Skip to content

Releases: zenyyxz/ShellForge

ShellForge V3

12 Sep 12:53
@zenyyxz zenyyxz
v3
280e481
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
ShellForge V3 Latest
Latest

ShellForge v3.0: Enhanced Metasploit payload generation tool for ethical lab use.

  • Expanded payload catalog (binary, script, web: Python, PowerShell, Node.js, JSP, ASP).
  • Plugin system with sample_plugin.py.
  • Interactive CLI, embedded listener, and safety-focused dry-run logging.
  • Fixed datetime.utcnow() deprecation.
  • See README.md for full details.
Assets 4
Loading

ShellForge v0.2

15 Mar 21:11
@zenyyxz zenyyxz
v0.2
61f6084
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
ShellForge v0.2

ShellForge v0.2

image

ShellForge is a powerful tool designed for ethical hacking and penetration testing. It allows you to generate and embed Android payloads into legitimate APK files and start Metasploit listeners directly from the tool.

Features

  • Generate Android payloads using msfvenom.
  • Embed payloads into legitimate APK files.
  • Start Metasploit listeners for reverse TCP connections.
  • Easy-to-use menu-driven interface.

Disclaimer

This tool is intended for educational and ethical purposes only. Use it responsibly and only on systems you own or have explicit permission to test. The developers are not responsible for any misuse of this tool.

Installation

Clone the Repository

git clone https://github.com/zenyyxz/ShellForge.git 
cd ShellForge

Usage

  1. Generate the payload:
    • Run the tool 
      python3 shellforgev2.py
    • Select option 1 to generate a payload.
    • provide the path to a legitimate APK file, your LHOST, LPORT, and the output file name.
  2. Start the Listener
    • Provide the LHOST and LPORT to start the listener

Important Notes

  • use a VPS server for more stealth attacks: For better privacy and stealth, use a VPS server as a listener. This ensures your public IP is not exposed directly
  • Avoid VPN/Proxies: Do not use VPNs or Proxies when implementing the attack. The reverse connection will not establish if the public IP is hidden by the VPN or Proxy.

Dependencies

Ensure the following tools are installed on your system:

  • apktool
  • zipalign
  • jarsigner (provided by default-jdk-headless)
  • Metasploit Framework

You can install the dependencies on Debian-based systems using:

sudo apt update && sudo apt install apktool zipalign default-jdk-headless metasploit-framework

Contributions

Contributions are welcome! Feel free to open issues or submit pull requests.

License

This project is licensed under the GNU GENERAL PUBLIC LICENSE.

Loading