HRShell v1.7 releases: HTTPS/HTTP reverse shell built with flask with advanced features

HRShell

HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on:

•  Linux ubuntu 18.04 LTS
•  macOS Mojave
•  Windows 7/10

🎉 Features

• It’s stealthy
• TLS support 🔑
  • Either using on-the-fly certificates or
  • By specifying a cert/key pair (more details below…)
• Proxy 🦊 support on the client.
• Directory navigation (cd command and variants).
• download/upload/screenshot commands available.
• shellcode injection 💉 (for the time it is available only for windows x86 systems but support for other OSs and ARCHs will be added soon!)
  • Either shellcode injection into another process by specifying its PID
  • or shellcode injection in the current running process
• Pipelining (|) & chained commands (;) are supported
• Support for every non-interactive (like gdb, top etc…) command
• Server is both HTTP & HTTPS capable.
• It comes with two built-in servers 🌐 so far… flask built-in & tornado-WSGI while it’s also compatible with other production servers like gunicorn and Nginx.
• Both server.py and client.py are easily extensible.
• Since most functionality comes from the server’s endpoint-design it’s very easy to write a client in any other language e.g. Java, GO, etc…

Changelog

Version 1.7 (11-10-2019)

• Implemented history command available when server.py runs on Unix systems.

Install && Use

Copyright (C) 2019 chrispetrou