From 78cb8ad1166ea1ce17ca1cf1043498deb37d59f0 Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Thu, 19 Jun 2025 20:46:21 +0200
Subject: [PATCH] feature: add doc in project

---
 app/static/styles.css    |  5 ++-
 app/templates/index.html | 86 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/app/static/styles.css b/app/static/styles.css
index 6919cfe..bbfa829 100644
--- a/app/static/styles.css
+++ b/app/static/styles.css
@@ -40,9 +40,12 @@
   }
   
   .indent {
-    margin-top: 1em;
+    margin-top: 1.0em;
     margin-left: 1em; 
   }
+  .indent h3 {
+    margin-top: 0.7em;
+  }
   
   .matchesview {
     padding-left: 4px !important;
diff --git a/app/templates/index.html b/app/templates/index.html
index f541191..91c3575 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -10,6 +10,92 @@
 
     <h1> SuperMega </h1>
 
+    <h3>Shellcode</h3>
+    <code>--shellcode &lt;filename.exe&gt; </code><br>
+
+    The payload shellcode, like your CobaltStrike beacon. Should be x64. <br>
+    Located in the <code>data/binary/shellcodes/</code> directory. <br>
+    
+
+    <h3>Injectable</h3>
+    <code>--inject &lt;filename.exe&gt; </code><br>
+
+    A 64-bit Windows PE executable used as a trojan. The shellcode will be injected in this EXE. 
+    The original functionality of the EXE will not work anymore (it will only execute the carrier
+    with the shellcode it is carrying)
+    <br>
+    Located in the <code>data/binary/exes/</code> directory. <br>
+    
+
+    <h3>Carrier</h3>
+    <code>--carrier &lt;carrier_name&gt;</code> <br>
+
+    The code which loads the payload shellcode. This includes allocating memory, 
+    changing its permissions, and then finally executing it. It has the main() function 
+    (and will include Decoder, Anti-Emulation, and Guardrail modules).<br>
+    Located in the <code>data/source/carrier</code> directory <br>
+
+    <ul>
+      <li>alloc_rw_rx: Allocate RW memory, copy payload, then make it RX. <b>Recommended</b>.</li>
+      <li>alloc_rw_rwx: Same as alloc_rw_rx, but useful for self-modyfing payloads (e.g. ShikataGaNai)</li>
+      <li>change_rw_rx: Change the memory permissions of the payload to RW, decode, then RX (no copying)(see payload location)</li>
+      <li>dll_loader_alloc:</li>
+      <li>dll_loader_change</li>
+    </ul>
+
+    The shellcode has a payload location of either::
+    
+    <ul>
+      <li>.rdata</li>
+      <li>.text</li>
+    </ul>
+    
+    With <code>--payload_location &lt;carrier_name&gt;</code>. Depending on the carrier, one or 
+    the other may be preferred. For example, change_rw_rx can be adjusted accordingly. 
+
+
+    <h3>Decoder</h3>
+
+    <code>--decoder &lt;decoder_name&gt;</code> <br>
+    How the payload is encrypted & decrypted. <br>
+
+    <ul>
+      <li>plain: No encryption</li>
+      <li>xor: Single byte xor key, random</li>
+      <li>xor_2: Two byte xor key, random. <b>Recommended</b>.</li>
+    </ul>
+
+    <h3>Anti-Emulation</h3>
+    <code>--antiemulation &lt;anti_emulation_name&gt;</code> <br>
+    <ul>
+      <li>none: No anti-emulation</li>
+      <li>timeraw: CPU register time based</li>
+      <li>sirallocalot: CPU cycles, memory and time based. Also does EDR-deconditioning. <b>Recommended</b>.</li>
+    </ul>
+
+    <h3>Guardrail</h3>
+
+    <h3>Carrier Invoke</h3>
+
+    How the carrier (which will load the payload shellcode) is invoked. <br>
+    <code>--carrier_invoke &lt;carrier_invoke_name&gt;</code> <br>
+
+    <ul>
+      <li>eop: Change entry point to the carrier shellcode</li>
+      <li>backdoor: Parse main function for a few unconditional jmp's, and change last jmp to jump to the carrier shellcode. <b>Recommended</b>.</li>
+    </ul>
+
+    <h3>Fix IAT</h3>
+
+    The carrier, or one of its modules, like the decoder, antiemulation, or guardrail, may require imports like 
+    Windows kernel32.dll functions. If these are not available in the injectable, the IAT is being patched
+    for the required imports automatically. This will change the IAT of the injectable, which makes it less stealthy. 
+    <br>
+    <br>
+    If you want to keep maximum stealth, use <code>--no-fix-iat</code> and adjust your carrier/modules or exe
+    manually.
+
+
   </div>
 
   <script>