Fork me on GitHub

SandKit by s7ephen

SandKit is a toolset that is intended to assist with the investigation of Sandbox technologies.

SandKit was released to accompany the talk "Escaping the Sandbox" given at EuSecWest Amsterdam, Syscan Singapore, Syscan Vietnam, and ReCon in the summer of 2010.


There isnt really much in the way of a source of documentation other than the slides (download below). Also see the Readme.txt's for any other notes in each directory of source code.



1. Download/Install Python2.4 for Windows. (It has to be 2.4 cuz sa7shell has it statically coded. You can use a diff version of you recompile the tools.)

2. Download/Install CTypes for Python2.4

3. Move pyloader.dll to c:\

4. Run

That should be it!

See below for download and manual build info.


Here are screenshots of just a few tools from SandKit:

Sa7Shell: (Full Python injected in Chrome) Sa7Shell: (Full Python injected in Notepad) Token/Handle Sniping Interrogating Tokens
Sa7Shell Sa7Shell Token/Handle Snipe Interrogating Tokens
Copy memory between processes. "Hexdump" memory directly from process. Dump process memory to file. Compare memory in two processes.
Copymem Readmem Dumpmem Memdiff
Write string/array into process memory. Inline Python shell (within Sandkit) Vanilla Dll injection command. (with test dll)
Writemem Python Shell within Sandkit Vanilla Dll Injection

Download the slides!

"Escaping The Sandbox" (EuSecWest/SyScan/Recon 2010)
as pdf...


Stephen A. Ridley (stephen (at)

Twitter: s7ephen

Download the entire repository

You can download this project in either zip or tar formats.

You can also clone the project with Git by running:

$ git clone git://