Golang anti-vm framework for Red Team and Pentesters

Related tags

Command Line chacal
Overview

Chacal

Golang anti-vm framework for Red Team and Pentesters

Logo

Let Chacal hidde your malware in your assalt operation!


Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Contact

About The Project

Chacal is an anti-vm framework written in Golang in order to support Red Team and Pentesters in your assalts, in Windows environment!
!!I'm not responsible for your acts!!

Getting Started

Firstly, make sure that your dependencies are satisfied.

Dependencies

Chacal has 3 dependencies:

Installation

In your prompt type

go get github.com/p3tr0v/chacal

Usage

Into your program, import the packages used by Chacal

import (
      "github.com/p3tr0v/chacal/antidebug"
      "github.com/p3tr0v/chacal/antimem"
      "github.com/p3tr0v/chacal/antivm"
    )

Anti-Debugging

"github.com/p3tr0v/chacal/antidebug"
Antidebug package implement strategies to avoid common programs that are used for debugging.

Process

antidebug.ByProcessWatcher() return boolean
This function look for common programs used for inspect process, like processhacker.exe, procmon.exe, xdbg.exe, etc.
Example:

if antidebug.ByProcessWatcher() { // Whether some debugger program founded, enter here.
  // exit or wait
}

Timming

antidebug.ByTimmingDiff(time, int) return boolean
Compare whether the difference between initial and end time is bigger than difference allowed (in seconds). When debugging, some analisys use to take some time into a function. Grab the time just in the begging of the function and later in the end, before go out, and ask Chacal to compare.
Example:

func myFuncHere(){
  initTime := time.Now() // grab the time here
  // do your actions here
  if antidebug.ByTimmingDiff(timeInit, 2){ // if your function takes 2 seconds or more, your malware must be debugged. You chose your time.
    // exit or wait
  }
}

Anti-Memory

"github.com/p3tr0v/chacal/antimem"
Antimem package implement strategies to avoid common programs that are used for inspect memory process.

Memory

antimem.ByMemWatcher() return boolean
This function look for common programs used for inspect memory, like rammap.exe, dumpit.exe, etc.
Example:

if antimem.ByMemWatcher() { // Whether some program used for inspect memory founded, enter here.
  // exit or wait
}

Anti-VM

"github.com/p3tr0v/chacal/antivm"
Antivm package implement strategies to avoid virtualized environment.

Disk size

antivm.BySizeDisk( int ) return boolean
Check total size disk, in GB.
Example:

if antivm.BySizeDisk(100) { // whether total disk size is less than 100 GB, enter here. You chose the size, always in GB.
  // exit or wait
}

Virtual disk

antivm.IsVirtualDisk() boolean
Check whether may be on virtual disk.
Example:

if antivm.IsVirtualDisk() { // If Chacal guess you are on virtual disk, enter here.
  // exit or wait
}

Known virtual MAC Address

antivm.ByMacAddress() boolean
Look for known virtualized MAC Address.
Example:

if antivm.ByMacAddress() { If Chacal guess you are on virtual MAC Address, enter here.
  // exit or wait
}

Contact

Telegram: @p3tr0v
LinkedIn: Test your OSINT skills ;)

You might also like...
Bubble-table - A table component for the Bubble Tea framework
Bubble-table - A table component for the Bubble Tea framework

Bubble-table A table component for the Bubble Tea framework. This is currently m

GTDF-CLI - The official CLI tool to operate with Getting Things Done Framework
GTDF-CLI - The official CLI tool to operate with Getting Things Done Framework

This is the official CLI tool to operate with Getting Things Done Framework. How

Got: Simple golang package and CLI tool to download large files faster 🏃 than cURL and Wget!

Got. Simple and fast concurrent downloader. Installation ❘ CLI Usage ❘ Module Usage ❘ License Comparison Comparison in cloud server: [[email protected]

Golang library with POSIX-compliant command-line UI (CLI) and Hierarchical-configuration. Better substitute for stdlib flag.
Golang library with POSIX-compliant command-line UI (CLI) and Hierarchical-configuration. Better substitute for stdlib flag.

cmdr cmdr is a POSIX-compliant, command-line UI (CLI) library in Golang. It is a getopt-like parser of command-line options, be compatible with the ge

CONTRIBUTIONS ONLY: A Go (golang) command line and flag parser

CONTRIBUTIONS ONLY What does this mean? I do not have time to fix issues myself. The only way fixes or new features will be added is by people submitt

Command Line Alias Manager and Plugin System - Written in Golang
Command Line Alias Manager and Plugin System - Written in Golang

aly - Command Line Alias Manager and Packager Aly offers the simplest way to manage, share, and obtain command line aliases! Warning: This project is

Modern ls command with vscode like File Icon and Git Integrations. Written in Golang
Modern ls command with vscode like File Icon and Git Integrations. Written in Golang

logo-ls modern ls command with beautiful Icons and Git Integrations . Written in Golang Command and Arguments supported are listed in HELP.md Table of

A golang library for building interactive prompts with full support for windows and posix terminals.
A golang library for building interactive prompts with full support for windows and posix terminals.

Survey A library for building interactive prompts on terminals supporting ANSI escape sequences. package main import ( "fmt" "github.com/Alec

Small, fast library to create ANSI colored strings and codes. [go, golang]

ansi Package ansi is a small, fast library to create ANSI colored strings and codes. Install Get it go get -u github.com/mgutz/ansi Example import "gi

Owner
p3tr0v
p3tr0v
API con información de servicios del sistema de transporte público metropolitano de Santiago (Red y Metro)

APIs de Transporte Público en Santiago Saldo Bip! Permite obtener el saldo de una tarjeta Bip!, consultándolo en el sitio de RedBip!. Ejemplo: https:/

null 7 Sep 1, 2022
CLI written on golang for JT Framework

Installation Linux & Mac OS (64-bit) Global sh -c "$(curl -fsSL https://raw.githubusercontent.com/jarvis-technologies/cli/main/install.sh)" Local Linu

jarvis-technologies 1 Jan 3, 2022
Dinogo is an CLI framework for build terminal and shell applications in Go.

dinogo Dinogo is an CLI framework for build terminal and shell applications in Go. Features Cross Platform Fast and efficient Keyboard API Enable/Disa

Mertcan Davulcu 10 Aug 29, 2022
Highly customizable and lightweight Go CLI app framework 👌

Nice ?? Nice is a highly customizable and lightweight framework for crafting CLI apps. Nice respects idiomatic Go code and focuses to be clear, effici

Aleksandr Krivoshchekov 202 Sep 19, 2022
Another CLI framework for Go. It works on my machine.

Command line interface framework Go framework for rapid command line application development

Ulrich Kautz 117 Sep 1, 2022
A powerful little TUI framework 🏗

Bubble Tea The fun, functional and stateful way to build terminal apps. A Go framework based on The Elm Architecture. Bubble Tea is well-suited for si

Charm 15.1k Oct 3, 2022
Fiber v2 ,web framework for go.

go run main.go Liveness Probe cat /tmp/live echo $? output = 0 ,status = up Method RelativePath CURL GET /healthz http://127.0.0.1:8080/healthz GET

sing3demons 0 Jan 10, 2022
This repository contains example apps created using GoCondor framework

Examples This repository contains example apps created using GoCondor framework what are the examples? 1- Todo API A todo api with the below routes:

Go Condor 0 May 7, 2021
Basic usage of Vecty framework examples.

vecty-examples Basic usage of Vecty framework examples. Instructions Change directory to the folder with the example you wish to run Run wasmserve. To

Patricio Whittingslow 1 Jun 20, 2022
Vfkit - Simple command line tool to start VMs through virtualization framework

vfkit - Simple command line tool to start VMs through virtualization framework v

Christophe Fergeau 0 Jul 25, 2022