Go to file
six ca864aa4d5 Return 2021-10-06 15:16:08 +02:00
LICENSE Initial commit 2021-10-06 13:14:53 +00:00 Return 2021-10-06 15:16:08 +02:00 Return 2021-10-06 15:16:08 +02:00


dEncexdel encrypts a linux executable or decrypts it into memory, executes it and deletes the decrypted file.

Practical uses: execute a service from memory without storing the plain source or the binary on disk, secure a PoC exploit.

dEncexdel uses /dev/shm/.


  • You can have executables that are encrypted.
  • Does not write to the physical drive, but to memory.


  • Goes only as far as execution.
  • The executed binary can still be read from memory by root (eg. cat /proc/PID/bin > /tmp/bin)


Be careful, -e overwrites the passed executable

python3 -e executable # encrypt

python3 -x executable # decrypt and execute

python3 -r executable # just stdout the decrypted data