nullsploit: A Custom Python Exploitation Framework Built From Scratch
Author: | Category: tools
Metasploit is great. It’s also a black box that a lot of people use without ever thinking about what’s happening underneath.
nullsploit exists for the opposite reason — to build an exploitation framework from scratch, understand every moving part, and end up with something that’s genuinely useful for demonstrating the impact of unpatched vulnerabilities to clients who need to see it to believe it.
It’s a work in progress. But what’s already there is stable, functional, and built on solid fundamentals.
What nullsploit currently includes
Custom encoder — Rather than relying on an existing encoding implementation, nullsploit has its own. If you want to understand how shellcode encoding actually works — why it exists, what it’s doing to the payload, and how decoders are prepended and executed — reading and modifying this is a better education than any tutorial.
Custom payload handler — Manages the connection side of the exploit once the payload executes. Currently supports WinExec API calls and a bind shell. More payloads in progress.
Stable exploit modules — The available exploits are designed to be reliable across multiple Windows versions and configurations. A working demonstration of the WorldMail IMAP exploit module is shown below.
Why build your own framework?
Using Metasploit during a real engagement is entirely reasonable — it’s a professional tool and there’s no shame in using it. But if your mental model of exploitation is “select module, set RHOST, run” then you’re missing most of what’s actually happening.
Building nullsploit meant making decisions that Metasploit already made for you — how the encoder works, how the handler manages staged vs stageless payloads, how exploit modules are structured and called. Every one of those decisions taught something. The bugs taught more.
If you’re serious about exploit development beyond following tutorials, building something — even something small — is worth more than a hundred hours of reading about it.
Get the project
nullsploit is open source and available on GitHub:
https://github.com/thexerocouk/nullsploit
Pull it down, read the source before you run it, and have a go at adding your own exploit module. That’s the exercise that makes it worthwhile.
