ShenCode

A versatile tool for working with shellcodes.

Features

ShenCode is a framework for developing, analyzing and testing shellcodes. It supports the following operating modes:

• Argument mode
  • shencode core output -i file.raw -s inspect
• Interactive Mode
  • shencode$ load output
  • shencode::core::output$
• Task Mode
  • Automate modules in different steps with json

Version 0.8.6

General usage

Check out ShenCode Docs and the starter tutorial for more information.

Modules

Category	Description	Modules
core	Shencode core functions	download - extract- minidump - output - subproc - task
encoder	Shellcode encoder	alphanum - bytebert - byteswap1 - multicoder - xor - xorchain - xorpoly2
inject	Process injection modules	dll - injection - linject - ntinjection - psoverwrite3
obfuscate	Shellcode obfuscation techniques	feed4 - qrcode - rolhash - uuid
payload	Modules to generate payloads	msfvenom - winexec
stager	Stage loaders	meterpreter - sliver

How to use

Install

git clone https://github.com/psycore8/shencode
cd shencode
python -m venv .venv
<! ACTIVATE-VENV-SEE-BELOW !>
pip install .
shencode -h

To activate the virtual environment use the following command:

• Windows - .venv\bin\activate
• Linux - source .venv/bin/activate

Release Notes

• general - code cleanup
• dependencies - updated
• encoder/alphanum - padding and nasm fix
• encoder/bytebert - padding fix
• encoder/xorchain - new encoder module
• obfuscate/qrcode - added --reverse option to convert the qr code back to raw binary
• utils/interactive - changed the config command to config_print, config_restore and config_save

References

• Byte-Swapping
• In-Memory Decoder
• Function Name Hashing
• Win32API with python3 injection
• Violent python: XOR Encryption
• How to easily encrypt file in python

Footnotes

1. Byteswapping Blog Post ↩

2. Polymorphic XOR decoder Blog Post ↩

3. hasherezade ↩

4. feed uses a diceware wordlist ↩