{"id":18704783,"url":"https://github.com/n3rada/toboggan","last_synced_at":"2025-04-12T09:33:13.352Z","repository":{"id":224261132,"uuid":"762844682","full_name":"n3rada/toboggan","owner":"n3rada","description":"🛝 Toboggan is a CLI tool that transforms any Remote Command Execution (RCE) into a functional dumb shell. Designed for constrained environments (e.g., firewalls) where traditional reverse shells are impractical, it can leverage a TTY shell on Linux using named pipes.","archived":false,"fork":false,"pushed_at":"2025-04-08T20:38:47.000Z","size":1638,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T21:31:44.617Z","etag":null,"topics":["command-line-tool","ctf","forward-shell","hackthebox","interractive","offensive-security","oscp-tools","python3","rce","reverse-shell","webshell"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/n3rada.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-24T21:04:56.000Z","updated_at":"2025-04-08T20:38:50.000Z","dependencies_parsed_at":"2024-05-09T21:43:45.190Z","dependency_job_id":"acfdaf13-1291-4c75-8535-07ebc6a3fce1","html_url":"https://github.com/n3rada/toboggan","commit_stats":null,"previous_names":["n3rada/toboggan"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n3rada%2Ftoboggan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n3rada%2Ftoboggan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n3rada%2Ftoboggan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n3rada%2Ftoboggan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/n3rada","download_url":"https://codeload.github.com/n3rada/toboggan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248546389,"owners_count":21122306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-line-tool","ctf","forward-shell","hackthebox","interractive","offensive-security","oscp-tools","python3","rce","reverse-shell","webshell"],"created_at":"2024-11-07T12:08:19.885Z","updated_at":"2025-04-12T09:33:13.341Z","avatar_url":"https://github.com/n3rada.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Toboggan\n\n🛝 Slide into post-exploitation from RCE with ease. Toboggan wraps your remote command execution into a upgradable dumb shell, making the post-exploitation phase better.\n\n\u003cp align=\"center\"\u003e\n    \u003cimg width=\"350\" src=\"/media/toboggan-coin-nobg.png\" alt=\"Toboggan Logo\"\u003e\n\u003c/p\u003e\n\n## Getting Started\n\nInstalling Toboggan is simple. You can install it directly from the repository:\n```shell\npip install 'toboggan@git+https://github.com/n3rada/toboggan.git'\n```\n\nOr, by using [`pipx`](https://pypa.github.io/pipx/) (and you should):\n```shell\npipx install 'git+https://github.com/n3rada/toboggan.git'\n```\n\nOnce installed, you can execute it using:\n```shell\ntoboggan -m ~/phpexploit.py\n```\n\nWhen you are knowing what you are doing, you can also do:\n```shell\ntoboggan -m ~/phpexploit.py --hide --fifo --os \"unix\" -wd /dev/shm/apache-tmp\n```\n\nIt will start a FiFo named-pipe inside the remote directory `/dev/shm/apache-tmp` and obfuscating all commands using `unix` (`--os`) [hide.py](./toboggan/actions/hide/unix.py).\n\n### Proxy\nYou can forward to your favorite proxifier such as your favorite [`Squid`](https://www.squid-cache.org/) server using the `--proxy` parameter:\n\n```shell\ntoboggan -m ~/phpexploit.py --proxy http://squidrandom.\u003csomething\u003e.io:3128\n```\n\n### BurpSuite\n\nTo route traffic through Burp Suite:\n```shell\ntoboggan -m ~/phpexploit.py --proxy\n```\n\nYou can also directly import a Burp saved request that contains the `||cmd||` placeholder:\n```shell\ntoboggan -r brequest\n```\n\n## 🔍 What is an RCE Python Module?\n\nA Remote Code Execution (RCE) module is a Python script designed to handle remote command execution. To be compatible with Toboggan, the module must include an execute function with the following signature:\n\n```python\ndef execute(command: str, timeout: float) -\u003e str:\n    \"\"\"\n    Execute a command remotely and return the output.\n    \n    Args:\n        command (str): The command to execute.\n        timeout (float): Execution timeout.\n\n    Returns:\n        str: The command output.\n    \"\"\"\n```\n\nThis function will be called internally by Toboggan to execute commands remotely.\n\n## 🏗️ Making Dumb Shells Smarter\n\n### Named Pipes for Semi-Interactive Shells\nToboggan uses named pipes (FIFO - First In, First Out) for inter-process communication (IPC). Named pipes are particularly useful when working with RCE over limited channels like HTTP requests or restricted command execution interfaces.\n\nThis allows Toboggan to simulate pseudo-TTY behavior, even in restricted environments behind firewalls. To enable named pipe mode, use the `--fifo` flag:\n```shell\ntoboggan -m ~/phpexploit.py --fifo\n```\n\nToboggan will create a FIFO-based communication channel, allowing you to interact with the remote system in a more dynamic way (e.g., using `sudo -l`).\n\n## 🛠️ Actions: Customizable Remote Interactions\n\nActions in Toboggan are modular plugins that allow you to extend its functionality. Actions can automate common post-exploitation tasks, such as downloading files, executing scripts, or setting up persistent access.\n\n### Custom Actions\nCustom actions allow you to define your own automation workflows. Actions should be placed in `~/.local/share/toboggan/actions` (Linux) or `%APPDATA%\\toboggan\\actions` (Windows).\n\n## Disclaimer\nToboggan is intended for use in legal penetration testing, Capture The Flag (CTF) competitions, or other authorized and ethical security assessments. Unauthorized use of this tool on systems you do not own or without proper authorization may be illegal. Please use \"Toboggan\" responsibly and in compliance with applicable laws and regulations.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn3rada%2Ftoboggan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fn3rada%2Ftoboggan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn3rada%2Ftoboggan/lists"}