Shellcode

Search…
Shellcode
Dynamically Reverse-Engineer Code
shcode2exe
Convert 32 and 64-bit shellcode to a Windows executable file.
Website: https://github.com/accidentalrebel/shcode2exe
Author: Karlo Licudine: https://twitter.com/accidentalrebel
License: GNU General Public License (GPL) v3.0: https://github.com/accidentalrebel/shcode2exe/blob/master/LICENSE
State File: remnux.scripts.shcode2exe​
shellcode2exe.bat
Convert 32 and 64-bit shellcode to a Windows executable file.
Website: https://github.com/repnz/shellcode2exe
Author: Ori Damari: https://twitter.com/0xrepnz
License: Free, unknown license
Notes: Use full path name to specify the input file; look for the output file in /usr/local/shellcode2exe-bat
State File: remnux.tools.shellcode2exe-bat​
scdbg
Analyze shellcode by emulating its execution.
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152
Author: David Zimmer
License: Free, unknown license
Notes: scdbg (GUI), scdbgc (console). Due to a compatibility issue, this tool is not available on an Ubuntu 20.04 SIFT Workstation system to which REMnux was added.
State File: remnux.packages.scdbg​
runsc
Run shellcode to trace and analyze its execution.
Website: https://github.com/edygert/runsc
Author: Evan Dygert: https://twitter.com/edygert
License: MIT License: https://github.com/edygert/runsc/blob/main/LICENSE
Notes: Use the tracesc command to execute runsc within Wine in a way that traces the execution of shellcode. WARNING! This wrapper will actually execute the shellcode on the system, which might lead to your system becoming infected. Only use this wrapper in an properly configured, isolated laboratory environment, which you can return to a pristine state at the end of your analysis.
State File: remnux.packages.runsc​
Speakeasy
Emulate code execution, including shellcode, Windows drivers, and Windows PE files.
Website: https://github.com/fireeye/speakeasy
Author: FireEye Inc, Andrew Davis
License: MIT License: https://github.com/fireeye/speakeasy/blob/master/LICENSE.txt
Notes: To run the tool, use speakeasy, emu_exe.py, and emu_dll.py commands.
State File: remnux.python3-packages.speakeasy​
Qiling
Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.
Website: https://www.qiling.io
Author: https://github.com/qilingframework/qiling/blob/master/AUTHORS.TXT
License: GNU General Public License (GPL) v2.0: https://github.com/qilingframework/qiling/blob/master/COPYING
Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started.
State File: remnux.python3-packages.qiling​
Bitdefender Disassembler (bddisasm)
Disassemble 32 and 64-bit assembly instructions and emulate shellcode execution.
Website: https://github.com/bitdefender/bddisasm
Author: Bitdefender's HVI Team: https://bitdefender.com
License: Apache License 2.0: https://github.com/bitdefender/bddisasm/blob/master/LICENSE
Notes: disasmtool
State File: remnux.packages.bddisasm​
cut-bytes.py
Cut out a part of a data stream.
Website: https://blog.didierstevens.com/2015/10/14/cut-bytes-py/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
State File: remnux.scripts.cut-bytes​
libemu
A library for x86 code emulation and shellcode detection
Website: https://github.com/buffer/libemu
Author: https://github.com/buffer/libemu/blob/master/AUTHORS
License: Free, unknown license
State File: remnux.packages.libemu​
XORSearch
Locate and decode strings obfuscated using common techniques.
Website: https://blog.didierstevens.com/programs/xorsearch/
Author: Didier Stevens: https://twitter.com/DidierStevens
License: Public Domain
Notes: xorsearch
State File: remnux.packages.xorsearch​
General
Scripts
Last modified 7mo ago
Copy link
Contents
Bitdefender Disassembler (bddisasm)
cut-bytes.py
libemu
XORSearch