Shellcode is supposed to be position-independent and self-contained. Conventional C and C++ toolchains were never built for that — they assume runtime libraries, import tables, relocation entries, and read-only data sections that break the moment you try to execute from arbitrary memory.

Position-Independent Agent solves it at the compiler level. A full C++23 codebase compiles to zero-dependency binaries through a custom LLVM pass that eliminates .data, .rodata, and .bss at build time, leaving only a .text section that can run as raw shellcode in RX-only memory. Crypto, TLS 1.3, WebSocket, HTTP, DNS, and JPEG encoding are implemented from scratch. Platform access goes through direct syscalls on eight platforms and seven architectures — no libc, no CRT, no dynamic linking.

The command surface is a binary protocol over encrypted WebSocket: system info, file browse and transfer with chunk hashing, interactive shell, display enumeration, and JPEG screenshot capture with dirty-rectangle diffing. Nine command types, each with explicit request/response framing.

The hard part is not any single feature. It is making a high-level language compile down to something that behaves like hand-written assembly without giving up expressiveness. That is the gap this project exists to close.

Built for authorized red team operations, penetration testing, and security research with written permission.

cat redacted-results.log sanitized logs

Agent registration and system info

redacted agent log

A linux-x86_64 agent connects over WSS and answers GetSystemInfo on first command.

sanitized-output
[INF] Agent starting, registered 9 command handlers
[INF] Connection attempt #1 to https://relay.[REDACTED].workers.dev/agent
[INF] WebSocket connection established (attempt #1)
[INF] Message #1 received: command=GetSystemInfo (0x00), payload_length=0, ws_opcode=2
[INF] Handling GetSystemInfoCommand.
[INF] GetSystemInfo: hostname=[REDACTED], arch=x86_64, agent_platform=linux,
      os_version=Linux [REDACTED], build=318, commit=[REDACTED]
[INF] Command GetSystemInfo completed: status=0, response_length=481
[INF] Response sent successfully for command GetSystemInfo (481 bytes)

Remote shell session

redacted agent log

Interactive shell over the binary WebSocket protocol — write then read, no local path or command text published.

sanitized-output
[INF] Message #2 received: command=WriteShell (0x04), payload_length=8, ws_opcode=2
[INF] Handling WriteShellCommand.
[INF] Command written to shell successfully, bytes written: 7
[INF] Command WriteShell completed: status=0, response_length=4
[INF] Response sent successfully for command WriteShell (4 bytes)
[INF] Message #3 received: command=ReadShell (0x05), payload_length=0, ws_opcode=2
[INF] Handling ReadShellCommand.
[INF] Command ReadShell completed: status=0, response_length=57
[INF] Response sent successfully for command ReadShell (57 bytes)