A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆383Feb 4, 2026Updated last month
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Golang implementation of Reflective load PE from memory☆64Jan 10, 2022Updated 4 years ago
- A Portable Executable parser for Golang☆48Nov 7, 2025Updated 4 months ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆527Oct 12, 2022Updated 3 years ago
- Converts PE into a shellcode☆2,752Aug 30, 2025Updated 6 months ago
- Go implementation of the Heaven's Gate technique☆102Feb 11, 2021Updated 5 years ago
- ☆314May 16, 2022Updated 3 years ago
- GoRE - Package gore is a library for analyzing Go binaries☆530Mar 6, 2026Updated 2 weeks ago
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆331Sep 10, 2024Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Load ssp dll golang implementation☆19Jan 18, 2022Updated 4 years ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆267Feb 22, 2025Updated last year
- Binee: binary emulation environment☆531Feb 25, 2023Updated 3 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,264Aug 27, 2023Updated 2 years ago
- Open-Source Shellcode & PE Packer☆2,080Feb 3, 2024Updated 2 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,576Oct 31, 2025Updated 4 months ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆363Sep 8, 2022Updated 3 years ago
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,177Feb 25, 2023Updated 3 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆553Dec 3, 2023Updated 2 years ago
- Reflective PE packer.�☆1,408Feb 22, 2024Updated 2 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,403Nov 22, 2023Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆928Jul 20, 2024Updated last year
- LoadLibrary for offensive operations☆1,179Oct 22, 2021Updated 4 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,098Jun 17, 2022Updated 3 years ago
- Obfuscate Go builds☆5,353Mar 15, 2026Updated last week
- Inject .NET assemblies into an existing process☆507Jan 19, 2022Updated 4 years ago
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆495Apr 1, 2021Updated 4 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- ☆825Dec 28, 2019Updated 6 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆377Jun 13, 2023Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆688Mar 11, 2024Updated 2 years ago
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆115Jun 7, 2021Updated 4 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆78Jul 9, 2024Updated last year
- Redress - A tool for analyzing stripped Go binaries☆1,158Mar 9, 2026Updated 2 weeks ago
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 7 months ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆500Feb 3, 2022Updated 4 years ago
- Executes 64bit code from a 32bit process☆240Jul 23, 2017Updated 8 years ago
- Practice Go programming and implement CobaltStrike's Beacon in Go☆1,263Oct 2, 2020Updated 5 years ago