Listen to this Post
I’ve been working on GoRAT, a remote access tool written in Golang for post-exploitation and system reconnaissance. It uses a Telegram-based C2 to execute commands remotely, making it useful for red team operations and security research.
Current Features:
- System Reconnaissance – Gather OS details, environment variables, and running processes
- Remote Command Execution – Run shell commands via Telegram
- Clipboard Access – Read clipboard data remotely
- File & Directory Enumeration – List files and directories
- System Resource Monitoring – Fetch CPU, memory, disk, and network stats
- Telegram C2 Integration – Receive and execute commands without direct access
Work in Progress:
- AV & EDR Evasion – Obfuscation, encryption, and AMSI bypass
- Persistence Mechanisms – Registry modifications, scheduled tasks, and cron jobs
- Port & Network Scanning – Expanding reconnaissance capabilities
- Payload Optimization – Reducing binary size and improving stealth
- Data Exfiltration – Gathering additional system and user data
Source Code: GitHub – GoRAT
Practice Verified Codes and Commands:
1. System Reconnaissance:
<h1>Get OS details</h1> uname -a <h1>List environment variables</h1> env <h1>List running processes</h1> ps aux
2. Remote Command Execution:
<h1>Execute a command remotely via SSH</h1> ssh user@remote_host "ls -la"
3. Clipboard Access:
<h1>Read clipboard content on Linux</h1> xclip -o <h1>Read clipboard content on Windows</h1> powershell -command "Get-Clipboard"
4. File & Directory Enumeration:
<h1>List files and directories</h1> ls -la /path/to/directory
5. System Resource Monitoring:
<h1>Monitor CPU usage</h1> top <h1>Monitor memory usage</h1> free -m <h1>Monitor disk usage</h1> df -h <h1>Monitor network stats</h1> ifconfig
6. Telegram C2 Integration:
<h1>Example of sending a message via Telegram API</h1> curl -s -X POST https://api.telegram.org/bot<YOUR_BOT_TOKEN>/sendMessage -d chat_id=<CHAT_ID> -d text="Hello, World!"
What Undercode Say:
GoRAT is a promising tool for red teamers and security researchers, offering a range of features for post-exploitation and system reconnaissance. The integration with Telegram for command and control adds a layer of stealth, making it a valuable asset in offensive security operations. However, the tool is still under development, with several advanced features like AV/EDR evasion and persistence mechanisms yet to be implemented.
For those interested in contributing or experimenting with GoRAT, the source code is available on GitHub. The tool’s current capabilities, such as system reconnaissance and remote command execution, are already functional and can be tested in controlled environments. As the project evolves, it will be interesting to see how it addresses the challenges of modern security defenses, such as advanced endpoint detection and response systems.
In the realm of cybersecurity, tools like GoRAT highlight the importance of understanding both offensive and defensive strategies. For instance, knowing how to enumerate files and directories or monitor system resources can be crucial for both attackers and defenders. Similarly, understanding how to execute commands remotely or access clipboard data can provide insights into potential attack vectors and how to mitigate them.
As the cybersecurity landscape continues to evolve, tools like GoRAT will play a critical role in helping security professionals stay ahead of threats. By continuously improving and expanding its features, GoRAT has the potential to become a staple in the toolkit of red teamers and security researchers alike.
Related Commands:
- Linux:
</li> </ul> <h1>Check open ports</h1> netstat -tuln <h1>Monitor network traffic</h1> tcpdump -i eth0 <h1>Check for rootkits</h1> chkrootkit <h1>Scan for vulnerabilities</h1> nmap -sV -O target_ip
- Windows:
</li> </ul> <h1>List scheduled tasks</h1> schtasks /query <h1>Check firewall status</h1> netsh advfirewall show allprofiles <h1>Monitor network connections</h1> netstat -an <h1>Check for suspicious processes</h1> tasklist /v
For further reading and resources, visit the GoRAT GitHub repository.
References:
Hackers Feeds, Undercode AI

- Windows:


