilation with Docker**: Refer to [README](docker.md).
## Related Blogs
- [Malware Development Essentials Part 1](https://medium.com/system-weakness/malware-development-essentials-part-1-5f4626652ed9)
- [Rust for Cybersecurity and Red Teaming](https://infosecwriteups.com/rust-for-cyber-security-and-red-teaming-275595d3fdec)
- [DLL Injection Using Rust](dll_injection)
## Download as .Zip File
Download the repository: [Link](https://download.5mukx.site/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development)
## Contributing to Rust for Malware Development
We welcome contributions to the [Rust for Malware Development repository](https://github.com/Whitecat18/Rust-for-Malware-Development). To contribute, please follow these steps:
1. Fork the repository.
2. Create a new branch: `git checkout -b `.
3. Make your changes and commit them: `git commit -m ''`.
4. Push your changes to your branch: `git push origin `.
5. Submit a pull request.
If you have any questions about contributing, refer to the [GitHub documentation](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests) for more details or contact me on Twitter [@5mukx](https://x.com/5mukx).