Skip to content
A Flexible Web Shell Client, Built on Electron
JavaScript CSS HTML
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
public
src
test
.gitignore
.travis.yml
LICENSE.md
README.md
appveyor.yml
package-lock.json
package.json

README.md

BROWNIE TUB

Known Vulnerabilities AppVeyor Travis (.com) GitHub issues

A Standalone Web Shell Client

BROWNIE TUB can support essentially any web shell that is based on commands being passed via HTTP(S).

FEATURES

  • Flexible: can support command-passing in any HTTP header, in any cookie, POST parameter, or GET parameter.
  • Securable: can integrate with password authentication mechanisms
  • Easy-to-Use: simple GUI allows easy control and configuration of your shells
  • Persistent: Stores data in an RxDB store (backed by PouchDB)
  • Control multiple shells from one app: track as many shells as you'd like, and switch between them seamlessly
  • Note that BROWNIE TUB comes with a small set of commands (i.e. read file, change directory) out-of-the-box. Feel free to fork and add more, though.
    • This is because the concept of BROWNIE TUB is to support web shells designed as initial footholds.
    • If your entire campaign is web-shell-based, then you will want to add extra commands, for sure.
    • You could also add an Issue, with a label of Enhancement, and I'll see if I have time to implement it (around my day job etc. of course)

Building this Yourself

  1. Clone this repo
  2. Run npm install to grab the dependencies
  3. Run npm run rebuild to rebuild the sqlite3 module, so it works with electron
  4. Run npm run build to build the react part
  5. Run npm run electron-pack to package the app.

Pre-Built Binaries

Under Releases, there are binaries (.exe, .deb, .AppImage) for Windows and Linux platforms.

You can’t perform that action at this time.