https://github.com/ordinary-hacker/oh-my-shells
The offline, CLI-first swiss army knife for shell payloads!
https://github.com/ordinary-hacker/oh-my-shells
payloads penetration-testing pentest pentesting red-team redteam shell toml
Last synced: about 1 month ago
JSON representation
The offline, CLI-first swiss army knife for shell payloads!
- Host: GitHub
- URL: https://github.com/ordinary-hacker/oh-my-shells
- Owner: ordinary-hacker
- License: mit
- Created: 2025-08-30T02:01:25.000Z (10 months ago)
- Default Branch: trunk
- Last Pushed: 2025-08-30T03:17:49.000Z (10 months ago)
- Last Synced: 2025-08-30T04:11:13.283Z (10 months ago)
- Topics: payloads, penetration-testing, pentest, pentesting, red-team, redteam, shell, toml
- Language: C
- Homepage:
- Size: 83 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ๐ oh-my-shells
The offline, CLI-first swiss army knife for shell payloads! ๐
[](#)
[](#)
[](#)
[](#)
---
## โ Why, What, How?
For a quick overview of what the tool does, how it works, and why it exists, see [this blog post](https://0rd1n4ry.bearblog.dev/oh-my-shells).
---
## โจ Features
- ๐ **Search** and filter hundreds of shell payloads by OS, type, protocol, and language
- ๐ **Generate** ready-to-use payloads and listeners for your target
- ๐ **Show** detailed info for each shell
- ๐จ๏ธ **Colorful output** (with `--no-color` option for scripts)
- ๐ท๏ธ **Offline**: No internet required
- ๐ ๏ธ **Easy to extend** with your own payloads (just add TOML files!)
- ๐ **Open Source** and hackable
---
## ๐ฆ Usage
```sh
./oh-my-shell [OPTIONS]
```
### Commands
- `list` (alias: `l`) - List payloads with optional filters
- `search ` (alias: `sr`) - Search for payloads
- `show ` (alias: `sh`) - Show details about a specific payload
- `generate ` (alias: `g`) - Generate a payload
### Options
- `-i, --id ` Shell identifier
- `-s, --search ` Search term
- `-H, --lhost ` Local host for payload generation
- `-P, --lport ` Local port (default: 4444)
- `-S, --shell ` Shell to use for payloads
- `-e, --encoding ` Output encoding (url, base64, etc.)
- `-l, --listener` Output only the recommended listener
- `-p, --payload` Output only the generated payload
- `--no-color` Disable ANSI color output
- `--version` Show version information
- `-h, --help` Show help message
### Filters (for `list`)
- `--os ` Filter by OS (bsd, linux, osx, unix, windows)
- `--type ` Filter by type (reverse, bind)
- `--proto ` Filter by protocol (tcp, udp, http)
- `--lang ` Filter by language (ruby, go, python, etc.)
---
## ๐งโ๐ป Examples
```sh
./oh-my-shell list --os linux --type reverse
./oh-my-shell l --os linux --type reverse # Using alias
./oh-my-shell search "netcat"
./oh-my-shell sr "netcat" # Using alias
./oh-my-shell show bash_read_line
./oh-my-shell sh bash_read_line # Using alias
./oh-my-shell generate bash_i -H 192.168.1.100 -P 4444
./oh-my-shell g bash_i -H 192.168.1.100 -P 4444 # Using alias
./oh-my-shell --version
```
---
## ๐ฆ Adding Your Own Payloads
Just drop a new `.toml` file in the appropriate `shells/` subdirectory. The tool will pick it up automatically!
---
## ๐ ๏ธ Building
**Requires**: `make` and any C compiler (e.g. `gcc`, `clang`, `cc`, ...).
```sh
make
```
---
## ๐ฅ Installing & Updating
### Installer Script
Just run the following command, note you need to have `make` and a C compiler installed:
```sh
curl -fsSL https://raw.githubusercontent.com/ordinary-hacker/oh-my-shells/trunk/scripts/install.sh | sudo bash
```
### Prebuilt Binaries
Or, otherwise you can use one of the precompiled binaries available at `release/builds/` and in the latest release.
Just make sure you have both the binary and the `shells/` directory in the same folder. The latest release also contains a `.zip` and `.tar.gz` of the `shells/` directory for easier install.
### Verify installation
Afterwards, no matter the method of installation, you can just run the tool as:
```sh
oh-my-shells -h
```
---
## ๐งช Testing
The project includes a full suite of unit, integration, and black-box tests.
This comprehensive amount of tests is available in `tests/`, all of them using the [Unity Test Framework](https://github.com/ThrowTheSwitch/Unity) at `lib/unity/`.
Here's a look at the structure of tests:
* **White Box Tests (Unit Tests)**
- `test_cli.c`: Tests CLI arguments parsing and command structure initialization
- `test_module_loader.c`: Tests module loading, registry management, and TOML parsing
* **Integration Tests**
- `test_integration.c`: Tests complete workflows and component interactions
* **Black Box Tests**
- `test_blackbox.c`: Tests the binary as an external user would, testing all commands and edge cases
### Running Tests
Running all tests:
```bash
make test
```
Running individual test suites:
```bash
make run-test-cli
make run-test-module-loader
make run-test-integration
make run-test-blackbox
```
Building tests without running them:
```bash
make build-tests
```
### Tests Coverage
The whole test suite covers:
- CLI argument parsing and validation
- Module registry initialization and management
- TOML file loading and parsing
- Shell module search and filtering
- Payload generation functionality
- All command-line commands (list, search, show, generate)
- Error handling and edge cases
- Command aliases and flag combinations
- Integration between components
### Expected Results
These tests should always pass with 0 failures. In total the test suite includes:
- 8 CLI tests
- 5 Module loader tests
- 6 Integration tests
- 13 Black box tests
Giving us a **total of 32 tests**.
---
## ยฉ๏ธ Credits
**Author and maintainer**: [ordinary-hacker](https://github.com/ordinary-hacker)
This tool depends on and includes a vendored version of [tomlc17](https://github.com/cktan/tomlc17) by [cktan](https://github.com/cktan).
There's also a vendored version of the [Unity Test Framework](https://github.com/ThrowTheSwitch/Unity) by [ThrowTheSwitch](https://github.com/ThrowTheSwitch) used for testing.
---
## ๐ License
MIT License. See [LICENSE](LICENSE) for details.
---
Made with โค๏ธ by hackers, for hackers.