A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆379Feb 4, 2026Updated 3 weeks ago
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below
Sorting:
- Go library to parse Executable and Linkable Format (ELF) files.☆52Jun 27, 2024Updated last year
- A Portable Executable parser for Golang☆48Nov 7, 2025Updated 3 months ago
- Golang implementation of Reflective load PE from memory☆64Jan 10, 2022Updated 4 years ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆527Oct 12, 2022Updated 3 years ago
- Go implementation of the Heaven's Gate technique☆102Feb 11, 2021Updated 5 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Converts PE into a shellcode☆2,745Aug 30, 2025Updated 6 months ago
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆331Sep 10, 2024Updated last year
- ☆314May 16, 2022Updated 3 years ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆360Sep 8, 2022Updated 3 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- Open-Source Shellcode & PE Packer☆2,069Feb 3, 2024Updated 2 years ago
- GoRE - Package gore is a library for analyzing Go binaries☆527Updated this week
- Binee: binary emulation environment☆530Feb 25, 2023Updated 3 years ago
- A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls o…☆1,172Feb 25, 2023Updated 3 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions☆494Apr 1, 2021Updated 4 years ago
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆266Feb 22, 2025Updated last year
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,255Aug 27, 2023Updated 2 years ago
- LoadLibrary for offensive operations☆1,174Oct 22, 2021Updated 4 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,401Nov 22, 2023Updated 2 years ago
- Reflective PE packer.☆1,401Feb 22, 2024Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆684Mar 11, 2024Updated last year
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 6 months ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- ☆826Dec 28, 2019Updated 6 years ago
- Load ssp dll golang implementation☆19Jan 18, 2022Updated 4 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,092Jun 17, 2022Updated 3 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,562Oct 31, 2025Updated 4 months ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Redress - A tool for analyzing stripped Go binaries☆1,150Feb 23, 2026Updated last week
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆23Sep 15, 2021Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆360Mar 2, 2024Updated 2 years ago
- Standalone utility for service discovery on open ports!☆718Jan 13, 2026Updated last month
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆291Mar 8, 2023Updated 2 years ago
- ☆18Aug 15, 2021Updated 4 years ago