Compile shellcode into an exe file from Windows or Linux.
- Can accept a shellcode blob or string (String format
\x5e\x31) - Can target both 32bit or 64bit Windows architecture.
- Cross platform. Works on Linux or Windows.
- No dependency on Wine when running on Linux
- Tested working with Python v3.10 and above
- Latest version tested working on Windows 11
Created mainly for malware analysis but can also be used for exploit development.
Inspired by shellcode2exe.
For Linux, install the above dependencies via a package manager.
$ sudo apt install nasm
$ sudo apt install binutils
For Windows, you can install nasm from here. As for the linker, you can get the 64-bit version of ld.exe by installing MingW-w64.
As an alternative, pre-compiled binaries are included in the tools/ directory. To use them:
Command Prompt:
set PATH=%CD%\tools\nasm;%CD%\tools\linkers;%PATH%
python shcode2exe.py -o output.exe test.binPowerShell:
$env:PATH = "$PWD\tools\nasm;$PWD\tools\linkers;$env:PATH"
python shcode2exe.py -o output.exe test.binNote: It is advisable to install the latest versions directly using the official installers above for production use.
usage: shcode2exe.py [-h] [-o OUTPUT] [-s] [-a {32,64}] input
Compile a binary shellcode blob into an exe file. Can target both 32bit or 64bit architecture.
positional arguments:
input The input file containing the shellcode.
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Set output exe file.
-s, --string Set if input file contains shellcode in string format.
-a {32,64}, --architecture {32,64}
The windows architecture to use
Load a file with shellcode in the format of a string
$ cat test.txt
\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8b\xec\x55\x8b\xec\x68\x65\x78\x65\x20\x68\x63\x6d\x64\x2e\x8d\x45\xf8\x50\xb8\x44\x80\xbf\x77\xff\xd0
$ ./shcode2exe.py -s -o test-string.exe test.binLoad a file with shellcode in the format of a blob
$ ./shcode2exe.py -o test-blob.exe test.binUse 64 bit architecture for the output (32 bit is the default)
$ ./shcode2exe.py -o test-blob.exe -a 64 test.bin
$ file test-blob.exe
test-blob.exe: PE32+ executable (console) x86-64 (stripped to external PDB), for MS WindowsI've included two samples in this repository.
- test.bin - Is a file containing a shellcode blob
- test.txt - Is a file containing a shellcode string
You can also generate shellcode samples using the Metasploit tool msfvenom.
Here's an example on how to generate a simple Windows exec payload:
$ msfvenom -a x86 --platform windows -p windows/exec cmd=calc.exe -o test2.binProgram appends the shellcode binary to a barebones assembly file using the incbin macro. It is then automatically compiled using NASM and then linked using GNU Linker (ld).
- Single binary release for easy deployment (So no need for Python)
- f4yd4-s3c - Fix to hide console window on Windows execution
Feel free to submit a pull request if you want to improve this tool!