Displaying 1 to 19 from 19 results

EggShell - iOS/macOS/Linux Remote Administration Tool

  •    Objective-C

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. This is project is a proof of concept, intended for use on machines you own. Eggshell payloads are executed on the target machine. The payload first sends over instructions for getting and sending back device details to our server and then chooses the appropriate executable to establish a secure remote control session.

EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.

  •    Python

Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time. For more information on SemVer, please visit https://semver.org/.

chashell - Chashell is a Go reverse shell that communicates over DNS

  •    Go

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks. It comes with a multi-client control server, named chaserv.

Stitch - Python Remote Administration Tool (RAT)

  •    Python

Stitch is for education/research purposes only. The author takes NO responsibility and/or liability for how you choose to use any of the tools/source code/any files provided. The author and anyone affiliated with will not be liable for any losses and/or damages in connection with use of ANY files provided with Stitch. By using Stitch or any files included, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again Stitch and ALL files included are for EDUCATION and/or RESEARCH purposes ONLY. Stitch is ONLY intended to be used on your own pentesting labs, or with explicit consent from the owner of the property being tested. This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send an email of system info when the system boots, and option to start keylogger on boot. Payloads created can only run on the OS that they were created on.


  •    HTML

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.

HERCULES - HERCULES is a special payload generator that can bypass antivirus softwares.

  •    Go

HERCULES is a customizable payload generator that can bypass antivirus software. WARNING: Don't change the location of the HERCULES folder.

reverse-shell - Reverse Shell as a Service

  •    Javascript

Easy to remember reverse shell that should work on most Unix-like systems.On your machine, open up a port and listen on it. You can do this easily with netcat.

Parat - Python based Remote Administration Tool(RAT)

  •    Python

Parat is NOT for real attacks. It simply designed for educational purposes only and so is not responsible for any abusive/offensive uses. Copy and paste on your terminal: git clone https://github.com/micle-fm/Parat && cd Parat && python main.py Note: it may need to install python -m easy_install pypiwin32 on some targets.

hershell - Multiplatform reverse shell generator

  •    Go

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception.

xsshell - An XSS reverse shell framework

  •    Go

XSShell is a cross-site-scripting reverse shell... Okay, well maybe it's not a true reverse shell, but it will allow you to interact in real time with an XSS victim's browser. This will ensure that the updated files are packed into the binary.

gorsh - A Golang Implant and Tmux-driven C2 Interface

  •    Go

Learn go. Make a throwaway reverse shell for things like CTFs. Learn about host-based OPSEC considerations when writing an implant. Check out the official documentation for an intro to developing with Go and setting up your Golang environment (with the $GOPATH environment variable).


  •    Ruby

basic shells are just that a client and server that can send OS commands back and forth. encrypted shells are encrypted with aes 256 and the base64 encoded. This is also used to send OS commands back and forth.

reverse-shell - A reverse-shell agent, master and rendezvous point written in Go

  •    Go

Disclaimer: This project is for research purposes only, and should only be used on authorized systems. A reverse shell is also really useful when you're playing with your SSH server and want to have a backup plan in case of misconfiguration.

lonely-shell - poc https reverse shell

  •    Go

This is a proof of concept, minimal Windows reverse shell written in Golang that uses HTTPS/TLS for communication. The Linux server uses a self-signed certificate and hosts a single static file that contains a Windows command. The Windows client is a 64-bit portable executable that does a GET request every 30 seconds to obtain a Windows command from the server which then is executed and the results are sent via POST. A traffic file is included with this repository to show an example of the encrypted reverse shell communication. Also, a simple python script is provided to easily change the Windows command that the reverse shell will execute. This project was created due to the lack of open-source Windows reverse shells that use legitimate HTTPS traffic for communication. I hope this project can be a starting point for penetration testers who desire this capability in their engagements.

rconn - rconn is a multiplatform program for creating generic reverse connections

  •    Go

rconn (r[everse] conn[ection]) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding. This is achieved by creating a connection from the node behind the firewall/NAT to a port on your local machine, and then a port is exposed in your machine through which you can connect to the service that is behind firewall/NAT. All traffic is routed through the initial connection that was opened by the machine behind firewall/NAT. Build with: go build.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.