go-assembly-ldr
go-assembly-ldr is an offensive security tool designed for generating encrypted and obfuscated loaders for .NET assemblies. It supports PowerShell, MSBuild, and InstallUtil loader types, with RC4 or AES encryption, and provides variable obfuscation to evade (some) detection.
WARNING: This tool is for authorized security testing only. Unauthorized use may violate laws and regulations. The author and contributors are not responsible for misuse. Always obtain explicit permission before testing any system.
Features
- Loader Types: Generate PowerShell (
.ps1), MSBuild (.csproj), or InstallUtil (.cs) loaders. - Encryption: Supports RC4 or AES (256-bit) encryption for assembly payloads.
- Obfuscation: Randomizes variable names in generated loaders to hinder static analysis.
- Cross-Platform Builds: Makefile supports building for Linux, Windows, and macOS (amd64, 386, arm64).
- Customizable: Configurable key length, obfuscation length, and .NET architecture (x86/x64 for MSBuild).
Installation
Prerequisites
- Go: Version 1.21 or later.
- Make: For building with the provided Makefile.
- Git: To clone the repository.
Steps
- Clone the repository:
$ git clone https://github.com/heqnx/go-assembly-ldr.git
$ cd go-assembly-ldr
- Install dependencies:
$ go mod tidy
- Build for all platforms:
$ make all
- Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64
- (Optional) Run directly with Go:
$ go run main.go -f <input_file> -t <loader_type> -e <encryption_type>
Usage
Command-Line Flags
Usage of ./go-assembly-ldr-<platform>-<arch>:
-dotnet-architecture string
.net architecture for msbuild: x86|x64 (default "x64")
-e string
encryption type: rc4|aes (default "rc4")
-f string
input file path
-key-len int
length of encryption key (default 32)
-obf-len int
length of obfuscated strings (default 8)
-t string
loader type: powershell|msbuild|installutil (default "powershell")
Examples
Generate an PowerShell Loader with AES Encryption
$ build/go-assembly-ldr-linux-amd64 \
-f Rubeus.exe \
-t powershell \
-e aes \
-obf-len 10 \
-key-len 32
-
Output:
Rubeus.exe_reflective.ps1 -
Run with:
powershell -ExecutionPolicy Bypass -File Rubeus.exe_reflective.ps1 -
Call the assembly method:
[<namespace>.<class>]::<method>("arg1 arg2".Split())
Generate an MSBuild Loader with RC4 Encryption
$ build/go-assembly-ldr-linux-amd64 \
-f Rubeus.exe \
-t msbuild \
-e rc4 \
-obf-len 12 \
-key-len 16 \
-dotnet-architecture x86
-
Output:
Rubeus.exe_msbuild.csproj -
Run with:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe Rubeus.exe_msbuild.csproj -
Modify
string[] <var> = new string[] { "" };in the .csproj to add arguments
Generate an InstallUtil Loader with AES Encryption
$ build/go-assembly-ldr-linux-amd64 \
-f Rubeus.exe \
-t installutil \
-e aes \
-obf-len 8 \
-key-len 32
-
Output:
Rubeus.cs -
Compile with:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /platform:x64 /out:Rubeus.exe Rubeus.cs -
Execute with:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /U /logfile= /LogToConsole=false Rubeus.exe
Automated Releases
Check the GitHub Releases page for the new release with attached binaries.
License
This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details.
Disclaimer
go-assembly-ldr is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments.