Skip to content
/ sexonthebash Public

Unprivileged and stealth shell input and output listeners. Differerent approach for keylogging with Shell/bash.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ariary/sexonthebash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
cmd
cmd
 
 
pkg
pkg
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
stealth_bash.sh
stealth_bash.sh
 
 
stealth_shell.sh
stealth_shell.sh
 
 

Repository files navigation

sexonthebash 🍹

TL;DR

No talks needed, drinks are on me. I want to use it [🚀]

Stealth shell input and output listeners. Differerent approach for keylogging with Shell.

It provides 2 utilities imitating a shell to capture input and output:

  • sexonthebash: capture output and input of bash commands (script,screen -L -Logfile session.log equivalent)
  • shellonthebeach: capture input and output of /bin/sh command (the same thing as sexonthebash with less vodka)

You are free to do what you want with these data afterwards (DNS exfiltration, etc).

Could be used to:

  • spy on other users on the same machine, for CTF for example
  • get an interactive /bin/sh interactive (ie. With arrow keys, backspace etc)
Just for educational purposes, do not use it if against someone in real-life if you do not have permission
Any idea, criticism, contribution is welcome

🔦 Idea

Provide a different approach for keylogging (log only command on bash/sh). But some juicy information could be grabbed from it.

The aim of sexonthebash is to be launched under a bash session by any means and to imitate bash behaviour to lure the victim in a way that the victim doesn't feel like they're somewhere other than a bash session.

Idem for shellonthebeach, to be launched in place of a sh tty

💺 Installation

Download binary

From releases section

From source

Prerequisite

  • golang installed
  • make installed
  • be ill-intentioned

Clone the repo and download the dependencies locally:

git clone https://github.com/ariary/AravisFS.git
make before.build

sexonthebash

make build.sexonthebash

shellonthebeach

make build.shellonthebeach

🚀 Usage

Launch it, and exec your usual shell commands. If you see nothing suspect it is perfect.

Launch sexonthebash

In a bash session:

./stealth_bash.sh

Launch the command exit to exit the listener and find the log in .input.log and .output.log

Launch shellonthebeach

In a sh session:

./stealth_shell.sh

Launch the command exit to exit the listener. Nothing is done with captured commands from now

💭Limits/improvements

📬 Please tell me if you see some bugs,improvements etc! (with issue, PR etc)

shellonthebeach

  • The command outputs are not printing in real-time
  • Nothing is done with captured commands

sexonthebash

Be able to store (or send to a remote place) the captured output and input in a near real time (ie. A way to not waiting anymore that the user has finished his bash session to get those data)

About

Unprivileged and stealth shell input and output listeners. Differerent approach for keylogging with Shell/bash.

Topics

bash golang keylogger spy pentest

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages