Getting Offensive with Go

Introduction

Creating Reverse Shells and bypassing Anti-Virus (AV) with Golang. Using Golang in security has become very popular over the last few years. In this article, I want to cover several existing Golang scripts that you can use to create Reverse Shells and possibly even bypass Anti-Virus. We will start our journey looking at a one-line reverse shell in Go, and then cover a couple apps that can generate multiple different shells. This article isn’t about writing custom Go scripts or post exploit - what to do after you get a remote shell. It is simply a quick and dirty overview of some existing Go shellcode for Pentesters and Red Teams.

Swissky’s one-line Go shell is up first. This one-line reverse shell works great against Linux based targets. Next, we will look at Girsh, a menu driven script that can create multiple different reverse shells for both Linux and Windows. Lastly, we will look at Go-Shellcode, a very good Go reverse shell that, at last testing and with the right payload, still bypasses most common Windows antivirus products.

As always, this article is for educational & informational purposes only.

Never try to access systems without permission.

I used two Kali Linux VMs for this article, one a target and the other an attack system. Golang was already installed on the attacking system. I also used a Windows 11 system and a Windows Server 2022 (not shown) for testing the Go-Shellcode Early Bird code.