Exploitationpayloadshellcodedevelopmentassemblyexploits

Sickle PDK

Sickle is a payload development kit for crafting shellcode and non-binary payloads for exploits. It supports modules primarily aimed at assembly but is not limited to shellcode.

Description

Sickle is a payload development kit originally created to aid in crafting shellcode, however it can be used in crafting payloads for other exploit types as well (non-binary). Although the current modules are mostly aimed towards assembly this tool is not limited to shellcode.

It is useful for security researchers and penetration testers developing custom payloads for exploits. The tool provides a framework with various modules to generate, manipulate, and format payloads while avoiding bad characters and supporting different architectures.

Sickle integrates with disassembly and assembly engines like capstone and keystone for handling shellcode operations.

How It Works

Sickle operates by reading shellcode or binary input, applying development modules for payload crafting, and outputting in specified formats. It uses architecture-specific disassembly and assembly via dependencies like python3-capstone and python3-keystone-engine. Options allow filtering bad characters, variable naming, and listing formats or modules.

Installation

bash
sudo apt install sickle-pdk

Flags

-h, --helpShow this help message and exit
-r, --read READRead bytes from binary file (use - for stdin)
-p, --payload PAYLOADShellcode to use
-f, --format FORMATOutput format (--list for more info)
-m, --module MODULEDevelopment module
-a, --arch ARCHSelect architecture for disassembly
-b, --badchars BADCHARSBad characters to avoid in shellcode
-v, --varname VARNAMEAlternative variable name
-iInteractive mode (inferred from usage)
-l [LIST]List formats or modules

Examples

Show the help message and usage information
sickle-pdk -h
Read bytes from a binary file for payload processing
sickle-pdk -r file.bin
Read bytes from stdin for payload development
sickle-pdk -r -
Use specified shellcode as input payload
sickle-pdk -p shellcode.bin
Output payload in C format
sickle-pdk -f c
Apply a specific development module
sickle-pdk -m module_name
Select x86 architecture for disassembly
sickle-pdk -a x86
Avoid specified bad characters in shellcode
sickle-pdk -b '\x00\x0a'
Updated 2026-04-16kali.org ↗