DllShimmer vs Donut
GitHub Stats
About DllShimmer
DllShimmer automates the exploitation of DLL hijacking vulnerabilities by generating proxy DLLs that perfectly mimic the export address table of the target DLL. When a vulnerable application loads the generated DLL, it transparently forwards all legitimate function calls to the original DLL while executing attacker-controlled code. The tool generates C++ boilerplate for the backdoor payload, handles export matching, and produces ready-to-compile Visual Studio projects. Significantly reduces the manual effort in weaponizing DLL hijack opportunities found during engagements.
About Donut
Donut is a position-independent code generation tool that creates x86 or x64 shellcode payloads from .NET assemblies, PE files, DLLs, and VBS/JS/XSL files. The generated shellcode can load and execute the payload entirely in memory without touching disk, making it extremely useful for AV/EDR evasion. Donut supports encryption (Chaskey cipher), decoy module loading, and CLR bootstrapping for .NET payloads. It's a critical component in modern red team toolchains.
Platform Support
Tags
Shared
DllShimmer only
Donut only