detection

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2024 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

VMDetect, a go script to discover virtual environments Copyright (C) 2024 CyberHotline - Mohab Gabber

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

VMDetect, a go script to discover virtual environments Copyright (C) 2024 CyberHotline - Mohab Gabber

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Index

Constants

This section is empty.

Variables

View Source 
var G sync.WaitGroup

The wait group is used to make sure execution does not end before all routines have finished executing

View Source 
var VB = make(chan bool, 100) // VirtualBox

buffered channels that will receive the results of the various checks performed against the machine

View Source 
var VM = make(chan bool, 100) // VMware

Functions

func CheckMacAddr 

func CheckMacAddr(addr string, m chan bool)

CheckMacAddr compares network interfaces on the device against a known set of default mac addresses used by VM platforms.

func FileAccessible 

func FileAccessible(path string, m chan bool)

FileAccessible is used to check if a file is accessible or not. mainly utilized to check if the "vmdetect_data.json" exists or not, and to see if VM related files exist.

func IsVM 

func IsVM()

IsVM the function that starts the checks

func LogWriter 

func LogWriter(value string)

LogWriter creates & appends all retrieved data to a file named vmdetect_log.txt in the current working directory.

func ProcessEnum 

func ProcessEnum(proc string, m chan bool)

ProcessEnum enumerates the processes on the system to check if a process relating to a VM exists.

func QueryReg 

func QueryReg(hive, path, key, checkFor string, m chan bool)

QueryReg parses important registry keys which can be used to differentiate between virtual machines and normal operating systems.

func ServiceEnum 

func ServiceEnum(serv string, m chan bool)

ServiceEnum enumerates the services on the sytem to check if a service relating to a VM exists.

func VboxCheck 

func VboxCheck()

VboxCheck starts the check for virtualbox artefacts. Uses for loops with go routines.

func VmwareCheck 

func VmwareCheck()

VmwareCheck runs the check for vmware artefacts. Uses for loops with go routines.

Types

type Data 

type Data struct {
	Vbox struct {
		RegistryKeys []struct {
			RegPath  string `json:"regPath"`
			RegKey   string `json:"regKey"`
			RegValue string `json:"regValue"`
			Hive     string `json:"hive"`
		} `json:"registryKeys"`
		Files     []string `json:"files"`
		Processes []string `json:"processes"`
		Services  []string `json:"services"`
		Mac       []string `json:"mac"`
	} `json:"vbox"`
	Vmware struct {
		RegistryKeys []struct {
			RegPath  string `json:"regPath"`
			RegKey   string `json:"regKey"`
			RegValue string `json:"regValue"`
			Hive     string `json:"hive"`
		} `json:"registryKeys"`
		Files     []string `json:"files"`
		Processes []string `json:"processes"`
		Services  []string `json:"services"`
		Mac       []string `json:"mac"`
	} `json:"vmware"`
}

* Data struct contains the registry, file and other data that can be used to identify a VM. 

var S Data

* This instance of Data will contain data from the "vmdetect_data.json" file.

func (*Data) LoadJson 

func (s *Data) LoadJson()

LoadJson will load the file "vmdetect_data.json" into the S instance.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.