A modular PE dropper builder based on a Flask web app to craft custom droppers that aim at bypassing modern EDR protections.
This tool is intended solely for authorized security testing, research, and educational purposes. Misuse of Droppy to deploy unapproved or malicious software is strictly prohibited. The authors and contributors of this project do not assume any liability for damages or legal consequences arising from improper use. By using Droppy, you agree to comply with all applicable laws and regulations in your jurisdiction.
- Remote Process Injection
- APC Injection
- Early Bird Injection
- In Memory
- File Mapping
- Function Stomping
- AES
- RSA
- RC4
- IPV4/6 hex format
- UUID hex format
- MAC hex format
- HWSyscalls (GitHub)
-
New UI: Build a new React-based user interface.
-
ETW Bypass: Implement Event Tracing for Windows (ETW) evasion techniques.
-
Unhooking: Implement unhooking support for multiple DLLs.
-
New Output Format: Add support for generating droppers in DLL format.
-
Additional Syscall Techniques: Implement syscall mechanisms using SysWhispers 2 & 3 and Hell’s Gate & Hall techniques.
-
New Injection Techniques: Ghost Writing, Process Herpaderping, Kernel Callback Tables Injection, Early Cascade Injection
Use the provided scripts to install the required components, setup.ps1 or setup.sh. These scripts require python3 to be already installed. Once the setup completed simply run the flask web app.
- On Windows
> venv\Script\active
> python app.py- On Linux
$ venv/bin/activate
$ python3 app.py- backend/ → Flask API & build scripts
- dropper_core/ → C source code for the dropper