Hrshell - An Advanced Https/http Reverse Shell Built With Flask

✨ DeeZNuTz

✨ Master ✨
Staff member
856
41
HRShell_11_2.png


HRShell is an HTTPS/HTTP reverse shell built with flask. It's compatible with python 3.x and has been successfully tested on:
  • Linux ubuntu 18.04 LTS, Kali Linux 2019.3
  • macOS Mojave
  • Windows 7/10
Features
  • It's stealthy
  • TLS supportEither using on-the-fly certificates or
  • By specifying a cert/key pair (more details below...)
  • Shellcode injection (more details below...)Either shellcode injection in a thread of the current running processPlatforms supported so far:Windows x86
  • Unix x86
  • Unix x64
  • or shellcode injection into another process (migrate <PID>) by specifying its PIDPlatforms supported so far:Windows x86
  • Windows x64
  • Proxy support on client.
  • Directory navigation (cd command and variants).
  • download/upload/screenshot commands available.
  • Pipelining (|) & chained commands (are supported)
  • Support for every non-interactive (like gdb, top etc...) command
  • Server is both HTTP & HTTPS capable.
  • It comes with two built-in servers so far... flask built-in & tornado-WSGI while it's also compatible with other production servers like gunicorn and Nginx.
  • Both server.py and client.py are easily extensible.
  • Since the most functionality comes from server's endpoint-design it's very easy to write a client in any other language e.g. java, GO etc...
Download HRShell