{"id":13628348,"url":"https://github.com/antonioCoco/SharPyShell","last_synced_at":"2025-04-17T04:31:43.466Z","repository":{"id":34340256,"uuid":"174887155","full_name":"antonioCoco/SharPyShell","owner":"antonioCoco","description":"SharPyShell - tiny and obfuscated ASP.NET webshell for C# web applications","archived":false,"fork":false,"pushed_at":"2023-11-26T17:14:06.000Z","size":6231,"stargazers_count":952,"open_issues_count":2,"forks_count":147,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-04-12T15:57:02.674Z","etag":null,"topics":["aspnet","csharp","encryption","obfuscation","webshell"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/antonioCoco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-03-10T22:09:40.000Z","updated_at":"2025-04-07T15:28:16.000Z","dependencies_parsed_at":"2023-11-26T18:38:19.180Z","dependency_job_id":null,"html_url":"https://github.com/antonioCoco/SharPyShell","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonioCoco%2FSharPyShell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonioCoco%2FSharPyShell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonioCoco%2FSharPyShell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonioCoco%2FSharPyShell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/antonioCoco","download_url":"https://codeload.github.com/antonioCoco/SharPyShell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249315932,"owners_count":21249860,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnet","csharp","encryption","obfuscation","webshell"],"created_at":"2024-08-01T22:00:50.359Z","updated_at":"2025-04-17T04:31:42.590Z","avatar_url":"https://github.com/antonioCoco.png","language":"Python","readme":"# SharPyShell\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"logo.png\" width=\"500\" height=\"300\" /\u003e\u003c/p\u003e\n\n\u003chr/\u003e\n\nSharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime.\n\nSharPyShell supports only C# web applications that runs on .NET Framework \u003e= 2.0\u003cbr\u003eVB is not supported atm.\n\n## Usage\n\n```\npython3 SharPyShell.py generate -p somepassword\npython3 SharPyShell.py interact -u http://target.url/sharpyshell.aspx -p somepassword\n```\n\n## Requirements\n\nPython version \u003e= 3.6\n\nand\n\n```\npip3 install -r requirements.txt\n```\n\n## Description\n\nSharPyShell is a post-exploitation framework written in Python that are capable of:\n\n - Generate obfuscated webshell (generate);\n - Simulate a windows terminal as an interaction for the webshell (interact).\n \n The main aim of this framework is providing the penetration tester a series of tools to ease the post exploitation phase once an exploitation has been succesfull against an IIS webserver.\n \u003cbr\u003e\n \u003cbr\u003e\n This tool is not intended as a replacement of the frameworks for C2 Server (i.e. Meterpreter, Empire, ecc..) but this should be used when you land to a fully restricted server where inbound and outbound connections are very limited.\n\u003cbr\u003e\nIn this framework you will have all the tools needed to privesc, netdiscovery and lateral movement as you are typing behind the cmd of the target server.\n\u003cbr\u003e\n\u003cbr\u003e\nMoreover this framework aim to be stealthy as much as possible implementing in memory execution for c# code and powershell modules.\n\u003cbr\u003e\n\u003cbr\u003e\nThe obfuscation implemented in SharPyShell aim to evade both file signatures and network signatures ids.\u003cbr\u003e\nFor the network signatures evasion, a fully encrypted channel has been developed for sending commands and receiving outputs.\u003cbr\u003e\nThe evasion for file signatures has been achieved using Reflection on a precompiled dll in charge of runtime compiling c# code.\u003cbr\u003e\n\n## Technical Diagram\n\nGenerated with asciiflow.com\n ```\n+-------------------------------------------+ +--------------------------------------------+\n| SharPyShell Client (Local) | | Target Server (Remote) |\n+-------------------------------------------+ +--------------+ +--------------------------------------------+\n| | | Encrypted | | |\n| +--------+-----------------^-----------\u003c----\u003e HTTP \u003c----\u003e-----------+-----------------^--------+ |\n| | | | | Channel | | | | |\n| |4-Receive |1-Send | +--------------+ | |2-Receive |3-Send |\n| | | | | | | |\n| +--------v-----------------+--------+ | | +--------v-----------------+--------+ |\n| | Module | | | | Webshell URL | |\n| +--------+-----------------^--------+ | | +--------+-----------------^--------+ |\n| | |Parse |Generate| | | | |Parse |Generate| |\n| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |\n| | |Base64 Resp | |Base64 Req | | | | | |Base64 Req | |Base64 Resp | | |\n| | +------+------+ +------^------+ | | | | +------+------+ +------^------+ | |\n| | |Decode |Encode | | | | |Decode |Encode | |\n| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |\n| | |Xor/Aes Data | |Xor/Aes Data | | | | | |Xor/Aes Data | |Xor/Aes Data | | |\n| | +------+------+ +------^------+ | | | | +------+------+ +------^------+ | |\n| | |Decrypt |Encrypt | | | | |Decrypt |Encrypt | |\n| | +------v------+ +------+------+ | | | | +------v------+ +------+------+ | |\n| | |Response | |C# Code | | | | | |C# Code | |Output | | |\n| | +------+------+ +------+------+ | | | | +------+------+ +------+------+ | |\n| | | ^ | | | | | ^ | |\n| | v | | | | | v | | |\n| | +--------+--------+ | | | | +--------+--------+ | |\n| | | | | | | | | |\n| +---------------- ^ ----------------+ | | +---------------- ^ ----------------+ |\n| | | | | |\n| |Run\u0026Parse | | |Compile\u0026Run |\n| | | | | |\n| +------ v ------+ | | +------ v ------+ |\n| |Terminal | | | |csc.exe | |\n| +---------------+ | | +---------------+ |\n| |Modules: | | | |System.dll | |\n| |#exec_cmd | | | |Compile in Mem | |\n| |#exec_ps | | | |No exe output | |\n| |#runas | | | | | |\n| |..... | | | | | |\n| | | | | | | |\n| +---------------+ | | +---------------+ |\n| | | |\n+-------------------------------------------+ +--------------------------------------------+\n```\n\n## Modules\n\n```\n #download Download a file from the server \n #exec_cmd Run a cmd.exe /c command on the server \n #exec_ps Run a powershell.exe -nop -noni -enc 'base64command' on the server \n #inject_dll_reflective Inject a reflective DLL in a new (or existing) process \n #inject_dll_srdi Inject a generic DLL in a new (or existing) process \n #inject_shellcode Inject shellcode in a new (or existing) process \n #invoke_ps_module Run a ps1 script on the target server \n #invoke_ps_module_as Run a ps1 script on the target server as a specific user \n #lateral_psexec Run psexec binary to move laterally \n #lateral_wmi Run builtin WMI command to move laterally \n #mimikatz Run an offline version of mimikatz directly in memory \n #net_portscan Run a port scan using regular sockets, based (pretty) loosely on nmap \n #privesc_juicy_potato Launch InMem Juicy Potato attack trying to impersonate NT AUTHORITY\\SYSTEM \n #privesc_powerup Run Powerup module to assess all misconfiguration for privesc \n #runas Run a cmd.exe /c command spawning a new process as a specific user \n #runas_ps Run a powershell.exe -enc spawning a new process as a specific user \n #upload Upload a file to the server \n```\n\n## Windows version tested\n\nWindows Server \u003e= 2008 Standard x64\n\n\n## Credits\n\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/newfinal100\"\u003e@newfinal100\u003c/a\u003e (for the fancy logo!)\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/epinna/weevely3\"\u003e@weevely3\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/ohpe/juicy-potato\"\u003e@juicy-potato\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/PowerShellMafia/PowerSploit\"\u003e@PowerSploit\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/gentilkiwi/mimikatz\"\u003e@mimikatz\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n","funding_links":[],"categories":["Uncategorized","Web Exploitation","Web","Python"],"sub_categories":["Uncategorized","Web shells and C2 frameworks","Web Shells / C2 Frameworks"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FantonioCoco%2FSharPyShell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FantonioCoco%2FSharPyShell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FantonioCoco%2FSharPyShell/lists"}