sandbox_enum is a simple C project that enumerates sandbox environments and sends the collected host information to a remote server.
One key feature is that the compiled binary changes its hash (MD5, SHA256, etc.) each time it is built.
The project’s main focus is to help identify potential gaps in sandbox detections and use them inside loaders/malware during red team engagements.
{
"user": "Administrator",
"computer": "DC01",
"ram_gb": 8,
"disk_gb": 120,
"process_count": 123,
"browser": false,
"debugger": false,
"vm_registry": true,
"vm_cpuid": false,
"vm_timing": true,
"vm_drivers": false,
"vm_procs": false,
"interfaces": "Ethernet0,Loopback Pseudo-Interface 1",
"integrity": "High",
"sha256": "f9ccf455d6084f69c9719657ebedb5668b5bac35c9f61c7afe501e34917ce4b",
"drivers": "ntoskrnl.exe,hal.dll,kd.dll,mcupdate_GenuineIntel.dll,CLFS.SYS,tm.sys,PSHED.dll,BOOTVID.dll,FLTMGR.SYS...",
"clipboard": ""
}
-
In main.c, replace the webhook URL with one that belongs to you.
-
Run the compile script:
./compile.sh
This project is provided strictly for educational, research, and authorized security testing purposes. It is intended for use only in controlled environments where you have explicit permission to operate. The author accepts no responsibility or liability for any damage, loss, or legal consequences arising from the use or misuse of this software.