-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathmain.go
125 lines (108 loc) · 4.49 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import (
"log"
// AntiDebug
"github.com/EvilBytecode/GoDefender/AntiDebug/CheckBlacklistedWindowsNames"
"github.com/EvilBytecode/GoDefender/AntiDebug/InternetCheck"
"github.com/EvilBytecode/GoDefender/AntiDebug/IsDebuggerPresent"
"github.com/EvilBytecode/GoDefender/AntiDebug/KillBadProcesses"
"github.com/EvilBytecode/GoDefender/AntiDebug/ParentAntiDebug"
"github.com/EvilBytecode/GoDefender/AntiDebug/RunningProcesses"
"github.com/EvilBytecode/GoDefender/AntiDebug/RemoteDebugger"
"github.com/EvilBytecode/GoDefender/AntiDebug/pcuptime"
// AntiVirtualization
"github.com/EvilBytecode/GoDefender/AntiVirtualization/KVMCheck"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/MonitorMetrics"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/RecentFileActivity"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/TriageDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/UsernameCheck"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/VirtualboxDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/VMWareDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/USBCheck"
// ProcessRelatedTool
//"github.com/EvilBytecode/GoDefender/Process/CriticalProcess"
)
func main() {
// AntiDebug checks
if connected, _ := InternetCheck.CheckConnection(); connected {
log.Println("[DEBUG] Internet connection is present")
} else {
log.Println("[DEBUG] Internet connection isn't present")
}
if parentAntiDebugResult := ParentAntiDebug.ParentAntiDebug(); parentAntiDebugResult {
log.Println("[DEBUG] ParentAntiDebug check failed")
} else {
log.Println("[DEBUG] ParentAntiDebug check passed")
}
if runningProcessesCountDetected, _ := RunningProcesses.CheckRunningProcessesCount(50); runningProcessesCountDetected {
log.Println("[DEBUG] Running processes count detected")
} else {
log.Println("[DEBUG] Running processes count passed")
}
if pcUptimeDetected, _ := pcuptime.CheckUptime(1200); pcUptimeDetected {
log.Println("[DEBUG] PC uptime detected")
} else {
log.Println("[DEBUG] PC uptime passed")
}
KillBadProcesses.KillProcesses()
CheckBlacklistedWindowsNames.CheckBlacklistedWindows()
// Other AntiDebug checks
if isDebuggerPresentResult := IsDebuggerPresent.IsDebuggerPresent1(); isDebuggerPresentResult {
log.Println("[DEBUG] Debugger presence detected")
} else {
log.Println("[DEBUG] Debugger presence passed")
}
if remoteDebuggerDetected, _ := RemoteDebugger.RemoteDebugger(); remoteDebuggerDetected {
log.Println("[DEBUG] Remote debugger detected")
} else {
log.Println("[DEBUG] Remote debugger passed")
}
//////////////////////////////////////////////////////
// AntiVirtualization checks
if recentFileActivityDetected, _ := RecentFileActivity.RecentFileActivityCheck(); recentFileActivityDetected {
log.Println("[DEBUG] Recent file activity detected")
} else {
log.Println("[DEBUG] Recent file activity passed")
}
if vmwareDetected, _ := VMWareDetection.GraphicsCardCheck(); vmwareDetected {
log.Println("[DEBUG] VMWare detected")
} else {
log.Println("[DEBUG] VMWare passed")
}
if virtualboxDetected, _ := VirtualboxDetection.GraphicsCardCheck(); virtualboxDetected {
log.Println("[DEBUG] Virtualbox detected")
} else {
log.Println("[DEBUG] Virtualbox passed")
}
if kvmDetected, _ := KVMCheck.CheckForKVM(); kvmDetected {
log.Println("[DEBUG] KVM detected")
} else {
log.Println("[DEBUG] KVM passed")
}
if blacklistedUsernameDetected := UsernameCheck.CheckForBlacklistedNames(); blacklistedUsernameDetected {
log.Println("[DEBUG] Blacklisted username detected")
} else {
log.Println("[DEBUG] Blacklisted username passed")
}
if triageDetected, _ := TriageDetection.TriageCheck(); triageDetected {
log.Println("[DEBUG] Triage detected")
} else {
log.Println("[DEBUG] Triage passed")
}
if isScreenSmall, _ := MonitorMetrics.IsScreenSmall(); isScreenSmall {
log.Println("[DEBUG] Screen size is small")
} else {
log.Println("[DEBUG] Screen size is not small")
}
// USBCheck
if usbPluggedIn, err := USBCheck.PluggedIn(); err != nil {
log.Println("[DEBUG] Error checking USB devices:", err)
} else if usbPluggedIn {
log.Println("[DEBUG] USB devices have been plugged in, check passed.")
} else {
log.Println("[DEBUG] No USB devices detected")
}
//PROGRAM RELATED TOOLS (need admin)
//programutils.SetDebugPrivilege()
//programutils.SetProcessCritical()
}