Home

shellcraft

Shellcraft is a term used in computer security and exploit development to describe the programmatic construction of shellcode—small, executable machine code routines inserted into a running process to gain control or perform tasks. Rather than writing raw assembly by hand, researchers and developers use libraries and templates that generate architecture-specific code tailored to a given goal, such as spawning a shell or performing file and network operations.

One prominent implementation is the shellcraft module in the Pwntools framework. It provides a large collection

Supported architectures include x86 and x86_64, ARM and AArch64, MIPS, PowerPC, and others. In addition to spawning

Shellcraft promotes rapid payload generation but depends on the underlying environment and the target's syscall interface.

In practice, shellcraft is used by researchers, exploit developers, and red-team practitioners as part of broader

of
templates
for
many
processor
architectures
that
produce
position-independent
shellcode
for
common
tasks.
Users
can
request
a
shellcode
fragment
for
a
target
architecture
and
task,
and
the
library
returns
either
assembly
or
raw
machine
bytes
that
can
be
linked
into
a
payload.
a
shell,
shellcraft
can
generate
code
to
execute
system
calls,
read
or
write
files,
connect
to
or
listen
on
network
sockets,
and
perform
simple
string
or
I/O
operations,
often
with
options
to
avoid
null
bytes
or
to
specify
port
numbers
and
addresses.
Generated
code
must
be
validated
and
tested
in
a
controlled
setting;
writing
or
deploying
shellcode
without
authorization
is
illegal
in
many
jurisdictions.
tooling
for
binary
analysis,
fuzzing,
and
security
assessments.