GoSpy
A cross-platform remote access tool
Disclaimer
This project should be used for authorized testing or educational purposes only, it is the final user's responsibility to obey all applicable local, state, and federal laws.
Authors assume no liability and are not responsible for any misuse or damage caused by this program.
Usage
GoSpy consists of 2 binaries, the client is what you execute on your target machine, and the server is what you run on your machine to interact with the client.
Features
- Cross-platform with
CGO_ENABLED=0(should compile to any target that Go supports) - Safe error handling so the client / server won't suddenly drop if an error occurs
- Automatic reconnect for both client and server
- Reverse shell
- Smarter shell detection that allows the user to select the shell to use
- File grab (send a file from the client to the server)
- Allow file paths that contain spaces (same for file drop)
- File drop (send a file from the server to the client)
- Delete command that removes GoSpy binary from client
- Use UDP broadcasts for discovery
- Execute Lua scripts on target machine using gopher-lua (Useful if you have managed to execute the client on your target but (for whatever reason) the reverse shell can't execute things / isn't working)
- More?
- SSL/TLS?
Screenshot
Architecture
The client maintains a main connection to the server, nicknamed CmdCon. This is only used to exchange commands and
arguments.
Any other time data needs to be transferred, a new connection is initiated (e.g. when sending a file). This means that if anything goes wrong (e.g. a file read/write error) then the connection can just be closed instead of having to deal with complicated communication logic (e.g. letting the client know an error ocurred when it's trying to send file data).
Credits
- gopherize.me for the icon
- c-bata/go-prompt for the interactive prompt on the server
- vfedoroff/go-netcat for some reverse shell net logic