Description
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
ToRat alternatives and similar packages
Based on the "Security" category.
Alternatively, view ToRat alternatives based on common mentions on social networks and blogs.
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) -
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. -
Themis by Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. -
teler-waf
teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks. -
go-peer
๐ Library for developing secure, decentralized, anonymous and quantum-resistant networks in Go language -
simple-scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go ๐ -
passwap
Package passwap provides a unified implementation between different password hashing algorithms. It allows for easy swapping between algorithms, using the same API for all of them. -
goSecretBoxPassword
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase. -
go-generate-password
Password generator written in Golang, usable as a CLI or Go library. Provides options for human readable and accessibility friendly passwords. -
secureio
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer. -
goArgonPass
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt.
CodeRabbit: AI Code Reviews for Developers

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of ToRat or a related project?
README
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients.
DISCLAIMER
USE FOR EDUCATIONAL PURPOSES ONLY
Wiki
Preview
Client Commands
Command | Info |
---|---|
cd | change the working directory of the client |
ls | list the content of the working directory of the client |
shred | delete files/ directories unrecoverable |
screen | take a Screenshot of the client |
cat | view Textfiles from the client including .docx, .rtf, .pdf, .odt |
alias | give the client a custom alias |
down | download a file from the client |
up | upload a file to the client |
speedtest | speedtest a client's internet connection |
hardware | collects a variety of hardware specs from the client |
netscan | scans a clients entire network for online devices and open ports |
gomap | scan a local ip on a clients network for open ports and services |
escape | escape a command and run it in a native shell on the client |
reconnect | tell the client to reconnect |
help | lists possible commands with usage info |
exit | background current session and return to main shell |
Server Commands
Command | Info |
---|---|
select | select client to interact with |
list | list all connected clients |
alias | select client to give an alias |
cd | change the working directory of the server |
help | lists possible commands with usage info |
exit | exit the server |
Current Features
Architecture
- RPC (Remote procedure Call) based communication for easy addition of new functionality
- Automatic upx leads to client binaries of ~6MB with embedded Tor
- sqlite via gorm for storing information about the clients
- client is obfuscated via garble
Server Shell
- Cross Platform reverse shell (Windows, Linux, Mac OS)
- Supports multiple connections
- Welcome Banner
- Colored Output
Tab-Completion of:
- Commands
- Files/ Directories in the working directory of the server
Unique persistent ID for every client
- give a client an Alias
- all Downloads from client get saved to ./$ID/$filename
Persistence
Windows:
- [ ] Multiple User Account Control Bypasses (Privilege escalation)
- [ ] Multiple Persistence methods (User, Admin)
Linux:
- [ ] Multiple Persistence methods (User, Admin)
Tor
Fully embedded Tor within go
the ToRAT_client communicates over TLS encrypted RPC proxied through Tor with the ToRat_server (hidden service)
- [x] anonymity of client and server
- [x] end-to-end encryption
optional transport without Tor e.g. Use Tor2Web, a DNS Hostname or public/ local IP
- [x] smaller binary ~3MB upx'ed
- [ ] anonymity of client and server
Upcoming Features
- [ ] Bulk Commands
- [ ] Persistence and privilege escalation for Linux
- [ ] Persistence and privilege escalation for Mac OS
- [ ] Support for Android and iOS (needs fix of https://github.com/ipsn/go-libtor/issues/12)
- [ ] File-less Persistence on Windows
Contribution
All contributions are welcome you don't need to be an expert in Go to contribute.
You may want to join the #torat
channel over at the Gophers Slack
Credits
*Note that all licence references and agreements mentioned in the ToRat README section above
are relevant to that project's source code only.