Golang evasion tool, execute-assembly .Net file

Overview

Doge-Assembly

  • 🐸 Frog For Automatic Scan

  • 🐶 Doge For Defense Evasion&Offensive Security

Doge-Assembly

Golang evasion tool, execute-assembly .Net file

Intro

Are you still worrying about antivirus?

feature

使用Golang execute assembly加载C#程序

C#程序编译为静态资源文件,使用AES加密,使用时最好替换自定义密钥

clr.dll进程注入的过程采用direct syscall进行api调用

若想增强免杀效果可自行添加:

反沙箱反调试等相关代码

Blockdlls

parent-process-id-spoofing

写的较为仓促,希望能有大佬帮忙优化

Usage

cd encrypt
go build

you can change sharp.exe to other C# exe file

./encrypt.exe ./sharp.exe

copy sharp.exe.cipher to bin/

cd ..
go-bindata data/
go build

demo sharp.exe is SharpChromium.exe

ref

资源文件加载:

golang 的 execute assembly 实现:

bananaphone, golang hells gate:

screenshot

PS D:\Doge-Assembly> .\Doge-Assembly.exe
Decrypt Success...

dll: 19968
bin: 584704

Dynamic Evasion
Please Wait for 10 seconds......
2481571495936
BananaPhone: Allocated 20480bytes at 0x241C9300000
BananaPhone: Wrote 20480bytes at 0x241C9300000
2481571561472
BananaPhone: Allocated 585728bytes at 0x241C9310000
BananaPhone: Wrote 584715bytes at 0x241C9310000
2021/03/09 16:37:29 Got thread handle: 404

out:
[X] Invalid argument passed:

Usage:
    .\SharpChromium.exe arg0 [arg1 arg2 ...]

Arguments:
    all       - Retrieve all Chromium Cookies, History and Logins.
    full      - The same as 'all'
    logins    - Retrieve all saved credentials that have non-empty passwords.
    history   - Retrieve user's history with a count of each time the URL was
                visited, along with cookies matching those items.
    cookies [domain1.com domain2.com] - Retrieve the user's cookies in JSON format.
                                        If domains are passed, then return only
                                        cookies matching those domains. Otherwise,
                                        all cookies are saved into a temp file of
                                        the format "%TEMP%\$browser-cookies.json"


err:

🚀 Star Trend

Stargazers over time

You might also like...
Compiler for a small language into x86-64 Assembly

Compiler This project is a small compiler, that compiles my own little language into X86-64 Assembly. It then uses yasm and ld to assemble and link in

Generate x86 Assembly with Go

Generate x86 Assembly with Go avo makes high-performance Go assembly easier to write, review and maintain. The avo package presents a familiar assembl

Compiler for a small language into x86-64 Assembly

Compiler This project is a small compiler, that compiles my own little language into X86-64 Assembly. It then uses yasm and ld to assemble and link in

Assembly syntax that makes you feel like you're writing code in a high-level language.

shasm Assembly syntax that makes you feel like you're writing code in a high-level language. Shasm is not an Assembler. Shasm simply compiles Shasm sy

Framework for building distributed services with Web Assembly
Framework for building distributed services with Web Assembly

Tarmac Framework for building distributed services with Web Assembly Tarmac is a unique framework designed for the next generation of distributed syst

Assembly-optimized MD4 hash algorithm in Go

md4 MD4 hash algorithm in Go. Assembly-optimized for amd64 platforms. MD4 is cryptographically broken and should should only be used where compatibili

A program to create assembly 8086 strings to print without using any printing/strings related function but only mov-xchg-int and loops

Assembly String builder tool A program to create assembly 8086 strings to print without using any printing/strings related function but only mov-xchg-

RISC-V meta assembler that adds quality of life features to assembly

Lox language TODOs (Partially complete) unreachable code. if a "return" has been found in a local scope and we encounter other code directly following

This is a simple file storage server.  User can upload file,  delete file and list file on the server.
This is a simple file storage server. User can upload file, delete file and list file on the server.

Simple File Storage Server This is a simple file storage server. User can upload file, delete file and list file on the server. If you want to build a

xc : eXeCute project tasks from a readme file

xc - eXeCute project tasks from a readme file Installation go install github.com/joe-davidson1802/xc/cmd/[email protected] Tasks get: get dependencies of the

Godbolt console wrapper for easily execute local file without any security risk and compiler.

Godbolt CLI Godbolt console wrapper for easily execute local file without any security risk and compiler. Install Compile the source code and add to y

Pryrite, interactively execute shell code blocks in a markdown file
Pryrite, interactively execute shell code blocks in a markdown file

Pryrite Pryrite is a command line tool that interactively runs executable blocks in a markdown file. One can think of pryrite as a console REPL/debugg

Command-line tool to remotely execute commands on Windows machines through WinRM

winrm-cli This is a Go command-line executable to execute remote commands on Windows machines through the use of WinRM/WinRS. Note: this tool doesn't

CLI tool that can execute SQL queries on CSV, LTSV, JSON and TBLN. Can output to various formats.
CLI tool that can execute SQL queries on CSV, LTSV, JSON and TBLN. Can output to various formats.

trdsql CLI tool that can execute SQL queries on CSV, LTSV, JSON and TBLN. It is a tool like q, textql and others. The difference from these tools is t

red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.
red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel with certain experience.

Red Team TL;DR English | 中文简体 What is Red Team TL;DR ? red-tldr is a lightweight text search tool, which is used to help red team staff quickly find t

 ZheTian Powerful remote load and execute ShellCode tool
ZheTian Powerful remote load and execute ShellCode tool

ZheTian ZheTian Powerful remote load and execute ShellCode tool 免杀shellcode加载框架 命令详解 -u:从远程服务器加载base64混淆后的字节码。 -r:从本地文件内读。 -s:读取无修改的原始文件,只能从本地加载 -o:参数

Dotnet-appsettings-env - Convert .NET appsettings.json file to Kubernetes, Docker and Docker-Compose environment variables

dotnet-appsettings-env Convert .NET appsettings.json file to Kubernetes, Docker

Dotnet-appsettings-env - Convert .NET appsettings.json file to Kubernetes, Docker and Docker-Compose environment variables

dotnet-appsettings-env Convert .NET appsettings.json file to Kubernetes, Docker

🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀

Golang SSH Client. Fast and easy golang ssh client module. Goph is a lightweight Go SSH client focusing on simplicity! Installation ❘ Features ❘ Usage

Releases(v0.2.0)
Owner
TimWhite
Offensive Security Researcher / Bug Hunter.
TimWhite
An ordinary differential equation solving library in golang.

ode An ordinary differential equation solving library in golang. Features Multi-dimensional state vector (i.e. extended states) Channel based stopping

Chris 20 Oct 19, 2022
Types and utilities for working with 2d geometry in Golang

orb Package orb defines a set of types for working with 2d geo and planar/projected geometric data in Golang. There are a set of sub-packages that use

Paul Mach 604 Dec 7, 2022
A well tested and comprehensive Golang statistics library package with no dependencies.

Stats - Golang Statistics Package A well tested and comprehensive Golang statistics library / package / module with no dependencies. If you have any s

Montana Flynn 2.6k Dec 3, 2022
:wink: :cyclone: :strawberry: TextRank implementation in Golang with extendable features (summarization, phrase extraction) and multithreading (goroutine) support (Go 1.8, 1.9, 1.10)

TextRank on Go This source code is an implementation of textrank algorithm, under MIT licence. The minimum requred Go version is 1.8. MOTIVATION If th

David Belicza 167 Nov 27, 2022
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Tylous 698 Nov 29, 2022
The Bhojpur Ara is a software product used for automated resource assembly within Bhojpur.NET Platform ecosystem to enable delivery of applications and services.

Bhojpur Ara - Automated Resource Assembly The Bhojpur Ara is a service product used for automated resource assembly within the Bhojpur.NET Platform ec

Bhojpur Consulting 0 Apr 28, 2022
An efficient Go Rapid Product Assembly system used within the Bhojpur.NET Platform ecosystem.

Bhojpur GoRPA - Builder, Packager, Assembler An efficient Go-based Rapid Product Assembly software tool used within the Bhojpur.NET Platform ecosystem

Bhojpur Consulting 0 Apr 28, 2022
Nhat Tran 0 Feb 10, 2022
Go package to simulate bandwidth, latency and packet loss for net.PacketConn and net.Conn interfaces

lossy Go package to simulate bandwidth, latency and packet loss for net.PacketConn and net.Conn interfaces. Its main usage is to test robustness of ap

Cevat Barış Yılmaz 313 Oct 14, 2022
Go Lang Web Assembly bindings for DOM, HTML etc

WebAPI Go Language Web Assembly bindings for DOM, HTML etc WARNING: The current API is in very early state and should be consider to be expremental. T

Go Web API 129 Nov 29, 2022