Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!


  • convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm. (All details in the “Formats description” section.)

  • interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode and you want to figure out if a specific assembly instruction will cause problems.

  • Shellnoob support for both ATT & Intel syntax. Check the –intel switch.

  • Shellnoob support for 32 and 64 bits (when playing on x86_64 machine). Check the –64 switch.

  • Shellnoob resolve syscall numbers, constants, and error numbers (now implemented for real! :-)).

  • portable and easily deployable (it only relies on gcc/as/objdump and python). It is just one self-contained python script, and it supports both Python2.7+ and Python3+.

  • in-place development: you run ShellNoob directly on the target architecture!

  • built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.

  • “prepend breakpoint” option. Check the -c switch.

  • read from stdin / write to stdout support (use “-” as filename)

  • uber cheap debugging: check the –to-strace and –to-gdb option!

  • Use ShellNoob as a Python module in your scripts! Check the “ShellNoob as a library” section.

  • Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!

  • Extra plugins: binary patching made easy with the –file-patch, –vm-patch, –fork-nopper options! (all details below)



snoob [--from-INPUT] (input_file_path | - ) [--to-OUTPUT] [output_file_path | - ]


snoob -c (prepend a breakpoint (Warning: only few platforms/OS are supported!)
snoob --64 (64 bits mode, default: 32 bits)
snoob --intel (intel syntax mode, default: att)
snoob -q (quite mode)
snoob -v (or -vv, -vvv)
snoob --to-strace (compiles it & run strace)
snoob --to-gdb (compiles it & run gdb & set breakpoint on entrypoint)

Standalone "plugins"
snoob -i [--to-asm | --to-opcode ] (for interactive mode)
snoob --get-const <const>
snoob --get-sysnum <sysnum>
snoob --get-strerror <errno>
snoob --file-patch <exe_fp> <file_offset> <data> (in hex). (Warning: tested only on x86/x86_64)
snoob --vm-patch <exe_fp> <vm_address> <data> (in hex). (Warning: tested only on x86/x86_64)
snoob --fork-nopper <exe_fp> (this nops out the calls to fork(). Warning: tested only on x86/x86_64)

snoob --install [--force] (this just copies the script in a convinient position)
snoob --uninstall [--force]


cyborg@cyborg:~$ snoob open-read-write.asm --to-gdb
Converting open-read-write.asm (asm) into /tmp/tmpZdImWw (exe)
Reading symbols from /tmp/tmpZdImWw...(no debugging symbols found)...done.
(gdb) Breakpoint 1 at 0x8048054

Leave a reply


We're are building as a community and a team. Be a part of it.


©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?