NullSec Payloads
February 27, 2026 · View on GitHub
███▄ █ █ ██ ██▓ ██▓ ██████ ▓█████ ▄████▄
██ ▀█ █ ██ ▓██▒▓██▒ ▓██▒ ▒██ ▒ ▓█ ▀ ▒██▀ ▀█
▓██ ▀█ ██▒▓██ ▒██░▒██░ ▒██░ ░ ▓██▄ ▒███ ▒▓█ ▄
▓██▒ ▐▌██▒▓▓█ ░██░▒██░ ▒██░ ▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒
▒██░ ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█░░░░░░░░░░░░░░░░░ P A Y L O A D S ░░░░░░░░░░░░░░░░░░░░░░░█
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
bad-antics
Overview
Curated collection of payloads, shellcode, and exploit templates for the NullSec toolkit ecosystem. Designed for integration with NullSec tools and authorized penetration testing.
Structure
nullsec-payloads/
├── shellcode/
│ ├── linux/
│ │ ├── x64/
│ │ └── x86/
│ └── windows/
│ ├── x64/
│ └── x86/
├── webshells/
│ ├── php/
│ ├── asp/
│ ├── jsp/
│ └── python/
├── reverse-shells/
│ ├── bash/
│ ├── python/
│ ├── powershell/
│ └── compiled/
├── bind-shells/
├── staged/
├── encoders/
├── templates/
│ ├── bof/
│ ├── rop/
│ └── format-string/
└── configs/
├── c2/
└── evasion/
Categories
Shellcode
Pre-built position-independent shellcode for various platforms and architectures.
Web Shells
Minimal and obfuscated web shells for post-exploitation persistence.
Reverse Shells
One-liners and compiled reverse shells in multiple languages.
Bind Shells
Bind shell implementations for network pivoting.
Staged Payloads
Multi-stage payloads for constrained environments.
Templates
Exploit development templates for common vulnerability classes.
Usage
All payloads are designed to work with NullSec tools:
# With nullsec-shellcraft
nullsec-shellcraft --use-payload linux/x64/reverse_tcp
# With nullsec-memcorrupt
nullsec-memcorrupt --template bof --payload staged/http
# Direct use
cat payloads/shellcode/linux/x64/execve.bin | xxd
Warning
⚠️ For authorized security testing only ⚠️
These payloads are provided for legitimate security research and authorized penetration testing. Unauthorized use is illegal.
License
NullSec Proprietary
