Generate, encode, analyze, and export shellcode locally.
shellcodes is a browser-based workbench for authorized security testing. Build payloads, check bad characters, convert formats, and save repeatable configurations without server-side processing.
Live workflow
Linux x64 reverse TCP
Target
Linux x64
Analysis
74 bytes
Bad chars
0 found
Guided payload builder
Choose target, payload, network values, encoder pipeline, bad characters, and export format from one workflow.
Format converter
Paste C arrays, Python bytes, raw hex, or Base64 and convert to operator-ready output with byte analysis.
Reusable collections
Load built-in presets, duplicate them, or save your own configurations locally in the browser.
Trust & safety
Built for controlled, authorized testing.
The app is intentionally scoped for labs, research, education, and defensive validation. Generation and encoding happen after the UI loads in your browser through the WASM core.
Local first
No server-side shellcode generation path.
Transparent output
View formatted bytes, assembler, hex, and analysis.
Operator speed
Copy listener commands and export payloads quickly.
Repeatability
Save known-good configurations in browser storage.
Start with a preset, then adapt it to your lab.
Use the Builder for payload generation, Converter for format changes, and Collections to keep repeatable configurations close.
Build your first payload100% client-side. Built for authorized security testing only.