https://github.com/ariary/sexonthebash
Unprivileged and stealth shell input and output listeners. Differerent approach for keylogging with Shell/bash.
https://github.com/ariary/sexonthebash
bash golang keylogger pentest spy
Last synced: 9 months ago
JSON representation
Unprivileged and stealth shell input and output listeners. Differerent approach for keylogging with Shell/bash.
- Host: GitHub
- URL: https://github.com/ariary/sexonthebash
- Owner: ariary
- Created: 2021-08-16T07:19:39.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2023-10-13T12:56:33.000Z (over 2 years ago)
- Last Synced: 2025-04-04T17:11:38.853Z (about 1 year ago)
- Topics: bash, golang, keylogger, pentest, spy
- Language: Go
- Homepage:
- Size: 47.9 KB
- Stars: 6
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# sexonthebash πΉ
Stealth shell input and output listeners. Differerent approach for keylogging with Shell.
It provides 2 utilities imitating a shell to capture input and output:
- `sexonthebash`: capture output and input of **bash** commands (`script`,`screen -L -Logfile session.log` equivalent)
- `shellonthebeach`: capture input and output of **/bin/sh** command (the same thing as `sexonthebash` with less vodka)
You are free to do what you want with these data afterwards (DNS exfiltration, etc).
Could be used to:
- spy on other users on the same machine, for CTF for example
- get an interactive `/bin/sh` interactive (ie. With arrow keys, backspace etc)
| ***Just for educational purposes, do not use it if against someone in real-life if you do not have permission*** |
|:------------------------------------------------------------------------------------------------------------------:|
|*Any idea, criticism, contribution is welcome*|
## π¦ Idea
Provide a different approach for keylogging (log only command on `bash`/`sh`). But some juicy information could be grabbed from it.
The aim of `sexonthebash` is to be launched under a bash session by any means and to imitate bash behaviour to lure the victim in a way that the victim doesn't feel like they're somewhere other than a bash session.
Idem for `shellonthebeach`, to be launched in place of a `sh` tty
## πΊ Installation
### Download binary
From [releases](https://github.com/ariary/sexonthebash/releases) section
### From source
#### Prerequisite
- golang installed
- make installed
- be ill-intentioned
Clone the repo and download the dependencies locally:
```
git clone https://github.com/ariary/AravisFS.git
make before.build
```
### sexonthebash
make build.sexonthebash
### shellonthebeach
make build.shellonthebeach
## π Usage
Launch it, and exec your usual shell commands. If you see nothing suspect it is perfect.
### Launch sexonthebash
In a bash session:
```
./stealth_bash.sh
```
Launch the command `exit` to exit the listener and find the log in `.input.log` and `.output.log`
### Launch shellonthebeach
In a sh session:
```
./stealth_shell.sh
```
Launch the command `exit` to exit the listener. Nothing is done with captured commands from now
## πLimits/improvements
π¬ **Please tell me if you see some bugs,improvements etc!** (with issue, PR etc)
### shellonthebeach
- The command outputs are not printing in real-time
- Nothing is done with captured commands
### sexonthebash
Be able to store (or send to a remote place) the captured output and input in a near real time (ie. A way to not waiting anymore that the user has finished his bash session to get those data)