A collection of statically linked, stripped binaries for penetration testing and red teaming. These tools are built to be drop-and-execute ready on minimal target environments (containers, IoT, hardened servers) without requiring external libraries.
I'll add to this list as I go and include build scripts for strangeties I encounter.
- Tested on:
- arch current, alpine 3.20, ubuntu 20.04
- windows server 2016, windows 10, wine
| Binaries / Files | Version | System | Arch | |
|---|---|---|---|---|
| ligolo-ng | 0.8.2 | Linux / Windows | amd64 / 386 | GitHub |
| kerbrute | 1.0.3 | Linux / Windows | amd64 / 386 | GitHub |
| chisel | 1.11.3 | Linux / Windows | amd64 / 386 | GitHub |
| gocat | 2.14 | Linux / Windows | amd64 / 386 | GitHub |
| ptunnel-ng | 1.43 | Linux | amd64 / 386 | GitHub |
| socat | 1.8.0 | Linux | amd64 / 386 | dest-unreach |
| GNU netcat (nc) | 0.7.1 | Linux / Windows | amd64 / 386 | Sourceforge |
| Nmap ncat | 7.93 | Linux / Windows | amd64 / 386 | Nmap |
| busybox | 1.35.0 | Linux | amd64 / 386 | GitHub |
| go-winapsearch | 0.3.1 | Linux / Windows | amd64 | GitHub |
| pspy | 1.2.1 | Linux | amd64 / 386 | GitHub |
| tmux | 3.5a | Linux | amd64 / 386 | GitHub |
| amass | 5.0.1 | Linux | amd64 / 386 | GitHub |
| curl | 8.17.0 | Linux | amd64 / 386 | GitHub |
| htop | 3.4.1 | Linux | amd64 / 386 | GitHub |
A couple of odd builds. I left the cosponsoring Docker build files in the respective binaries directory.
curl- Disabled everything heavy (LDAP, RTMP, etc) to ensure clean static build.htop- Disabled unicode/mouse to make it more portable.topinbusyboxis safer, but if you have a decent shell on the target, this statichtopwill work fine.
ptunnel-ng- Had to injectednetinet/in.hat the very top of ptunnel.h so libc definitions take precedence over kernel definitions (linux/in6.h)gocat386 only - Had to break as SCTP support asSYS_GETSOCKOPT/SETSOCKOPTdon't exist onlinux/386, but TCP/UDP/HTTP will work fine.- Use
gobuild-linux-386.shinbin/gocat/to patch and build locally.
- Use
socat- This was built for pivoting so I disabled problematic libraries (readline,tcp_wrappers), and forced a static link with OpenSSL support. Who needs extra security and fancy command history?
If a binary is too large for file transfer limits, use UPX to pack it.
upx --best --lzma binary_name