PSAsyncShell – PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool features command history, screen wiping, file uploading and downloading, information splitting through chunks andRead More

Hoaxshell – An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on http(s) traffic. The tool is easy to use, it generates it’s own PowerShell payload and it supports encryption (ssl). So far, it has been tested on fully updated Windows 11 Enterprise andRead More

Gshell – A Flexible And Scalable Cross-Plaform Shell Generator Tool

A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a star as it tells me that I should addRead More

Notionterm – Embed Reverse Shell In Notion Pages

Embed reverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell) Demo/Quick proof insertion within report High available and shareable reverse shell (desktop, browser, mobile) Encrypted and authenticated remote shell NOTRead More

Tornado – Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding

anonymously reverse shell over onion network using hidden services without portfortwarding Explore the docs fully undetectable reverse shell · View Demo · bulletproof anonymity If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let’s explore the docs.   What is tornado? TornadoRead More

GoSH – Golang Reverse/Bind Shell Generator

Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism (unique functions’ names) and can use UDP protocol instead of the default TCP. If you send a DELETE command overRead More

DDexec – A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy (this is just how execve() works). This file may reside on disk or in ram (tmpfs, memfd) but you need a filepath. This has made very easy to controlRead More

Presshell – Quick And Dirty WordPress Command Execution Shell

presshell Quick & dirty WordPress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at <your-host>/wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to WordPress and can install plugins since transferring a PHP file to the media library shouldn’t work anyway. Otherwise, you haveRead More

LDAP shell – AD ACL Abuse

This repository contains a small tool inherited from ldap_shell (https://github.com/SecureAuthCorp/impacket/blob/master/impacket/examples/ldap_shell.py). Installation These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go: git clone https://github.com/z-Riocool/ldap_shell.gitcd ldap_shellpython3 setup.py install Usage Connection options ldap_shell domain.local/user:passwordldap_shell domain.local/user:password -dc-ip 192.168.1.2ldap_shell domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1export KRB5CCNAME=/home/user/ticket.ccacheldap_shell -k -no-pass domain.local/userRead More

X