Skip to content

omaidf/go-malware

BranchesTags

Repository files navigation

Go Malware Examples

Go Version License Educational

⚠️ WARNING: Educational Purpose Only ⚠️

This repository contains examples of malware techniques implemented in Go for educational purposes. These examples are meant to help security professionals and researchers understand how malware works. DO NOT use this code for malicious purposes.

Table of Contents

Overview

This project implements several common malware techniques in Go, demonstrating various attack vectors and persistence mechanisms. Each example is self-contained and includes detailed documentation. The code is designed to be educational, showing how these techniques work while emphasizing proper security practices and ethical considerations.

Features

1. Process Injection

  • DLL injection into target processes
  • Memory allocation and manipulation
  • Remote thread creation
  • Proper cleanup and error handling
  • Safe process termination

2. Persistence Mechanisms

  • Registry Run Key manipulation
  • Startup folder installation
  • Permission verification
  • Safe uninstallation procedures
  • Error recovery mechanisms

3. Credential Stealer

  • Windows Credential Manager access
  • Browser credential extraction
  • LSA secrets extraction (placeholder)
  • DPAPI secrets handling (placeholder)
  • Secure encryption of stolen data
  • Safe credential handling

4. Privilege Escalation

  • Token manipulation
  • Service permission abuse
  • DLL hijacking
  • Named pipe impersonation
  • Proper cleanup procedures
  • Permission verification

Requirements

  • Windows operating system (Windows 10/11 recommended)
  • Go 1.21 or later
  • Administrative privileges (for some features)
  • Visual Studio Build Tools (for Windows compilation)
  • Git for version control

Installation

  1. Clone the repository:
git clone https://github.com/omaidf/go-malware
cd go-malware
  1. Install dependencies:
go mod tidy
  1. Build the examples:
# Build all examples
go build ./...

# Or build individual examples
cd ProcessInjection && go build
cd ../Persistence && go build
cd ../CredentialStealer && go build
cd ../PrivilegeEscalation && go build

Usage

Each module can be run independently. Here are the detailed usage instructions for each:

Process Injection

cd ProcessInjection
go build
ProcessInjection.exe <target_pid> <dll_path>

# Example:
ProcessInjection.exe 1234 C:\path\to\your.dll

Persistence

cd Persistence
go build
Persistence.exe <action> <technique>

# Actions:
#   install   - Install persistence
#   uninstall - Remove persistence
#
# Techniques:
#   1 - Registry Run Key
#   2 - Startup Folder
#
# Example:
Persistence.exe install 1

Credential Stealer

cd CredentialStealer
go build
CredentialStealer.exe <technique>

# Techniques:
#   1 - Windows Credential Manager
#   2 - Browser Credentials
#   3 - LSA Secrets (placeholder)
#   4 - DPAPI Secrets (placeholder)
#
# Example:
CredentialStealer.exe 1

Privilege Escalation

cd PrivilegeEscalation
go build
PrivilegeEscalation.exe <technique>

# Techniques:
#   1 - Token Manipulation
#   2 - Service Permissions
#   3 - DLL Hijacking
#   4 - Named Pipe Impersonation
#
# Example:
PrivilegeEscalation.exe 1

Security Features

  • All sensitive data is encrypted using AES-256
  • Proper handle and resource cleanup
  • Error handling and logging
  • Permission verification
  • Safe uninstallation procedures
  • Memory safety checks
  • Input validation
  • Secure credential handling

Project Structure

.
├── ProcessInjection/      # Process injection example
│   └── main.go           # Main implementation
├── Persistence/          # Persistence mechanisms
│   └── main.go           # Main implementation
├── CredentialStealer/    # Credential stealing techniques
│   └── main.go           # Main implementation
├── PrivilegeEscalation/  # Privilege escalation methods
│   └── main.go           # Main implementation
└── pkg/
    └── utils/            # Shared utilities and Windows API wrappers
        └── windows.go    # Windows API utilities

Contributing

We welcome contributions! Please see our Contributing Guidelines for details on how to contribute to this project.

Security

For security-related issues, please see our Security Policy. If you discover a security vulnerability, please follow the responsible disclosure process outlined in the security policy.

Disclaimer

This code is provided for educational purposes only. The authors are not responsible for any misuse or damage caused by this code. Using this code against systems without explicit permission is illegal. Always:

  • Use in controlled environments only
  • Obtain proper authorization
  • Follow applicable laws and regulations
  • Implement additional security measures
  • Document all testing activities

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Golang Virus Examples

Topics

virus malware

Resources

Readme

License

MIT license
Activity

Stars

99 stars

Watchers

3 watching

Forks

26 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages