Popularity
7.5
Stable
Activity
0.0
Declining
852
37
185
Description
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
Programming language: Go
License: The Unlicense
ToRat alternatives and similar packages
Based on the "Security" category.
Alternatively, view ToRat alternatives based on common mentions on social networks and blogs.
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. -
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) -
-
-
CertMagic
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal -
memguard
Secure software enclave for storage of sensitive information in memory. -
acmetool
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt) -
Themis by Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
Coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library -
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. -
dongle
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption -
-
go-password-validator
Validate the Strength of a Password in Go -
beelzebub
A secure low code honeypot framework, leveraging AI for System Virtualization. -
-
firewalld-rest
A rest application to update firewalld rules on a linux server -
passlib
:key: Idiotproof golang password validation library inspired by Python's passlib -
BadActor
BadActor.org An in-memory application driven jailer written in Go -
simple-scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go ๐ -
teler-waf
teler-waf is a Go HTTP middleware that provides teler IDS functionality. -
argon2pw
Argon2 password hashing package for go with constant time hash comparison -
goSecretBoxPassword
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase. -
go-generate-password
Password generator written in Golang, usable as a CLI or Go library. Provides options for human readable and accessibility friendly passwords. -
Credman
Simple and secure credential/password management with extra steps in Go! -
secureio
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer. -
sslmgr
A layer of abstraction the around acme/autocert certificate manager (Golang) -
goArgonPass
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. -
argon2-hashing
A light package for generating and comparing password hashing with argon2 in Go -
Go random string generator
Flexible and customizable random string generator
Collect and Analyze Billions of Data Points in Real Time
Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
Promo
www.influxdata.com
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of ToRat or a related project?
|
Learn any GitHub repo in 59 seconds
sponsored
getonboard.dev
|
Popular Comparisons
|
SaaSHub - Software Alternatives and Reviews
sponsored
www.saashub.com
|
README
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
DISCLAIMER
USE FOR EDUCATIONAL PURPOSES ONLY
Wiki
Preview
Client Commands
| Command | Info |
|---|---|
| cd | change the working directory of the client |
| ls | list the content of the working directory of the client |
| shred | delete files/ directories unrecoverable |
| screen | take a Screenshot of the client |
| cat | view Textfiles from the client including .docx, .rtf, .pdf, .odt |
| alias | give the client a custom alias |
| down | download a file from the client |
| up | upload a file to the client |
| speedtest | speedtest a client's internet connection |
| hardware | collects a variety of hardware specs from the client |
| netscan | scans a clients entire network for online devices and open ports |
| gomap | scan a local ip on a clients network for open ports and services |
| escape | escape a command and run it in a native shell on the client |
| reconnect | tell the client to reconnect |
| help | lists possible commands with usage info |
| exit | background current session and return to main shell |
Server Commands
| Command | Info |
|---|---|
| select | select client to interact with |
| list | list all connected clients |
| alias | select client to give an alias |
| cd | change the working directory of the server |
| help | lists possible commands with usage info |
| exit | exit the server |
Current Features
Architecture
- RPC (Remote procedure Call) based communication for easy addition of new functionality
- Automatic upx leads to client binaries of ~6MB with embedded Tor
- sqlite via gorm for storing information about the clients
- client is obfuscated via garble
Server Shell
- Cross Platform reverse shell (Windows, Linux, Mac OS)
- Supports multiple connections
- Welcome Banner
- Colored Output
Tab-Completion of:
- Commands
- Files/ Directories in the working directory of the server
Unique persistent ID for every client
- give a client an Alias
- all Downloads from client get saved to ./$ID/$filename
Persistence
Windows:
- [ ] Multiple User Account Control Bypasses (Privilege escalation)
- [ ] Multiple Persistence methods (User, Admin)
Linux:
- [ ] Multiple Persistence methods (User, Admin)
Tor
Fully embedded Tor within go
the ToRAT_client communicates over TLS encrypted RPC proxied through Tor with the ToRat_server (hidden service)
- [x] anonymity of client and server
- [x] end-to-end encryption
optional transport without Tor e.g. Use Tor2Web, a DNS Hostname or public/ local IP
- [x] smaller binary ~3MB upx'ed
- [ ] anonymity of client and server
Upcoming Features
- [ ] Bulk Commands
- [ ] Persistence and privilege escalation for Linux
- [ ] Persistence and privilege escalation for Mac OS
- [ ] Support for Android and iOS (needs fix of https://github.com/ipsn/go-libtor/issues/12)
- [ ] File-less Persistence on Windows
Contribution
All contributions are welcome you don't need to be an expert in Go to contribute.
You may want to join the #torat channel over at the Gophers Slack
Credits
*Note that all licence references and agreements mentioned in the ToRat README section above
are relevant to that project's source code only.