A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆382Apr 10, 2026Updated this week
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Go library to parse Executable and Linkable Format (ELF) files.☆52Jun 27, 2024Updated last year
- Golang implementation of Reflective load PE from memory☆63Jan 10, 2022Updated 4 years ago
- A Portable Executable parser for Golang☆48Nov 7, 2025Updated 5 months ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆527Oct 12, 2022Updated 3 years ago
- Converts PE into a shellcode☆2,751Aug 30, 2025Updated 7 months ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Go implementation of the Heaven's Gate technique☆102Feb 11, 2021Updated 5 years ago
- ☆318May 16, 2022Updated 3 years ago
- GoRE - Package gore is a library for analyzing Go binaries☆530Apr 8, 2026Updated last week
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆331Sep 10, 2024Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆225Sep 13, 2022Updated 3 years ago
- Load ssp dll golang implementation☆19Jan 18, 2022Updated 4 years ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆269Feb 22, 2025Updated last year
- Binee: binary emulation environment☆531Feb 25, 2023Updated 3 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,268Aug 27, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Open-Source Shellcode & PE Packer☆2,086Feb 3, 2024Updated 2 years ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆364Sep 8, 2022Updated 3 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,606Apr 7, 2026Updated last week
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,181Feb 25, 2023Updated 3 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆552Dec 3, 2023Updated 2 years ago
- Reflective PE packer.☆1,408Feb 22, 2024Updated 2 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,409Nov 22, 2023Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆943Jul 20, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- LoadLibrary for offensive operations☆1,177Oct 22, 2021Updated 4 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,102Jun 17, 2022Updated 3 years ago
- Obfuscate Go builds☆5,378Mar 21, 2026Updated 3 weeks ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆497Apr 1, 2021Updated 5 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- ☆828Dec 28, 2019Updated 6 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆378Jun 13, 2023Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆688Mar 11, 2024Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆115Jun 7, 2021Updated 4 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆78Jul 9, 2024Updated last year
- Redress - A tool for analyzing stripped Go binaries☆1,159Apr 8, 2026Updated last week
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 7 months ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆503Feb 3, 2022Updated 4 years ago
- Executes 64bit code from a 32bit process☆240Jul 23, 2017Updated 8 years ago