DllShimmer
MIT๐ฅ Exploitation ยท Go
DllShimmer automates the exploitation of DLL hijacking vulnerabilities by generating proxy DLLs that perfectly mimic the export address table of the target DLL. When a vulnerable application loads the generated DLL, it transparently forwards all legitimate function calls to the original DLL while executing attacker-controlled code. The tool generates C++ boilerplate for the backdoor payload, handles export matching, and produces ready-to-compile Visual Studio projects. Significantly reduces the manual effort in weaponizing DLL hijack opportunities found during engagements.
Installation
$ go install github.com/Print3M/DllShimmer@latestUse Cases
- Weaponizing DLL hijacking vulnerabilities
- Generating proxy DLLs for persistence
- Red team payload delivery via DLL side-loading
- Testing application DLL search order vulnerabilities
Tags
Details
- Category
- ๐ฅ Exploitation
- Language
- Go
- Repository
- Print3M/DllShimmer
- License
- MIT
- Platforms
- ๐ชwindows
Links
Community Reviews
Alternatives & Comparisons
More in Exploitation
Metasploit Framework
RubyThe world's most used penetration testing framework. Exploit development, payload delivery, post-exploitation.
BloodHound
GoActive Directory attack path mapping. Visualizes privilege escalation paths using graph theory.
Impacket
PythonCollection of Python classes for working with network protocols. Essential for Windows/AD pentesting.
CrackMapExec
PythonSwiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.
Evil-WinRM
RubyUltimate WinRM shell for pentesting. Upload/download, in-memory PowerShell, DLL injection, pass-the-hash.
Covenant
C#.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.