Shellcode is supposed to be position-independent and self-contained. Conventional C and C++ toolchains were never built for that — they assume runtime libraries, import tables, relocation entries, and read-only data sections that break the moment you try to execute from arbitrary memory.
Position-Independent Agent solves it at the compiler level. A full C++23 codebase compiles to zero-dependency binaries through a custom LLVM pass that eliminates .data, .rodata, and .bss at build time, leaving only a .text section that can run as raw shellcode in RX-only memory. Crypto, TLS 1.3, WebSocket, HTTP, DNS, and JPEG encoding are implemented from scratch. Platform access goes through direct syscalls on eight platforms and seven architectures — no libc, no CRT, no dynamic linking.
The command surface is a binary protocol over encrypted WebSocket: system info, file browse and transfer with chunk hashing, interactive shell, display enumeration, and JPEG screenshot capture with dirty-rectangle diffing. Nine command types, each with explicit request/response framing.
The hard part is not any single feature. It is making a high-level language compile down to something that behaves like hand-written assembly without giving up expressiveness. That is the gap this project exists to close.
Built for authorized red team operations, penetration testing, and security research with written permission.