A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆391May 23, 2026Updated 3 weeks ago
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Golang implementation of Reflective load PE from memory☆62Jan 10, 2022Updated 4 years ago
- A Portable Executable parser for Golang☆46Nov 7, 2025Updated 7 months ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆530Oct 12, 2022Updated 3 years ago
- Converts PE into a shellcode☆2,775Aug 30, 2025Updated 9 months ago
- Go implementation of the Heaven's Gate technique☆100Feb 11, 2021Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- GoRE - Package gore is a library for analyzing Go binaries☆534Jun 3, 2026Updated last week
- ☆321May 16, 2022Updated 4 years ago
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆329Sep 10, 2024Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Load ssp dll golang implementation☆17Jan 18, 2022Updated 4 years ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆271Feb 22, 2025Updated last year
- Binee: binary emulation environment☆532Feb 25, 2023Updated 3 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,282Aug 27, 2023Updated 2 years ago
- Open-Source Shellcode & PE Packer☆2,107Feb 3, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆364Sep 8, 2022Updated 3 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,685Jun 6, 2026Updated last week
- KaynLdr is a Reflective Loader written in C/ASM☆554Dec 3, 2023Updated 2 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,413Nov 22, 2023Updated 2 years ago
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,190Feb 25, 2023Updated 3 years ago
- Reflective PE packer.☆1,417Feb 22, 2024Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆962Jul 20, 2024Updated last year
- LoadLibrary for offensive operations☆1,179Oct 22, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,117Jun 17, 2022Updated 3 years ago
- Obfuscate Go builds☆5,549Updated this week
- Inject .NET assemblies into an existing process☆506Jan 19, 2022Updated 4 years ago
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆498Apr 1, 2021Updated 5 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆13Sep 30, 2022Updated 3 years ago
- ☆828Dec 28, 2019Updated 6 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆384Jun 13, 2023Updated 3 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆694Mar 11, 2024Updated 2 years ago
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆114Jun 7, 2021Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A PoC package for hosting the CLR and executing .NET from Go☆79Jul 9, 2024Updated last year
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 9 months ago
- Redress - A tool for analyzing stripped Go binaries☆1,177Updated this week
- NINA: No Injection, No Allocation x64 Process Injection Technique☆225Jun 9, 2020Updated 6 years ago
- Go symbol recovery tool☆1,008Jun 1, 2026Updated last week
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆509Feb 3, 2022Updated 4 years ago
- Executes 64bit code from a 32bit process☆239Jul 23, 2017Updated 8 years ago