Menagerie
Cross-platform malware development library for anti-analysis techniques
Install / Use
/learn @archival-0x/MenagerieREADME
The Anti-Analysis Menagerie
Cross-platform malware development library for anti-analysis techniques.
Design Goals
- Provide a rich and convenient interface for defensive evasion for Golang, a popular choice for red teams and malware engineers.
- Use as a learning resource for both attack and mitigation, and a collaborative project to contribute new techniques
Techniques Supported
Debugger Detection:
// Most standard debugger checks for each platform
func CheckDebuggerBasic()
// Breakpoints: exception and checksums
func CheckThrowBreakpoint()
func BreakpointChecksumAt(ptr interface{})
func CheckHardwareBreakpoints() // Win only!
// Process Mappings Check
func CheckMemoryFingerprint()
// Parent Process Fingerprinting
func CheckParentTracer()
Virtual Machine Detection:
// Profile CPUID for VM features
func CheckCPUIDIsVM()
func CheckCPUIDHypervisor()
// VM Process Enumeration (WIP)
func CheckVMProcesses()
Telemetry Monitoring Detection:
// Linux Only - requires dynamically linking journald
func CheckEbpfTracer()
Contributing
Have another technique you want curated? Create a pull request!
Related Skills
node-connect
347.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
107.8kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.0kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.0kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
