ShellForge is a constraint-aware shellcode generator written in C99 that synthesises payloads for x86-64, x86-32, ARM Thumb, and MIPS architectures with bad-char avoidance built into the synthesis process rather than applied as a post-encoding step. Unlike msfvenom or pwntools, which generate templates and then encode them, ShellForge treats forbidden bytes as first-class constraints during instruction selection. Key engineering challenges covered include writing REX-free XOR decoder stubs that themselves avoid bad chars, implementing Windows PEB walking with ROR13 hashing for ASLR-resilient API resolution, and bridging a C shared library to Python via ctypes for sub-0.1ms synthesis. Benchmarks show ShellForge produces cleaner, smaller, and ~13,000x faster payloads than pwntools across 10 constraint profiles, with pwntools failing to verify its own output in one test case. The project is open source and includes a Flask REST API and HTML dashboard.
Sort: