| Features | Shellter Free | Shellter Pro | Shellter Elite |
|---|---|---|---|
| Basic Polymorphism | Y | Y | Y |
| Basic Encoding | Y | Y | Y |
| Basic User-Defined Encoding Sequence | Y | Y | Y |
| Dynamic Thread Context Key (Experimental) | Y | Y | Y |
| IAT Handlers | Y | Y | Y |
| MSF Compatible Stagers | Y | Y | Y |
| Custom Payload Support | Y | Y | Y |
| Reflective DLL Payloads Support | Y | Y | Y |
| Preserve target PE Functionality (Stealth Mode) | Y | Y | Y |
| 32-bit PE (.exe) support | Y | Y | Y |
| 32-bit PE (.dll) support | Y | Y | |
| 64-bit PEs (.exe, .dll) support | Y | Y | |
| PE Target Compatibility Check | Y | Y | |
| Graphical User Interface | Y | Y | |
| Standalone Encoder | Y | Y | |
| Advanced Polymorphism | Y | Y | |
| Enhanced Anti-AV Signature Technology | Y | Y | |
| Advanced Multi-Layered Encoding | Y | Y | |
| Advanced User-Defined Encoding Sequence | Y | Y | |
| PE Target Size Increase for AV Pre-Filter Evasion | Y | Y | |
| Extra Built-In MSF Compatible Stagers | Y | Y | |
| Multi-Payload Chaining | Y | Y | |
| Advanced Stealth Mode Reliability support | Y | Y | |
| Execution Flow Data Files | Y | Y | |
| Execution Flow Tracing Using Target PE-Specific Arguments | Y | Y | |
| MSF Console Scripts Generator (Applies to embedded stagers) | Y | Y | |
| CertPlay (Restore/Replace/Add Certificates In PE targets ) | Y | Y | |
| Large Payloads Support | Y | Y | |
| PE target Relocations Support (Dynamic Image Base) | Y | Y | |
| MSF5/6 Compatible Embedded Stagers | Y | Y | |
| Discord Server (Access to a private server where we discuss potential improvements and exchange tips and hints with our customers.) | Y | ||
| Advanced Debugger Detection (KM + UM) (Payloads won’t fire if detected. Can be combined with ‘Decoy Payloads’ feature to conceal real functionalities and/or tamper with automated sandbox analysis results.) | Y | ||
| Advanced VM/Sandbox Detection (Type 1 + Type 2 Hypervisors) (Payloads won’t fire if detected. Can be combined with ‘Decoy Payloads’ feature to conceal real functionalities and/or tamper with automated sandbox analysis results.) | Y | ||
| Decoy Payloads (Execute if DBG/VM are detected. See above.) | Y | ||
| Advanced Self-Unhooking | Y | ||
| Advanced Heuristic Unlinking of AV/EDR Modules | Y | ||
| Advanced Native Imports Redirection For Loaded Modules | Y | ||
| Advanced Native SysCalls-Based Runtime Evasion | Y | ||
| Advanced Stealth Payload Thread Creation (Applies to the main thread of the payload) | Y | ||
| Advanced Self-Process and Payload Threads Protection | Y | ||
| Advanced ETW Evasion (Applies to the process executing your payload) | Y | ||
| Enhanced ETW Evasion (Applies to the process executing your payload) | Y | ||
| Advanced AMSI Evasion (Applies to the process executing your payload) | Y | ||
| Enhanced AMSI Evasion (Applies to the process executing your payload) | Y | ||
| AES-128 Payload Encryption (Embedded + Network fetched keys) | Y | ||
| Ambush Payload Execution (Keeps payloads in hibernation until a specified benign DLL is loaded by the process) | Y | ||
| Anti-DLL Load Monitoring (Removes user-mode callbacks registered to monitor DLL modules loading events) | Y | ||
| Dynamic checks of newly loaded modules against hooks and other artefacts. (Intercepts module load events in real time) | Y | ||
| Enhanced Application DLL Backdooring | Y | ||
| Enhanced Windows Built-In Modules Compatibility | Y | ||
| Targeted Runtime Evasion | Y | ||
| Memory Scan Evasion (Removes suspicious access permissions from all proprietary memory allocations, encodes/decodes functions and data members on the fly and cleans dynamically-built strings from current thread’s stack memory) | Y | ||
| CallStack Scan Evasion (Tampers with callstack information in order to evade detection rules that are based on kernel ETW information.) | Y | ||
| Total Recall (Eradicate in-memory traces of our code under certain circumstances) | Y | ||
| Infected Binary Watermarking (Insert a user-defined watermark to help clients identify infected binaries during/post security engagements) | Y | ||
| Code Signing (Optionally generates customised self-signed certificates and signs the infected binaries). | Y | ||
| Force Unhooking System Modules via File-Mappings (Offers an alternative unhooking method while simultaneously evading kernel mode callbacks inserted by EDRs to monitor new module loading events.) | Y | ||
| Force Preload System Modules (Provides a safer method for preloading system modules commonly used by C2 beacons and other third-party payloads to perform various system-level tasks.) | Y | ||
| Self-Disarm (Specify a number of days after which payload execution in the infected binary will be deactivated.) | Y | ||
| TimeBomb (Specify a delay in milliseconds for the payloads execution to begin.) | Y | ||
| Slow Loris (Enables lazy loading by inserting delays in frequently executed paths of our code.) | Y | ||
| VM/Host Whitelisting (Only activate payload execution inside a specific VM and/or physical host.) | Y | ||
| Remotely Stored Payloads (Optionally store the encrypted payloads in a remote host instead of having them embedded in the infected binary. Further secure the payloads from future analysis, while maintaining low entropy of the binary.) | Y | ||
| Increased Max-Allowed Payload Size (Custom payloads up to 25MBs each.) | Y | ||
| Payload Compression (Compress payloads to reduce their size.) | Y | ||
| Configuration Templates (Effortlessly load your preferred settings using configuration file templates.) | Y | ||
| Loader GuardRails ( Further control payload execution based on specific host criteria.) | Y | ||
| Extended VM WhiteListing (Enables whitelisting of virtual machines joined to specific domains and/or Azure tenants.) | Y | ||
| Entropy Balancer (Automatically manages entropy adjustments within the infected PE file.) | Y | ||
| Ghost Infection (Additional binary infection method aiming to offer enhanced concealing of the injected code structure.) | Y | ||
| Persistent Runtime Evasion (Enables our loader to perform continuous runtime-evasion checks throughout the lifetime of the hosting process.) | Y | ||
| Persistent Debugger Detection (Offers more fine-grained control over user-mode debugger detection.) | Y |
Disclaimer
We strictly oppose and do not condone any illegal activities. This software is provided solely to assist ethical hackers in their professional tasks, such as Penetration Testing and Red Team engagements. The author of this software and INSAINTED LTD disclaim any responsibility for unlawful actions or damages resulting from the use of this software.