HRShell v1.7 releases: HTTPS/HTTP reverse shell built with flask with advanced features
HRShell is an HTTPS/HTTP reverse shell built with flask. It’s compatible with python 3.x and has been successfully tested on:
- It’s stealthy
- TLS support 🔑
- Either using on-the-fly certificates or
- By specifying a cert/key pair (more details below…)
- Proxy 🦊 support on the client.
- Directory navigation (cd command and variants).
- download/upload/screenshot commands available.
- shellcode injection 💉 (for the time it is available only for windows x86 systems but support for other OSs and ARCHs will be added soon!)
- Either shellcode injection into another process by specifying its PID
- or shellcode injection in the current running process
- Pipelining (
|) & chained commands (
;) are supported
- Support for every non-interactive (like gdb, top etc…) command
- Server is both HTTP & HTTPS capable.
- It comes with two built-in servers 🌐 so far… flask built-in & tornado-WSGI while it’s also compatible with other production servers like
- Both server.py and client.py are easily extensible.
- Since most functionality comes from the server’s endpoint-design it’s very easy to write a client in any other language e.g. Java, GO, etc…
Version 1.7 (11-10-2019)
- Implemented history command available when server.py runs on Unix systems.
Copyright (C) 2019 chrispetrou