ShenCode

A versatile tool for working with shellcodes.

Features

ShenCode is a framework for developing, analyzing and testing shellcodes. It supports the following operating modes:

• Argument mode
  • shencode core output -i file.raw -s inspect
• Interactive Mode
  • shencode$ load output
  • shencode::core::output$
• Task Mode
  • Automate modules in different steps with json

Version 0.8.5

General usage

Check out ShenCode Docs and the starter tutorial for more information.

Modules

Category	Description	Modules
core	Shencode core functions	download - extract- minidump - output - subproc - task
encoder	Shellcode encoder	alphanum - bytebert - byteswap1 - multicoder - xor - xorpoly2
inject	Process injection modules	dll - injection - linject - ntinjection - psoverwrite3
obfuscate	Shellcode obfuscation techniques	feed - qrcode - rolhash - uuid
payload	Modules to generate payloads	msfvenom - winexec
stager	Stage loaders	meterpreter - sliver

How to use

Install

git clone https://github.com/psycore8/shencode
cd shencode
python -m venv .venv
<! ACTIVATE-VENV-SEE-BELOW !>
pip install .
shencode -h

To activate the virtual environment use the following command:

• Windows - .venv\bin\activate
• Linux - source .venv/bin/activate

Release Notes

• general - fixed some fstring errors
• core/minidump - dump a process from memory to disk with WinAPI
• inject/linject - Linux based injection method
• inject/psoverwrite - Fixed NoCFG setting
• obfuscate/feed - open file optimizations
• stager/sliver - save the stage to disk
• stager/sliver - testing linux support
• utils/interactive - print config in json format
• utils/style - moved style settings from helper to style

References

• Byte-Swapping

• In-Memory Decoder

• Function Name Hashing

• Win32API with python3 injection

• Violent python: XOR Encryption

• How to easily encrypt file in python

Footnotes

1. Byteswapping Blog Post ↩

2. Polymorphic XOR decoder Blog Post ↩

3. hasherezade ↩