{"id":25647402,"url":"https://github.com/mawg0ud/phantomx","last_synced_at":"2026-05-13T12:34:10.625Z","repository":{"id":279001229,"uuid":"937046833","full_name":"mawg0ud/PhantomX","owner":"mawg0ud","description":"an advanced EDR evasion framework in Golang","archived":false,"fork":false,"pushed_at":"2025-03-19T05:14:43.000Z","size":51,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-26T07:54:24.154Z","etag":null,"topics":["cybersecurity","encryption","evasion","infosec","infosectools","shellcode","stealth","syscalls"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mawg0ud.png","metadata":{"files":{"readme":"docs/README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-22T07:47:19.000Z","updated_at":"2025-03-19T05:14:47.000Z","dependencies_parsed_at":"2025-02-23T05:19:06.337Z","dependency_job_id":"5b052ceb-a0e5-4b3e-8259-f501dacf03ee","html_url":"https://github.com/mawg0ud/PhantomX","commit_stats":null,"previous_names":["mawg0ud/phantomx"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mawg0ud/PhantomX","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FPhantomX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FPhantomX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FPhantomX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FPhantomX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mawg0ud","download_url":"https://codeload.github.com/mawg0ud/PhantomX/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mawg0ud%2FPhantomX/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32982800,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T11:31:52.688Z","status":"ssl_error","status_checked_at":"2026-05-13T11:31:52.072Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","encryption","evasion","infosec","infosectools","shellcode","stealth","syscalls"],"created_at":"2025-02-23T11:29:09.418Z","updated_at":"2026-05-13T12:34:10.620Z","avatar_url":"https://github.com/mawg0ud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# PhantomX - Advanced EDR Evasion Framework\n\nPhantomX is an advanced **EDR (Endpoint Detection and Response) evasion tool** built in **Golang**, designed to bypass modern security defenses using **memory evasion, shellcode encryption, direct syscalls, and anti-debugging techniques**.\n\n## 1. Features\n\n↦ **Memory Evasion** – Unhooks API functions and hides malicious execution.  \n↦ **Shellcode Encryption** – Encrypts shellcode with **AES \u0026 XOR** to evade detection.  \n↦ **Direct Syscalls** – Executes system calls **without API hooks**.  \n↦ **Anti-Debugging** – Detects debuggers and sandboxes before execution.  \n↦ **Cross-Platform** – Works on **Windows, Linux, and macOS**.  \n↦ **Automated Compilation** – Supports **cross-compilation** with optimized binaries.  \n\n\n## 2. Project Structure\n\n```\nPhantomX/\n│── src/\n│   │── main.go                # Main entry file\n│   │── memory_evasion.go      # Handles memory evasion techniques\n│   │── shellcode_loader.go    # Loads and executes shellcode\n│   │── encryption.go          # Encrypts/decrypts shellcode\n│   │── anti_debugging.go      # Implements anti-debugging \u0026 sandbox checks\n│   │── syscalls.go            # Implements direct system calls\n│   │── utils.go               # Utility functions and helpers\n│   │── persistence.go         # Ensures PhantomX starts after reboot\n│   │── privilege_escalation.go # Gains admin/root privileges\n│   │── self_destruct.go       # Securely removes PhantomX from the system\n│\n│── shellcode/\n│   │── reverse_shellcode.go    # Reverses shellcode before execution\n│   │── shellcode_xor.go        # Encrypts shellcode using XOR\n│\n│── build/\n│   │── compile.sh              # Compilation script for the project\n│   │── dependencies.go         # Handles necessary dependency checks\n│\n│── docs/\n│   │── README.md               # Documentation for the project\n│   │── INSTALLATION.md         # Setup and installation guide\n│   │── USAGE.md                # How to use PhantomX\n│\n│── config/\n│   │── settings.go             # Configuration file for customization\n│   │── network.go              # Handles network settings \u0026 communication\n│\n└── logs/\n    │── keystrokes.log          # Logs captured keystrokes\n    │── network_capture.log     # Logs network traffic\n```\n\n\n## 3. Installation \u0026 Setup\n\n### **🔹 Prerequisites**\n- Install **Golang** (version 1.20+ recommended)\n- Windows users: Install **MinGW** for cross-compilation\n- Linux/macOS users: Ensure **gcc** is installed\n\n### **🔹 Clone the Repository**\n```sh\ngit clone https://github.com/mawg0ud/PhantomX.git\ncd PhantomX\n```\n\n### **🔹 Compile PhantomX**\nTo compile the project for your current OS:\n```sh\ngo build -o phantomx src/main.go\n```\n\nFor cross-compilation (Windows binary from Linux/macOS):\n```sh\nGOOS=windows GOARCH=amd64 go build -o phantomx.exe src/main.go\n```\n\nFor Linux binary from Windows:\n```sh\nGOOS=linux GOARCH=amd64 go build -o phantomx src/main.go\n```\n\n## 4. Usage\n\nRun PhantomX with default settings:\n```sh\n./phantomx\n```\n\nRun with a custom configuration file:\n```sh\n./phantomx -config config/settings.json\n```\n\nTo execute encrypted shellcode manually:\n```sh\ngo run src/shellcode_loader.go -file shellcode/payload.bin\n```\n\n\n## 5. Legal Disclaimer\nThis tool is for **educational purposes** only. **Unauthorized use of this tool on third-party systems is illegal**. The developers are **not responsible** for any misuse.\n\n\n## 6. License\nPhantomX is released under the **MIT License**.\n\n\n## 7 Future Enhancements\n-  **Process Hollowing** – Injecting payload into legitimate processes.\n-  **Polymorphic Shellcode** – Generate dynamic payloads on execution.\n-  **Kernel-Level Evasion** – More advanced techniques to bypass monitoring.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawg0ud%2Fphantomx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmawg0ud%2Fphantomx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmawg0ud%2Fphantomx/lists"}