whatisgithub

What is golol?

aaron-kidwell/golol — explained in plain English

Analysis updated 2026-05-18

41GoAudience · developerComplexity · 2/5LicenseSetup · easy

In one sentence

A Windows command-line tool that inventories which LOLBAS living-off-the-land binaries are present on a target machine for authorized security testing.

Mindmap

mindmap
  root((goLoL))
    What it does
      Fetches LOLBAS catalog
      Checks binaries on disk
      Filters by privilege level
    Tech stack
      Go
    Use cases
      Authorized pentesting
      Defender awareness
      Privilege aware scans
    Audience
      Security testers
    Output
      MITRE ATT&CK IDs
      Example commands
      Plain text mode

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Inventory which LOLBAS-listed Windows binaries are actually present on a target machine during an authorized pentest.

USE CASE 2

Filter results automatically to only the techniques your current privilege level can execute.

USE CASE 3

Look up the MITRE ATT&CK technique ID and example command for each discovered binary.

USE CASE 4

Use plain-text output mode when running through a reverse shell where colored output breaks.

What is it built with?

Go

How does it compare?

aaron-kidwell/golol79e/auto-openai-accountglockinhand/guns.lol-view-bot
Stars414240
LanguageGoGoGo
Setup difficultyeasymoderatemoderate
Complexity2/54/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires network access on each run to fetch the live LOLBAS catalog, intended only for authorized testing.

MIT: use, copy, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

So what is it?

goLoL is a command-line tool for Windows that helps security testers quickly understand what built-in Windows programs are available on a target machine and what actions those programs can perform. It works by fetching the latest data from the LOLBAS project, a community-maintained catalog of Windows executables that can be misused during authorized penetration tests or that defenders should watch for. LOLBAS stands for Living Off the Land Binaries, Applications, and Scripts. These are programs that ship with Windows itself, like certutil, wscript, or mshta, and can be used for tasks beyond their original purpose, such as downloading files, executing code, or reading credentials. Because they are already present on most Windows systems, security testers and attackers sometimes use them to avoid triggering alerts that look for unknown software. goLoL gives testers a fast inventory of which of these programs actually exist on the machine in front of them. The tool checks your current permission level automatically. If you are running as a standard user, it only shows techniques available to standard users. If your account belongs to the local Administrators group, it adds administrator-level techniques. If the process is running as SYSTEM, the highest Windows privilege, it shows all tiers. This avoids listing actions you cannot actually take. Each result includes the relevant MITRE ATT&CK technique ID, a short description, and an example command. Built in Go, the scanner resolves common Windows paths at runtime and checks whether each binary is physically present on disk. It requires a network connection on each run because it pulls the LOLBAS catalog live rather than bundling a static copy, so results always reflect the current catalog. A plain-text output mode is included for situations where colored terminal output breaks, such as when running through a reverse shell. The project is MIT licensed and intended only for authorized security testing, lab environments, and educational use.

Copy-paste prompts

Prompt 1
Explain how goLoL determines which LOLBAS techniques are available at my current Windows privilege level.
Prompt 2
Walk me through running goLoL in plain-text mode over a reverse shell.
Prompt 3
Summarize what MITRE ATT&CK technique IDs goLoL reports and what they mean.
Prompt 4
Explain what Living Off the Land Binaries are using goLoL's approach as an example.

Frequently asked questions

What is golol?

A Windows command-line tool that inventories which LOLBAS living-off-the-land binaries are present on a target machine for authorized security testing.

What language is golol written in?

Mainly Go. The stack also includes Go.

What license does golol use?

MIT: use, copy, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

How hard is golol to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is golol for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.