Shellzor is a XOR-based shellcode framework that encodes and decodes shellcode for evasive execution on Windows and Linux targets via .bin files.
XOR shellcode framework
This tool is designed for penetration testers and red teamers who want to obfuscate their shellcode to evade detection by security solutions. Users can encode their raw shellcode into an XOR-obfuscated .bin format and then execute it on target machines using provided executors, enhancing stealth during exploitation.
Users must ensure the XOR key is a valid hexadecimal string and consistent between encoding and execution. The tool focuses on evading detection by using .bin shellcode format rather than executable files, but overall evasion depends heavily on the shellcode content itself. The author disclaims liability for misuse, so use responsibly within legal and ethical boundaries.
Generate or obtain raw shellcode in hexadecimal format (e.g., using Metasploit with -f raw)
Save the shellcode as a .bin file using echo command (e.g., echo -ne "\x90\x90\x90" > shellcode.bin)
Use the obfuscator tool provided in the repository to encode the .bin shellcode with a hexadecimal key
Save the obfuscated shellcode output to a .bin file using the echo command
Transfer the obfuscated shellcode .bin file to the target machine
Copy the appropriate executor binary (windows_executor or linux_executor) to the target machineecho -ne "\x90\x90\x90" > shellcode.bin
Create a raw shellcode .bin file from hexadecimal bytes
obfuscator.py -i shellcode.bin -k <hex_key> -o obfuscated_shellcode.bin
Encode the raw shellcode using a hexadecimal XOR key and output to a new .bin file
./windows_executor obfuscated_shellcode.bin <hex_key>
Execute the XOR-obfuscated shellcode on a Windows target by providing the same key used for encoding
./linux_executor obfuscated_shellcode.bin <hex_key>
Execute the XOR-obfuscated shellcode on a Linux target by providing the same key used for encoding