A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆387May 19, 2026Updated this week
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Go library to parse Executable and Linkable Format (ELF) files.☆53Jun 27, 2024Updated last year
- Golang implementation of Reflective load PE from memory☆63Jan 10, 2022Updated 4 years ago
- A Portable Executable parser for Golang☆47Nov 7, 2025Updated 6 months ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆530Oct 12, 2022Updated 3 years ago
- Converts PE into a shellcode☆2,761Aug 30, 2025Updated 8 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Go implementation of the Heaven's Gate technique☆100Feb 11, 2021Updated 5 years ago
- ☆320May 16, 2022Updated 4 years ago
- GoRE - Package gore is a library for analyzing Go binaries☆534Updated this week
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆331Sep 10, 2024Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Load ssp dll golang implementation☆19Jan 18, 2022Updated 4 years ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆270Feb 22, 2025Updated last year
- Binee: binary emulation environment☆531Feb 25, 2023Updated 3 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,279Aug 27, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Open-Source Shellcode & PE Packer☆2,105Feb 3, 2024Updated 2 years ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆365Sep 8, 2022Updated 3 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,665May 3, 2026Updated 3 weeks ago
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,187Feb 25, 2023Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,411Nov 22, 2023Updated 2 years ago
- Reflective PE packer.☆1,414Feb 22, 2024Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆958Jul 20, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- LoadLibrary for offensive operations☆1,179Oct 22, 2021Updated 4 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,114Jun 17, 2022Updated 3 years ago
- Obfuscate Go builds☆5,504Apr 22, 2026Updated last month
- Inject .NET assemblies into an existing process☆506Jan 19, 2022Updated 4 years ago
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆498Apr 1, 2021Updated 5 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- ☆828Dec 28, 2019Updated 6 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆379Jun 13, 2023Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆694Mar 11, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆114Jun 7, 2021Updated 4 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆80Jul 9, 2024Updated last year
- Redress - A tool for analyzing stripped Go binaries☆1,170May 9, 2026Updated 2 weeks ago
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 9 months ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆225Jun 9, 2020Updated 5 years ago
- Go symbol recovery tool☆996Mar 6, 2026Updated 2 months ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆507Feb 3, 2022Updated 4 years ago