This repository collects interesting shellcode loaders for Red Team operations and security research.
| No. | Project URL | Description | Country |
|---|---|---|---|
| 1 | JoJoLoader | Helps Red Team members generate undetectable Trojans with one click, implemented in Rust (by_hyyrent). | ๐จ๐ณ CN |
| 2 | S-inject | A Windows injection tool for DLL+Shellcode evasion. Lists various methods and recommends pairing with other techniques for evasion flexibility. | ๐จ๐ณ CN |
| 3 | RingQ | One-click tool for evading detection and enabling CS, fscan, mimikatz, and more. | ๐จ๐ณ CN |
| 4 | No_X_Memory_ShellCode_Loader | Loads ShellCode without executable permissions. Not directly for generating undetectable Trojans. | ๐บ๐ธ EN |
| 5 | dataBrawl | A framework for generating undetectable Trojans and shellcode. Maintenance paused during major events, core templates removed. | ๐จ๐ณCN |
| 6 | GoBypassAV | Evasion tool written in Go, supports automated random encryption and decryption. | ๐จ๐ณ CN |
| 7 | ApexLdr | DLL payload loader developed in pure C. | ๐บ๐ธ EN |
| 8 | BinarySpy | A tool to manually or automatically patch shellcode into binary files for evasion. | ๐จ๐ณ CN |
| 9 | BinHol | Inserts malicious code into PE binaries using three different methods. | ๐จ๐ณ CN |
| 10 | BypassA | A post-exploitation evasion tool based on PE Patch technology, only supports x64. | ๐จ๐ณ CN |
| 11 | go-bypass-loader | Shellcode loader for evasion implemented in Go. | ๐จ๐ณ CN |
| 12 | PECracker | Evasion and countermeasure tool for PE file separation. | ๐จ๐ณ CN |
| 13 | SilovLoader | A Rust-based loader designed for speed and minimal detection vectors. Popular in Russian research circles. | ๐จ๐ณ CN |
| 14 | GhostPatch | A stealthy loader for shellcode leveraging advanced PE patching techniques. | ๐บ๐ธ EN |
| 15 | HellBunny | Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks | ๐บ๐ธ EN |
| 16 | RWX_MEMEORY_HUNT_AND_INJECTION_DV | Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. | ๐บ๐ธ EN |
| 17 | C_Sep_Loader | ไธไธช็ฎๅ็่ฟ็จๅ็ฆป็ๅ ่ฝฝๅจ,ๅ ๆๅฝๅ ๅคง้จๅๆ่ฝฏ(360 ็ซ็ป Windows Defender ้ๅฑฑๆฏ้ธ ็ต่็ฎกๅฎถ) | ๐จ๐ณ CN |
| 18 | SigFlip-DLLHijack | SigFlipไธ็ฝๅ ้ป็ๅฎ็พ็ปๅใ | ๐จ๐ณ CN |