{"id":16680352,"url":"https://github.com/danielhenrymantilla/shellcode-factory","last_synced_at":"2025-03-21T18:32:27.680Z","repository":{"id":98633036,"uuid":"90552943","full_name":"danielhenrymantilla/shellcode-factory","owner":"danielhenrymantilla","description":"Tool to create and test shellcodes from custom assembly sources (with some encoding options)","archived":false,"fork":false,"pushed_at":"2018-08-22T14:46:30.000Z","size":251,"stargazers_count":36,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-18T03:51:21.550Z","etag":null,"topics":["8086","alphanumeric","asm","assembly","bytes","decoder","fast","gas","hex-bytes","intel","linux","make","script","security","shellcode","tool","useful","x86","x86-64","xor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danielhenrymantilla.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-07T18:25:57.000Z","updated_at":"2025-03-10T06:00:51.000Z","dependencies_parsed_at":"2023-03-13T15:57:33.513Z","dependency_job_id":null,"html_url":"https://github.com/danielhenrymantilla/shellcode-factory","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielhenrymantilla%2Fshellcode-factory","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielhenrymantilla%2Fshellcode-factory/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielhenrymantilla%2Fshellcode-factory/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielhenrymantilla%2Fshellcode-factory/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danielhenrymantilla","download_url":"https://codeload.github.com/danielhenrymantilla/shellcode-factory/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244848950,"owners_count":20520616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["8086","alphanumeric","asm","assembly","bytes","decoder","fast","gas","hex-bytes","intel","linux","make","script","security","shellcode","tool","useful","x86","x86-64","xor"],"created_at":"2024-10-12T13:41:22.164Z","updated_at":"2025-03-21T18:32:27.668Z","avatar_url":"https://github.com/danielhenrymantilla.png","language":"Python","readme":"# Shellcode Factory tool\nA tool to print and test shellcodes from assembly code. \n\nIt supports both Gas and Intel syntax (_.s_ and _.asm_ extensions respectively), as well as x86 and x64 architectures.\n\n\n## Usage:\n\n\tmake targets [parameters]\n\n \n### targets:\n\n+ `build` / `assembly`\t\t- will compile the assembly code from shellcode.s\n\n+ `debug`\t\t\t- debugs the assembly binary\n\n+ `print` / `xxd` / `p`\t\t- will print the shellcode in hex\n\n+ `x` / `auto` / `a`\t\t- will run the shellcode using a smashed stack\n\n+ `sc_debug`\t\t\t- will debug the shellcode called from a smashed stack\n\n+ `set`\t\t\t\t- will let you edit the source assembly code\n\n+ `neg`\t\t\t\t- will negate the shellcode, and prepend to it a 12-bytes-long decoder. It assumes the shellcode is reached right after a _ret_ instruction\n\n+ `xor_byte`\t\t\t- will xor the shellcode with a random byte, and prepend to it an appropriate decoder\n(the decoder is 21-26 bytes long). It will try to avoid the bytes from the _NO_ parameter.\n\n+ `xor`\t\t\t\t- will xor the shellcode with a random rotating word, and prepend to it an appropriate decoder\n(the decoder is 27-34 bytes long). It will try to avoid the bytes from the _NO_ parameter.\n\n+  `alphanumeric`\t\t- will transform the shellcode into one using alphanumeric chars only\n(it needs to be reached right after a _ret_ instruction for it to work)\n\n+  `clean` / `c`\t\t- removes generated files\n\n \n### parameters:\n\n+ `ARCH=XX`\t\t(default=32)\t\t\tXX-bit binaries (32 / 64)\n\n+ `S=filename`\t\t(default=_shellcode.s_)\t\tSource assembly filename.\n\n+ `SC=\"\\x31\\xc0...\"`\t(ignored by default)\t\tRaw Input shellcode (overrides `S` parameter).\n\n+ `NO=\"[0x...]\"` (default=\"[0x00, 0x20, 0x9, 0xa]\")\tList of chars to avoid when xor-ing\n\n+ `PAUSE=NO`\t\t\t\t\t\tDisables the pause-before-execution security\n\n+ `LANG=C`\t\t\t\t\t\tChanges the formatting of the `print` command to use a C-style array of bytes\n\n+ `SYNTAX=INTEL`\t\t\t\t\tChanges the syntax used to display assembly source code\n\n\n### Examples:\n\n+ `make print S=foo.asm SYNTAX=INTEL` will print the shellcode from _foo.asm_ with INTEL syntax\n\n+ `make S=foo.s set c p x ARCH=64` will let you edit _foo.s_ and will then hexdump it and attempt to run it (x64)\n\n+ `make c print SC=\"\\x31\\xc0\\x40\\xcd\\x80\"` will parse input shellcode into assembly instructions\n\n+ `make c p sc_debug SC=\"\\x31\\xc0\\x40\\xcd\\x80\"` will clean (recommended) then print and debug input shellcode\n\n+ `make p S=foo.asm | grep -e x00 -e x20` is a useful trick to check for forbidden bytes (bytes 0x00 and 0x20 for instance)\n\n+ `make p xor S=foo.asm NO=\"[0x00, 0x20]\"` xors the shellcode to avoid forbidden bytes\n\n+ `make p alphanumeric S=foo.s ` generates an alphanumeric version of the shellcode\n\n\n## Requires: \n\n1. `gcc` (`as` frontend) and `nasm` for GAS and INTEL syntax respectively (extensions _.s_ and _.asm_)\n\n2. `gdb` (I also recommend enhancing it with `peda`: https://github.com/longld/peda)\n\n3. `python` (tested with 2.7.12)\n\n4. `cut`\n\n5. `objdump` (optional: you can set `OBJDUMP` to `DISABLED` in the _Makefile_)\n\n6. `ndisasm` (optional: only needed when SYNTAX=INTEL)\n\n7. `nano` (optional: `set` and `put` targets only, and you can replace the `EDITOR=...` line in the _Makefile_ by your own editor)\n\n8. `pandoc` \u0026 `lynx` (optional) : print a nicer help/usage message\n\n9. _GNU_ `make` of course\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielhenrymantilla%2Fshellcode-factory","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanielhenrymantilla%2Fshellcode-factory","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanielhenrymantilla%2Fshellcode-factory/lists"}