ShellNoob - A shellcode writing toolkit


Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!


+ convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm. (All details in the “Formats description” section.)
+ interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode and you want to figure out if a specific assembly instruction will cause problems.
+ support for both ATT & Intel syntax. Check the –intel switch.
+ support for 32 and 64 bits (when playing on x86_64 machine). Check the –64 switch.
+ resolve syscall numbers, constants, and error numbers (now implemented for real! :-)).
+ portable and easily deployable (it only relies on gcc/as/objdump and python). It is just one self-contained python script, and it supports both Python2.7+ and Python3+.
+ in-place development: you run ShellNoob directly on the target architecture!
+ built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.
+ “prepend breakpoint” option. Check the -c switch.
+ read from stdin / write to stdout support (use “-” as filename)
+ uber cheap debugging: check the –to-strace and –to-gdb option!
+ Use ShellNoob as a Python module in your scripts! Check the “ShellNoob as a library” section.
+ Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!
+ Extra plugins: binary patching made easy with the –file-patch, –vm-patch, –fork-nopper options! (all details below)


Changelog 24/4/2017:
+ Fixing c template for 64 bit

Formats description:

– “asm” – standard assembly. ATT syntax by default, use –intel to use Intel syntax. (see “asm as output” section for more details)
– “bin” – raw binary (‘\x41\x42\x43\x44’)
– “hex” – raw binary encoded in hex (‘41424344’)
– “obj” – an ELF
– “exe” – an executable ELF
– “c” – something ready to embed in a C program.
– “python”, “bash”, “ruby” – same here.
– “completec” – compilable C that properly set the memory as RWX (to support self-modifying shellcodes)
– “safeasm” – assembly that is 100% assemblable: sometimes objdump’s output, from which the “asm” is taken, is not assemblable. This will output the “raw” bytes (in .byte notation) so that it’s assemblable by “as”.
– “shellstorm” – The –from-shellstorm switch takes as argument a <shellcode_id>. ShellNoob will grab the selected shellcode from the shell-storm shellcode DB, and it will convert it to the selected format.


git clone && cd shellnoob
./ -h
./ -i --to-opcode
./ -i --to-asm

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.