{"id":15675803,"url":"https://github.com/EvilBytecode/GoRedOps","last_synced_at":"2025-10-14T08:31:04.881Z","repository":{"id":290224336,"uuid":"812898485","full_name":"EvilBytecode/GoRedOps","owner":"EvilBytecode","description":"🦫  | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.","archived":false,"fork":false,"pushed_at":"2025-04-27T16:42:37.000Z","size":1780,"stargazers_count":575,"open_issues_count":0,"forks_count":88,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-08-05T15:55:40.727Z","etag":null,"topics":["go","golang","hacking","malware","malware-development","offensive-security","red-team","redteaming","security","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EvilBytecode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-06-10T05:46:49.000Z","updated_at":"2025-08-05T15:19:35.000Z","dependencies_parsed_at":"2025-04-27T17:45:58.652Z","dependency_job_id":null,"html_url":"https://github.com/EvilBytecode/GoRedOps","commit_stats":null,"previous_names":["evilbytecode/goredops"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/EvilBytecode/GoRedOps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoRedOps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoRedOps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoRedOps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoRedOps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EvilBytecode","download_url":"https://codeload.github.com/EvilBytecode/GoRedOps/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvilBytecode%2FGoRedOps/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279018312,"owners_count":26086342,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","hacking","malware","malware-development","offensive-security","red-team","redteaming","security","windows"],"created_at":"2024-10-03T16:00:49.620Z","updated_at":"2025-10-14T08:31:04.875Z","avatar_url":"https://github.com/EvilBytecode.png","language":"Go","readme":"# GoRedOps\n## Telegram:\n- https://t.me/ebytelabs\n![GoRedOps Logo](GoRedOps.png)\n\nGoRedOps is a collection of Golang projects designed specifically for red teamers and offensive security operations. This repository provides various tools and techniques essential for penetration testing, exploitation, and security research.\n\n## Table of Contents\n\n- [About](#about)\n- [Project Structure](#project-structure)\n- [Getting Started](#getting-started)\n- [Contributing](#contributing)\n\n## Project Structure\n\nGoRedOps contains the following codes:\n\n- **AntiDebugNOPACKAGE**\n  - Anti-debugging techniques without packaging.\n- **AntiDebugPackage**\n  - Packaged anti-debugging techniques.\n- **BatchfileDeobfuscator**\n  - Tools for deobfuscating batch files.\n- **CreateDLL**\n  - Tools for creating dynamic-link libraries (DLLs).\n- **crypto**\n  - Various cryptographic algorithms (AES, ChaCha20, RC4, XOR).\n- **EDR-XDR-AV-Killer**\n  - Tools for evading and disabling EDR, XDR, and antivirus software.\n- **ETWBypass**\n  - Techniques for bypassing Event Tracing for Windows (ETW).\n- **GoDLLInjector**\n  - DLL injection techniques.\n- **GoObfuscator**\n  - Tools for obfuscating Go code.\n- **injection_native_apc**\n  - Native APC injection techniques.\n- **injection_thread**\n  - Thread injection techniques:\n    - createThread\n    - ntCreateThreadEx\n- **instrumentation_callback**\n  - Techniques involving instrumentation callbacks.\n- **LifetimeAMSIBypass**\n  - Bypassing AMSI (Antimalware Scan Interface).\n- **misc**\n  - Miscellaneous scripts and tools.\n- **network**\n  - Networking tools:\n    - http (HTTP client and server)\n    - pipes (Named pipes client and server)\n    - tcp (TCP client and server)\n- **ParentPIDSpoofing**\n  - Techniques for spoofing parent process IDs.\n- **PEParser**\n  - Tools for parsing PE (Portable Executable) files.\n- **process_dump**\n  - Tools for dumping process memory.\n- **ProtecProc**\n  - Process protection techniques.\n- **ProtectProcess**\n  - Additional process protection techniques.\n- **sandbox**\n  - Techniques for detecting and evading sandboxes.\n- **self_remove**\n  - Tools for self-removing malware.\n- **srdi**\n  - Tools for shellcode reflection and dynamic invocation.\n- **token**\n  - Token manipulation tools:\n    - impersonate\n    - list\n- **wmi**\n  - Tools for interacting with Windows Management Instrumentation (WMI).\n- **APC Injection**  \n   - Exploits the Asynchronous Procedure Call (APC) technique to execute malicious code within target processes.\n\n- **Early Bird APC Injection**  \n  - A variation of APC Injection focusing on executing code before the main process starts.\n\n- **Local Mapping Injection**  \n  - Demonstrates malicious code injection via memory mapping into local processes.\n\n- **Local Payload Execution**  \n  - Addresses the direct execution of malicious payloads in a system's local environment.\n\n- **Payload Execution Fibers**  \n  - Demonstrates running shellcode using Fibers, a type of lightweight thread.\n\n- **Payload Placement**  \n  - Shows how to store shellcode in the .text section of a process and execute it.\n\n- **Process Injection (Shellcode)**  \n  - Exploits shellcode injection directly into running processes to control or execute malicious tasks.\n\n- **Registry Shellcode**  \n  - Demonstrates writing and reading shellcode to/from the Windows Registry.\n\n- **Remote Function Stomping Injection**  \n  - Exploits the substitution of functions in remote systems to carry out malicious activities.\n\n- **Remote Mapping Injection**  \n  - Demonstrates malicious code injection via memory mapping into remote processes.\n\n- **Remote Thread Hijacking**  \n  - Focuses on hijacking threads in remote system processes to execute malicious code.\n\n- **Threadless Injection**  \n  - Demonstrates threadless injection using Go \u0026 C, where shellcode is injected without creating a new thread.\n- **RunPE (Run Portable Executable)**\n  - Runs PE in Memory, PE = .exe.\n- **Lifetime ETW - Amsi Bypass**\n  - Patches Amsi and ETW forever in newly created powershell consoles.\n- **Keylogger**\n  - Logs keystrokes into a temp file.\n## Getting Started\n\nTo get started with any of the tools in this repository, navigate to the respective project directory and follow the instructions in the `README.md` file provided.\n\n### Prerequisites\n\n- Go programming language installed (version 1.20+)\n- Knowledge of Golang and offensive security operations, so have a brain in nutshell.\n\n### Installation\n\nClone the repository, and Change Dir to your specified one:\n\n```bash\ngit clone https://github.com/EvilBytecode/GoRedOps.git\ncd GoRedOps\ncd desired_folder\n```\n\n\n### Contributing\n- We welcome contributions to improve GoRedOps. If you have an idea for a new tool or an enhancement to an existing one, please fork the repository and submit a pull request.\n### How to contribute?\n- Steps to Contribute\n- Fork the repository.\n- Create a new branch for your feature or bug fix.\n- Implement your changes and commit them with descriptive messages.\n- Push your changes to your fork.\n- Submit a pull request to the main repository.\n\n# License : \n- NoLicense (UnLicense)\n\n# Credits:\n- https://github.com/Enelg52/OffensiveGo (30%)\n\n\n## License\nThis project is licensed under the MIT License. See the LICENSE file for details.\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEvilBytecode%2FGoRedOps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEvilBytecode%2FGoRedOps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEvilBytecode%2FGoRedOps/lists"}