{"id":26600750,"url":"https://github.com/aeverj/nimshellcodeloader","last_synced_at":"2025-05-15T13:07:56.649Z","repository":{"id":39222477,"uuid":"331032767","full_name":"aeverj/NimShellCodeLoader","owner":"aeverj","description":"免杀，bypassav，免杀框架，nim，shellcode，使用nim编写的shellcode加载器","archived":false,"fork":false,"pushed_at":"2025-02-18T14:31:45.000Z","size":633,"stargazers_count":659,"open_issues_count":5,"forks_count":121,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-15T13:07:50.002Z","etag":null,"topics":["evasion-attack","nim","offensive","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aeverj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-19T15:57:01.000Z","updated_at":"2025-05-14T06:47:08.000Z","dependencies_parsed_at":"2025-02-18T15:38:58.887Z","dependency_job_id":null,"html_url":"https://github.com/aeverj/NimShellCodeLoader","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimShellCodeLoader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimShellCodeLoader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimShellCodeLoader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimShellCodeLoader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aeverj","download_url":"https://codeload.github.com/aeverj/NimShellCodeLoader/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254346624,"owners_count":22055808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["evasion-attack","nim","offensive","shellcode-loader"],"created_at":"2025-03-23T18:34:42.721Z","updated_at":"2025-05-15T13:07:51.639Z","avatar_url":"https://github.com/aeverj.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e NimShellCodeLoader\u003c/h1\u003e\u003ch2 align=\"center\"\u003eNim编写Windows平台shellcode免杀加载器\u003c/h2\u003e\n快速生成免杀可执行文件\n\n![codeloader](pic/codeloader.png)\n\n## 所获荣誉:\n\n- [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)\n\n## 更新：\n\n**20231228：图标自定义功能**\n\n**20230826：支持nim的v2.0版本，去除base64编码，减小文件生成体积**\n\n**20220620：Fix Bug！增加2种加载`shellcode`方式**\n\n**20220203：Fix Bug！增加14种加载`shellcode`方式，nim version\u003e=1.6.2**\n\n**20210123：增加三种加载`shellcode`方式，其中两种使用了[winim](https://github.com/khchen/winim)库，需要安装该库才能正常编译**\n\n## 特点：\n\n1：自带四种加载方式\n\n2：可自行拓展加载方式\n\n3：支持两种加密技术，分别位`3des`加密和凯撒密码，密钥随机，每次生成文件拥有不同hash\n\n4：图标可以自定义\n\n\u003ch3 style=\"color: red;\"\u003e仅限用于技术研究和获得正式授权的测试活动。\u003c/h3\u003e\n\n## 文件组成：\n\n**`bin` 中存放生成的可执行文件**\n\n**`encryption` 存放加密代码文件**\n\n![file](pic/file.png)\n\n## 安装：\n\n**1、安装`nim`最新版**\n - 从[下载页面](https://nim-lang.org/install_windows.html)，分别下载nim的安装包和编译器mingw64，将两者解压到任意目录，分别将两个文件夹里面的bin文件夹路径添加到path环境变量中\n - 打开命令行，输入nim回车，输入gcc或g++回车，返回正常即可之后正常使用nim来编译程序\n - 需要安装[winim](https://github.com/khchen/winim)\n\n**2、下载本项目，分别编译`encryption`中的`Tdea.nim`和`Caesar.nim`。**\n\n`nim c -d:release -d:strip --opt:size Tdea.nim`\n\n`nim c -d:release -d:strip --opt:size Caesar.nim`\n\n**3、编译c#项目，将可执行文件放到当前目录**\n\n## 使用方法：\n\n**1、打开生成器**\n\n**2、将payload和图标拖动到该窗口**\n\n![first](pic/first.png)\n\n**3、选择加载方式，点击生成，可执行文件会保存到bin文件夹中**\n\n![second](pic/second.png)\n\n\n\n## 拓展：\n\n**1、新建`nim`代码文件，引用`public`，获取code（解密的明文shellcode）和`codelen`（明文shellcode长度）**\n\n**![code](pic/code.png)**\n\n**2、以Direct Load为例，将c++的功能代码放到上图中方框内即可**\n\n**3、修改`Compiler.ini`文件，添加一行，key为加载方式，value为编译使用的命令行，其中`\u003csource\u003e`为shellcode文件位置的占位符，`\u003cencrypt\u003e`为加密方式的占位符，其余可以自行定义。**\n\n![config](pic/config.png)\n\n## 引用：\n\n都是网上公开的方法\n\nhttps://github.com/Moriarty2016\n\nhttps://github.com/knownsec/shellcodeloader\n\nhttps://github.com/byt3bl33d3r/OffensiveNim\n\nhttps://github.com/S4R1N/AlternativeShellcodeExec\n\n## TODO：\n\n- [x] 添加图标自定义功能\n\n- [ ] 增加更多的加载方式\n\n- [ ] 增加反沙箱等功能\n\n- [ ] 增加加密方式\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeverj%2Fnimshellcodeloader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faeverj%2Fnimshellcodeloader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeverj%2Fnimshellcodeloader/lists"}