This is a WIP tool that performs shellcode obfuscation in x86 instruction set.
Main reason for having a shellcode obfuscator is bypassing any static or run-time signature detections implemented by IDS or AV products. As an example, take Metasploit. Its shellcode payloads have been public for many years and by now most major IDS/AV solutions are able to detect them by searching their vast databases of malware signatures.
requirements:
+ python 2.7x
+ distorm3
+ All Operating System Support
Latest change 7/6/2016:
+ x86obf.py Execution flow obfuscation added
Usage:
git clone https://github.com/kgretzky/python-x86-obfuscator && cd python-x86-obfuscator pip install distorm3 Example1: python x86obf.py -i shellcode\test1.bin -o output.bin Example 2: python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184 python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184 -p 4 python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184 -p 2 -f 10 Example3: python x86obf.py -i shellcode\msg_box.bin -o output.bin -r 0-19 If you want to run and test any obfuscated or not obfuscated shellcode, you can use the attached run_shell.py script: python run_shell.py -i shellcode\exec_calc.bin
Source: https://github.com/kgretzky