Shellcraft is a modular Windows payload construction framework designed for red team operations and offensive security research.
It focuses on shellcode-driven execution, compiling native Windows binaries using reproducible C/C++ templates and static toolchains.
Shellcraft automates the process of:
- Consuming raw shellcode (msfvenom or external)
- Injecting shellcode into native Windows payloads
- Building a dropper + DLL execution chain
- Producing statically linked Windows binaries
The project is intended to be auditable, hackable, and extensible, rather than a black-box payload generator.
- Deterministic builds
- Template-driven payloads
- Minimal runtime dependencies
- Explicit execution flow
- Research-first, not “AV-bypass-first”
shellcraft/
├── shellcraft.py # Entry point
├── sources/
│ ├── payload_dll.cpp # Shellcode loader (DLL)
│ ├── dropper.cpp # Dropper executable
│ └── DefenderWrite.cpp # Helper binary- Shellcode is generated or loaded from disk
- Shellcode is embedded into payload_dll.cpp
- Payload DLL is compiled
- Dropper EXE is compiled
- Dropper stages execution on target
Shellcraft supports two input methods:
shellcraft --msf <LHOST> <LPORT> -o payload.exeshellcraft -s shellcode.bin -o payload.exe
Shellcode is treated as opaque input.No encoding, encryption, or mutation is applied by default.
- Linux
- Python ≥ 3.8
Metasploit Framework (optional)
MinGW-w64 (x86_64-w64-mingw32-g++)
payload.exe # Dropper
payload.dll # Shellcode DLL
DefenderWrite.exe # Helper binaryAll artifacts are designed to reside in the same directory at runtime.
No evasion or obfuscation layer
No in-memory-only execution
No automatic privilege escalation
Detection by modern EDRs is expected
Shellcraft is a framework, not a finished weapon.
Red team tradecraft experimentation
Payload development research
Windows execution-chain prototyping
Template-based payload engineering
This project is provided for authorized security testing and research only.
You are responsible for compliance with all applicable laws and engagement scopes.