DropForge – Payload Delivery Framework

Overview

DropForge is a modular offensive security framework designed for red team operations, controlled malware development research, and realistic payload delivery simulations.
It automates shellcode generation, AES encryption, dropper compilation, and timed C2-style delivery through a Flask-based server, enabling efficient and reproducible adversary emulation.

Features

Payload Generation

• Automated reverse shell creation (assembly → object → shellcode)
• Supports custom shellcode input
• Converts IP/Port into assembly instructions

AES Encryption Pipeline

• Encrypts payload using AES (Key, IV, Ciphertext)
• Outputs consolidated encrypted.txt
• Hex-based output for easy integration in loaders

Dropper & In-Memory Loader

• Memory-resident dropper written in C/Python
• Decrypts and executes payload fully in memory
• Avoids writing plaintext shellcode to disk

Server Delivery (C2-Style)

• Flask server provides delayed endpoints:
  • /get_key
  • /get_iv
  • /get_ciphertext
  • /get_payload
• Simulates staged payload/key delivery with timing delays

Installation

pip install pycryptodome flask

Usage

Run the automation script:

chmod +x runner.sh
./runner.sh

It will:

1. Ask for attacker IP, port, and server port.

2. Let you provide custom shellcode or generate a reverse shell.

3. Convert IP/Port → ASM.

4. Generate reverse shell assembly and object file.

5. Extract hex shellcode.

6. Encrypt it with AES.

7. Build dropper with in-memory loader.

8. Start server for key/IV/ciphertext delivery.

9. Once the dropper is executed on the target, you receive a reverse shell connection back to the attacker machine.

Architecture

DropForge/
├── runner.sh # Main automation script
├── dropper/
│ ├── loader.py # In-memory payload loader
│ └── loader.txt # Loader metadata/config
├── encryption/
│ └── encryptor.py # AES encryption module
├── outputs/
│ ├── custom_shellcode.txt # Custom shellcode
│ ├── encrypted.txt # Key, IV, ciphertext (hex)
│ ├── ip.txt # IP logs and temp storage
│ ├── loader.c # Dropper C source
│ ├── malware # Final compiled dropper binary
│ ├── revshell.asm # Reverse shell assembly
│ ├── revshell.o # Compiled object file
│ └── shellcode.txt # Final extracted shellcode
├── reverse/
│ ├── convertor.py # Shellcode format converter
│ ├── generator.py # Shellcode generator
│ └── shellcode.py # Shellcode utility functions
└── server/
└── server.py # Flask payload/key server

Sample Output

revshell.asm – Reverse shell assembly

revshell.o – Assembled object file

shellcode.txt – Final hex shellcode

encrypted.txt – Key + IV + ciphertext

malware – Final compiled dropper (binary)