sliverarmory

sliverarmory / malasada

Public

Linux Shared Library to Shellcode Loader

84
9
69% credibility
Found Feb 09, 2026 at 50 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Assembly
AI Summary

Malasada transforms Linux shared object files into position-independent executable blobs that run directly from memory.

How It Works

1
🔍 Discover Malasada

You hear about a clever tool that lets you turn small Linux programs into neat bundles that run straight from memory, perfect for quick tests without cluttering your disk.

2
💻 Prepare Your Snippet

You create a simple program snippet, like one that just says 'hello', ready to share and run anywhere.

3
Convert to Magic Blob

With one easy command, you feed your snippet into Malasada and it whips it into a compact bundle that launches directly in memory.

4
Make It Smaller?
Keep Normal Size

Stick with the regular bundle, ready to go as is.

🗜️
Compress It

Opt for the tinier squeezed version to save space.

5
🚀 Launch the Runner

You use the simple helper to load and start your bundle right in memory, feeling the excitement build.

🎉 It Works Perfectly!

Your program springs to life, printing its message, proving you can run code seamlessly from memory without any files left behind.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 50 to 84 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is malasada?

Malasada is a Go CLI tool that converts Linux ELF shared objects (.so files) into position-independent .bin blobs executable directly from memory, like copying into an mmap'd region and jumping to it. It patches the .so to call a specified export (default: StartW), wraps it with a tiny stage0 loader, and supports optional aPLib compression—all without using memfd or execveat. Run `malasada --call-export Hello -o payload.bin hello.so` to get a runner-ready blob for amd64/arm64 Linux.

Why is it gaining traction?

It sidesteps file-based execution hurdles in Linux shared memory scenarios between processes, delivering a clean shellcode-like alternative to tools like Donut (Windows-focused). The embedded loader hands off to ld-linux seamlessly, handling init arrays and stack/auxv setup, while compression shrinks payloads noticeably. Devs grab it via linux github clone or download for quick tests on shared library paths.

Who should use this?

Red teamers crafting Linux payloads from Go C-shared libs, security researchers testing in-memory shared object loaders, or ops folks simulating linux shared folder exploits across users/Windows interop. Ideal if you're forking linux github repos with .so artifacts and need ssh key-authenticated, gui-free execution.

Verdict

Grab it if you need mem-exec for Linux shared libraries—quickstart and Docker tests work great, but with 51 stars and 0.699999988079071% credibility score, treat as experimental. Solid for prototypes, watch for maturity.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.