A collection of open source shellcode tools
Shellcodes database
- 0x4ndr3/SLAE64_Assignments - shellcode with auth/encryption
- blog: Win32 Shellcode - Hashed Reverse Shell
- MortenSchenk/ACL_Edit - Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
- boku7/winx64-InjectAllProcessesMeterpreter-Shellcode - 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells
Generator
- Bw3ll/ShellWasp - a new tool to faciliate creating shellcode utilizing syscalls, released at DEF CON 30
- tombkeeper/Shellcode_Template_in_C
- nologic/shellcc - Building optimized shellcode using GCC. Suited for learning assembly and playing with the ABI
- merrychap/shellen - Interactive shellcoding environment to easily craft shellcodes
- NytroRST/ShellcodeCompiler - compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows
- TonyChen56/ShellCodeFrame - 使用纯C/C++编写的ShellCode生成框架 - 这个似乎支持Win64
- mai1zhi2/ShellCodeFramework - 绕3环的shellcode免杀框架 - 这个有自定义hash算法,自定义kernel32寻址
- hasherezade/pe_to_shellcode - Converts PE into a shellcode
- wetw0rk/Sickle - Payload development tool
- whatsbcn/shellforge4 - Enhanced version of secdev's shellforge G3. More platforms and architectures supported.
- bats3c/darkarmour - PE改OEP注入的工具
- hasherezade/masm_shc - A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints
- From a C project, through assembly, to shellcode v1.2 - by hasherezade for @vxunderground
ROP
- JonathanSalwan/ROPgadget - search your gadgets on your binaries to facilitate your ROP exploitation
- 0vercl0k/rp - rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries
- sashs/Ropper - Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework - 1.1K star
- kokjo/universalrop - Small tool for generating ropchains using unicorn and z3
- orppra/ropa - GUI tool to create ROP chains using the ropper API
- Boyan-MILANOV/ropgenerator - a tool that helps you building ROP exploits by finding and chaining gadgets together
Encoders
- DavidBuchanan314/monomorph - MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash
- EgeBalci/sgn - Shikata ga nai (仕方がない) encoder ported into go with several improvements - go实现的编码器
- aniqfakhrul/Sharperner - Simple executable generator with encrypted shellcode
- pureqh/bypassAV - 免杀shellcode加载器
- knownsec/shellcodeloader
- viraintel/OWASP-ZSC - Shellcode/Obfuscate Code Generator
- hlldz/SpookFlare - Meterpreter loader generator with multiple features for bypassing client-side and network-side countermeasures
- SkyLined/alpha3 - a tool for transforming any x86 machine code into 100% alphanumeric code with similar functionality
- kgretzky/obfusion - C++ X86 Code Obfuscation Library
- cryptolok/MorphAES - IDPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world's first polymorphic shellcode engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it's cross-platform as well and library-independent
- slaeryan/FALCONSTRIKE - A stealthy, targeted Windows Loader for delivering second-stage payloads(shellcode) to the host machine undetected
Debugger
- dzzie/SCDBG - 基于libemu执行shellcode的工具,2019停更
- Bw3ll/sharem - SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls - defcon发布的,还有一个ghirda插件
- ohjeongwook/ShellCodeEmulator - Shellcode emulator written with Unicorn
- OALabs/BlobRunner - Quickly debug shellcode extracted during malware analysis
- emptymonkey/drinkme - A shellcode testing harness
- sh4hin/GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
Evasion
- furax124/Protect_Loader - Protect Loader is a shellcode loader written in pure golang designed to provide various security and evasion techniques for Go applications. It includes features such as shellcode loading, obfuscation, the use of indirect syscalls, and much more
- RtlDallas/Jomungand - Shellcode Loader with memory evasion
- ORCA000/toasterloader - Just A Fun Way To Run Your Shellcode
- S3cur3Th1sSh1t/Caro-Kann - Encrypted shellcode Injection to avoid Kernel triggered memory scans
- florylsk/NtRemoteLoad - Remote shellcode injector, based on HWSyscalls by ShorSec, leveraging undetectable (currently) indirect native syscalls to inject shellcode into another process, creating a thread and executing it
- lem0nSec/ShellGhost - A memory-based evasion technique which makes shellcode invisible from process start to end
- 4ra1n/java-gate - Java JNI HellsGate/HalosGate/TartarusGate/RecycledGate/SSN Syscall/Many Shellcode Loaders
- timwhitez/Doge-Gabh - GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation
- aahmad097/AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks - 这个很全
- TheD1rkMtr/Shellcode-Hide - This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)
- nixpal/ProcInjectSyscall - Process Injection using Windows SYSCALLS
- capt-meelo/KernelCallbackTable-Injection - 修改PEB KernelCallbackTable字段来执行shellcode
- pwn1sher/RTImplant - Just another casual shellcode native loader
- ORCA666/T.D.P - Using Thread Description To Hide Shellcode
- snovvcrash/DInjector - Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
- boku7/Ninja_UUID_Dropper - Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10
- xinbailu/DripLoader - Evasive shellcode loader for bypassing event-based injection detection (PoC) - 从固定地址执行shellcode,绕过EDR监控
- ChoiSG/UuidShellcodeExec - PoC for UUID shellcode execution using DInvoke - 有个python脚本将原始shellcode转换成uuid数组
- cribdragg3r/Alaris - A protective and Low Level Shellcode Loader the defeats modern EDR systems - shellcode加密、直接系统调用、blockdlls策略、shellcode覆盖写入
- One thousand and one ways to copy your shellcode to memory (VBA Macros) - 基于EnumSystemCodePagesW的shellcode执行,包含C++/VBA两个版本
- D00MFist/Go4aRun - About Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
- zeroSteiner/crimson-forge - Sustainable shellcode evasion
- D4Vinci/Dr0p1t-Framework - create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
- oddcod3/Phantom-Evasion - Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)
- Genetic-Malware/Ebowla - Framework for Making Environmental Keyed Payloads
- leoloobeek/GoGreen - Environmental (and http) keying for scripting languages
- Memory scanning
Uncategorized
- senzee1984/InflativeLoading - Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
- Wra7h/ARCInject - Overwrite a process's recovery callback and execute with WER
- naksyn/python-bof-runner/injector.py - 包含一个python运行shellcode的例子
- leoloobeek/COMRunner - A simple COM server which provides a component to run shellcode
- Kara-4search/HellgateLoader_CSharp - Load shelcode via HELLGATE, rewrite hellgate for learning purpose
- malware-unicorn/macho_shellcode_extractor - extracts shellcode from a nasm compile macho binary
- 0xd4d/iced - High performance and correct x86/x64 disassembler, assembler, decoder, encoder for .NET, Rust, Python, JavaScript
- slyd0g/UrbanBishopLocal - A port of FuzzySecurity's UrbanBishop project for inline shellcode execution
- DownWithUp/DynamicKernelShellcode - An example of how x64 kernel shellcode can dynamically find and use APIs
- secretsquirrel/fido - Teaching old shellcode new tricks
- TheSecondSun/Shellab - Linux and Windows shellcode enrichment utility
- Arno0x/17d1705ecfc945088579c84994a652d3 - XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code