detection

package

v1.0.0 Latest Latest Go to latest Published: May 16, 2024 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cyberhotline/vmdetect

Links

Open Source Insights

Documentation ¶

Overview ¶

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Index ¶

Variables
func CheckMacAddr(addr string, m chan bool)
func FileAccessible(path string, m chan bool)
func IsVM()
func LogWriter(value string)
func ProcessEnum(proc string, m chan bool)
func QueryReg(hive, path, key, checkFor string, m chan bool)
func ServiceEnum(serv string, m chan bool)
func VboxCheck()
func VmwareCheck()
type Data
- func (s *Data) LoadJson()

Constants ¶

This section is empty.

Variables ¶

View Source

var G sync.WaitGroup

The wait group is used to make sure execution does not end before all routines have finished executing

View Source

var VB = make(chan bool, 100) // VirtualBox

buffered channels that will receive the results of the various checks performed against the machine

View Source

var VM = make(chan bool, 100) // VMware

Functions ¶

func CheckMacAddr ¶

func CheckMacAddr(addr string, m chan bool)

CheckMacAddr compares network interfaces on the device against a known set of default mac addresses used by VM platforms.

func FileAccessible ¶

func FileAccessible(path string, m chan bool)

FileAccessible is used to check if a file is accessible or not. mainly utilized to check if the "vmdetect_data.json" exists or not, and to see if VM related files exist.

func IsVM ¶

func IsVM()

IsVM the function that starts the checks

func LogWriter ¶

func LogWriter(value string)

LogWriter creates & appends all retrieved data to a file named vmdetect_log.txt in the current working directory.

func ProcessEnum ¶

func ProcessEnum(proc string, m chan bool)

ProcessEnum enumerates the processes on the system to check if a process relating to a VM exists.

func QueryReg ¶

func QueryReg(hive, path, key, checkFor string, m chan bool)

QueryReg parses important registry keys which can be used to differentiate between virtual machines and normal operating systems.

func ServiceEnum ¶

func ServiceEnum(serv string, m chan bool)

ServiceEnum enumerates the services on the sytem to check if a service relating to a VM exists.

func VboxCheck ¶

func VboxCheck()

VboxCheck starts the check for virtualbox artefacts. Uses for loops with go routines.

func VmwareCheck ¶

func VmwareCheck()

VmwareCheck runs the check for vmware artefacts. Uses for loops with go routines.

Types ¶

type Data ¶

type Data struct {
	Vbox struct {
		RegistryKeys []struct {
			RegPath  string `json:"regPath"`
			RegKey   string `json:"regKey"`
			RegValue string `json:"regValue"`
			Hive     string `json:"hive"`
		} `json:"registryKeys"`
		Files     []string `json:"files"`
		Processes []string `json:"processes"`
		Services  []string `json:"services"`
		Mac       []string `json:"mac"`
	} `json:"vbox"`
	Vmware struct {
		RegistryKeys []struct {
			RegPath  string `json:"regPath"`
			RegKey   string `json:"regKey"`
			RegValue string `json:"regValue"`
			Hive     string `json:"hive"`
		} `json:"registryKeys"`
		Files     []string `json:"files"`
		Processes []string `json:"processes"`
		Services  []string `json:"services"`
		Mac       []string `json:"mac"`
	} `json:"vmware"`
}

* Data struct contains the registry, file and other data that can be used to identify a VM.

var S Data

* This instance of Data will contain data from the "vmdetect_data.json" file.

func (*Data) LoadJson ¶

func (s *Data) LoadJson()

LoadJson will load the file "vmdetect_data.json" into the S instance.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL