ShenCode
A versatile tool for working with shellcodes.
Features
ShenCode is a framework for developing, analyzing and testing shellcodes. It comes with 3 operating modes:
- Argument mode
shencode core output -i file.raw -s inspect
- Interactive mode
shencode$ load outputshencode::core::output$
- Task mode
- Automate modules in different steps with
json
- Automate modules in different steps with
Version 0.8.4
General usage
Help docs are currently not up to date. I am working on a new publishing system. This will be done in a few days.
Check out ShenCode Docs and the starter tutorial for more information.
| Category | Module | Description | Docs | Refs |
|---|---|---|---|---|
core | download | Download remote files | download | |
core | extract | Extract a range of bytes from a file | extract | |
core | output | Inspect and display files in different formats | output | |
core | subproc | Execute an external subprocess | subproc | |
core | task | Execute tasks to automate ShenCode | task | |
encoder | alphanum | Alphanumeric encoder to avoid null bytes | alphanum | |
encoder | bytebert | Advanced polymorphic encoder | bytebert | |
encoder | byteswap | New XOR Encryption, Swapping Bytes | byteswap | Blog Post |
encoder | multicoder | Multi-Algorithm encoder | multicoder | |
encoder | xor | Encode payload with custom XOR key | xor | |
encoder | xorpoly | Polymorphic x64 in-memory decoder | xorpoly | Blog Post |
inject | dll | Inject dll into a process | dll | |
inject | injection | Inject shellcode into a process | injection | |
inject | ntinjection | Inject with native windows API | ntinjection | |
inject | psoverwrite | Process overwriting injection | psoverwrite | hasherezade |
obfuscate | feed | Hide shellcode bytes in a feed.xml file | feed | |
obfuscate | qrcode | Generate QR-Code from a file | qrcode | |
obfuscate | rolhash | ROR13 to custom ROL hashing | rolhash | |
obfuscate | uuid | Generate UUIDs from shellcode | uuid | Blog Post |
payload | msfvenom | Create payloads with msfvenom | msfvenom | |
payload | winexec | Create a shellcode with custom WinExec command | winexec | |
stager | meterpreter | Download a meterpreter reverse tcp stage | meterpreter | |
stager | sliver | Download a sliver stage | sliver |
How to use
Install
git clone https://github.com/psycore8/shencode
cd shencode
python -m venv .venv
<! ACTIVATE-VENV-SEE-BELOW !>
pip install .
shencode -hTo activate the virtual environment use the following command:
- Windows -
.venv\bin\activate - Linux -
source .venv/bin/activate
Release Notes
general- Task file for starters tutorialgeneral- interactive modecore/extract- deleted deprecatedstart_offsetandend_offsetargumentscore/output- assemble x64 instructionsencoder/alphanum- added variable padding optioninject/psoverwrite- fixed broken CFGuard mitigationobfuscate/feed- customize feed parameters (author, title, subtitle, uri)payload/winexec- new instructions producing 00cmp rcx, 0payload/winexec- xor rdx and rdi for correct stack alignmentstager/sliver- implemented newaesargument with nargs support