View Issue Details

IDProjectCategoryView StatusLast Update
0005231Kali Linux[All Projects] New Tool Requestspublic2019-12-02 13:57
Reporterakozlov Assigned To 
Status closedResolutionwon't fix 
Product Versionkali-dev 
Target VersionFixed in Version 
Summary0005231: Shellcode Cleaner
Description- [Name] - Shellcode Cleaner
- [Version] - Most recent release is
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] -
- [Download] -
- [Author] - Alex Kozlov
- [Licence] - Freely Redistributable under GNU GPL. I only ask that I be credited in the help doc, which I can add myself if need be.
- [Description] - A tool to clean up your shellcode by removing unnecessary characters (newlines, semicolons, quotes, even the '\x' escape character if need be) from shellcode that's pasted into the tool. You run the tool if the command line arguments of what you want to strip, paste the shellcode, hit Control+D, and it will output the stripped result. Great for converting MSFVenom payloads into a string that can be pasted into existing exploit code, and can also be used to perform binary paste operations since spaces are also stripped from the shellcode by default.
- [Dependencies] - Python 2.7 with sys, getopt, argparse modules (I think these are included by default), bash, root privileges needed to install
- [Similar tools] -Unsure really. I guess you can cat a file and do these operations with bash but here you can just paste the shellcode directly, hit control + d, and you have your payload.
- [How to install] - If you wish to install it you'll just run "./" as sudo/root user, then you can call the program like any other. As a standalone script you just run "python"
- [How to use] :
Say you generated a shell with MSFVenom and it comes out with semicolons and quotation marks and newline characters, but you just want the hex byte with "\x".

Run "shellcode-cleaner -nrqs", paste your shellcode, hit control +d, and voila, your shellcode is ready to be used.
Additional InformationLet me know if you need anything else!



2019-02-01 03:16

reporter   ~0010248

Product Version was meant to be Kali's current rolling distribution (2019.1), not kali dev


2019-02-08 15:52

reporter   ~0010273

I have packaged my tool into a .deb file and adjusted the file to meet the Debian Package Security standards as far as I understand them. Can someone let me know the next step for me to take? Should i reach out to the debian package security team?


2019-02-13 18:01

reporter   ~0010296

The script has been updated to version 1.01:
-You can now insert the "\x" hex escape character before each set of hex bytes.
-Since I will now be packaging each release as a .DEB file, the "" method may be deprecated in the future.

Could someone please let me know the next steps for me to submit my .DEB file as a package? Should I send an email to the Debian Security Team?


2019-02-21 17:00

reporter   ~0010349

The script has been updated to version 1.02:
-Additional flags have been added
-It's now possible to prepend characters to hex bytes as well as remove them! You can now prepend a percentage (%) sign, a unicode (%u) symbol, or a hex escape (\x) character.

Adding hex bytes.png (86,657 bytes)
Adding hex bytes.png (86,657 bytes)


2019-12-02 13:57

administrator   ~0011553

This is python 2.7

Issue History

Date Modified Username Field Change
2019-01-31 03:32 akozlov New Issue
2019-02-01 03:16 akozlov Note Added: 0010248
2019-02-08 15:52 akozlov Note Added: 0010273
2019-02-13 18:01 akozlov Note Added: 0010296
2019-02-17 09:15 steev Summary Pitching my tool here. It's a program that you paste your shellcode into, and it will clean it up for you. => Shellcode Cleaner
2019-02-21 17:00 akozlov File Added: Adding hex bytes.png
2019-02-21 17:00 akozlov Note Added: 0010349
2019-12-02 13:57 g0tmi1k Note Added: 0011553
2019-12-02 13:57 g0tmi1k Status new => closed
2019-12-02 13:57 g0tmi1k Resolution open => won't fix