A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3

Related tags

Third-party APIs Wrappersreverse-shellhttp-clienthttp-servernetwork-programmingsecurity-toolsred-teamingpenetration-testing-tools
Overview

Phantom - A multi-platform HTTP(S) Reverse Shell Server and Client

Python Version CodeFactor Grade OS OS

Reddit Discord Twitter

Phantom is a multi-platform HTTP(S) Reverse Shell server and client in Python 3. Binaries for Linux and Windows platforms can be built through an embedded script that executes PyInstaller.

Reverse shells can be established through HTTP or HTTPS. The certificates used for HTTPS can be auto-generated by Phantom or supplied by the user.

Phantom includes a helper shell script that enables fast generation of self-signed certificates for use of both servers and clients. After generation, the server and certificate authority certificates required for encrypted connections are bundled in the binaries for portability and ease of execution.

Demo

demo

Try it out!

Simply head over to the dist directory and download the pre-built Linux/Unix or Windows binaries.

The HTTP client files are set to connect to http://localhost:8080, whereas the HTTPS client bundles a CA certificate file for https://localhost:4443 and will only connect to this socket. With that in mind, choose either HTTP or HTTPS and run the server on one shell:

./linux_server http://localhost:8080
            <-- or -->
./linux_server https://localhost:4443

And the client on another one...

./http_linux_client
     <-- or -->
./https_linux_client

The same procedure works for the Windows binaries.

Setup

HTTP Server and Client

You don't need to set up the server and client for HTTP connections. The server will work straight out-of-the-box and the client will connect to any HTTP server. Just download the HTTP binaries from dist and you're done. Execute the binaries with the --help option for instructions.

HTTPS Server and Client

Encrypted communication through HTTPS requires at least two certificates: One for the server, named server.pem by default, and another for the certificate authority, or ca.pem. Phantom bundles both files in binaries for fast deployment. They can be generated by multiple methods or by a simple execution of the generate_certs.sh helper script.

Once the certificates are ready you only need to follow the steps from the Build and Run section below.

Build and Run an HTTPS Server/Client

I. Install Dependencies

Dependency management works with both Poetry (recommended) and Virtualenv. You need to install all dependencies before building binaries.

git clone https://github.com/EONRaider/BCA-Phantom.git
cd BCA-Phantom
poetry install <--or--> pip install -r requirements.txt

II. Build HTTPS Server and Client binaries

The build.py file centralizes the process and takes care of it all. Notice that a built Client binary contains a hardcoded server URL. The connection to the server can be stealthily performed by simply executing the binary.

  • Build and run the Server 
    python build.py server --server-cert /path/to/server.pem
./linux_server SERVER_URL
  • Build and run the Client 
    python build.py client --url SERVER_URL --ca-cert /path/to/ca.pem
./https_linux_client

The same procedure works for the Windows binaries.

Legal Disclaimer

The use of code contained in this repository, either in part or in its totality, for engaging targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws.

Developers assume no liability and are not responsible for misuses or damages caused by any code contained in this repository in any event that, accidentally or otherwise, it comes to be utilized by a threat agent or unauthorized entity as a means to compromise the security, privacy, confidentiality, integrity, and/or availability of systems and their associated resources. In this context the term "compromise" is henceforth understood as the leverage of exploitation of known or unknown vulnerabilities present in said systems, including, but not limited to, the implementation of security controls, human- or electronically-enabled.

The use of this code is only endorsed by the developers in those circumstances directly related to educational environments or authorized penetration testing engagements whose declared purpose is that of finding and mitigating vulnerabilities in systems, limiting their exposure to compromises and exploits employed by malicious agents as defined in their respective threat models.

You might also like...
Reverse engineered connection to the TradingView ticker in Python

Tradingview-ticker Reverse engineered connection to the TradingView ticker in Python. Makes a websocket connection to the Tradeview website and receiv

Aaron 20 Dec 2, 2022
A discord Server Bot made with Python, This bot helps people feel better by inspiring them with motivational quotes or by responding with a great message, also the users of the server can create custom messages by telling the bot with Commands.
A discord Server Bot made with Python, This bot helps people feel better by inspiring them with motivational quotes or by responding with a great message, also the users of the server can create custom messages by telling the bot with Commands.

A discord Server Bot made with Python, This bot helps people feel better by inspiring them with motivational quotes or by responding with a great message, also the users of the server can create custom messages by telling the bot with Commands.

Aran 1 Oct 13, 2021
Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)
Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode)

hbctool A command-line interface for disassembling and assembling the Hermes Bytecode. Since the React Native team created their own JavaScript engine

Pongsakorn Sommalai 216 Jan 3, 2023
Info & tools for reverse engineering the M6 smart fitness band
Info & tools for reverse engineering the M6 smart fitness band

m6-reveng This repo contains information and tools for reverse engineering the $7 M6 smart fitness band. Hardware The SoC (system-on-a-chip) is a Teli

null 41 Dec 26, 2022
My attempt to reverse the Discord nitro token generation function.
My attempt to reverse the Discord nitro token generation function.

discord-theory-I PART: I My attempt to reverse the Discord nitro token generation function. The Nitro generation tools thing is common in Discord now,

Jakom 29 Aug 14, 2022
A bot to get Statistics like the Playercount from your Minecraft-Server on your Discord-Server

Hey Thanks for reading me. Warning: My English is not the best I have programmed this bot to show me statistics about the player numbers and ping of m

spaffel 12 Sep 24, 2022
This Server Cloner can clone the server you want with all the perms of roles in every particular channel.

Server-Cloner-with-perms 🚀 This Server Cloner can clone the server you want with all the perms of roles in every particular channel. Features Clone C

Gripz 0 Feb 17, 2022
A Discord Server Cloner Which Can Clone Any Discord Server In Just Few Minutes
A Discord Server Cloner Which Can Clone Any Discord Server In Just Few Minutes

A Discord Server Cloner Which Can Clone Any Discord Server In Just Few Minutes.

samet 4 Jul 23, 2022
WhatsApp Web API client with multi-device support

Tauros WhatsApp Web client for multi-device in python Free software: MIT Documentation: https://tauros.readthedocs.io Features TODO Credits This packa

Manjit Pardeshi 0 Jan 20, 2022
Comments
  • Build Error

    Build Error

    Hi !

    First of all, thank you very much for this great tool !

    I'm trying to build binary with self signed certs (made with your script). Unfortunately the build doesn't work and python return an error I don't understand.

    $python build.py server --server-cert server-cert.pem
Traceback (most recent call last):
  File "build.py", line 38, in <module>
    def server(args: argparse.Namespace) -> list[str]:
TypeError: 'type' object is not subscriptable

    Hope this question is not to stupid. Thanks in advance for your help.

    opened by snax44 2
  • build error

    build error

    [[email protected] BCA-Phantom]# python3 build.py server --server-cert /root/cert/server.pem Traceback (most recent call last): File "build.py", line 38, in def server(args: argparse.Namespace) -> list[str]: TypeError: 'type' object is not subscriptable

    opened by ghost 0
  • issue with certificacion

    issue with certificacion

    I got this message in the client when I have to connect <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>

    ` ./https_linux_client Traceback (most recent call last): File "urllib/request.py", line 1346, in do_open File "http/client.py", line 1279, in request File "http/client.py", line 1325, in _send_request File "http/client.py", line 1274, in endheaders File "http/client.py", line 1034, in _send_output File "http/client.py", line 974, in send File "http/client.py", line 1448, in connect File "ssl.py", line 500, in wrap_socket File "ssl.py", line 1040, in _create File "ssl.py", line 1309, in do_handshake ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last): File "client.py", line 145, in File "client.py", line 84, in execute File "commands.py", line 38, in open_session File "commands.py", line 26, in _send File "client.py", line 78, in post File "urllib/request.py", line 214, in urlopen File "urllib/request.py", line 517, in open File "urllib/request.py", line 534, in _open File "urllib/request.py", line 494, in _call_chain File "urllib/request.py", line 1389, in https_open File "urllib/request.py", line 1349, in do_open urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)> [3535] Failed to execute script 'client' due to unhandled exception!`

    Both certificates were build with the generate_certs.sh

    opened by rogerio77 0
Releases(v2.0.0)
Owner
Computer programming. Cybersecurity.
GitHub Repository
AWS DeepRacer Free Student Workshop: Run faster by using your custom waypoints

AWS DeepRacer Free Student Workshop: Run faster by using your custom waypoints Reward Function Template for waypoints def reward_function(params):

Yuen Cheuk Lam 88 Nov 27, 2022
This software's intent is to automate all activities related to manage Axie Infinity Scholars. It is specially aimed to mangers with large scholar roasters.

Axie Scholars Utilities This software's intent is to automate all activities related to manage Scholars. It is specially aimed to mangers with large s

Ferran Marin 153 Nov 16, 2022
A discord program that will send a message to nearly every user in a discord server

Discord Mass DM Scrapes users from a discord server to promote/mass dm Report Bug · Request Feature Features Asynchronous Easy to use Free Auto scrape

dropout 56 Jan 02, 2023
A Telegram Bot to Play Audio in Voice Chats With Youtube and Deezer support. Supports Live streaming from youtube Supports Mega Radio Fm Streamings

Bot To Stream Musics on PyTGcalls with Channel Support. A Telegram Bot to Play Audio in Voice Chats With Supports Live streaming from youtube and Mega

Shamil Habeeb 37 Dec 15, 2022
Wechat based auto reply with pyautogui

Python-微信 自动回复 练手~ 一直想做个给微信发个消息,就可以跑Python程序,并将结果发送给我的东西,之前看了 B站@不高兴就喝水 的视频,终于有了灵感~ 使用的是模拟点击方案,请求期间是不能操作了。 库 pyautogui 用于模拟鼠标键盘操作和定位操作位置 pyperclip 剪贴板

Vito Song 1 Oct 22, 2022
Kodi script for proper Australian weather data

Kodi Oz Weather weather.ozweather Script for Kodi for high quality Australian weather data sourced directly from the BOM. Available from the Kodi offi

Jeremy Daalder 5 Nov 24, 2022
Chatbot construido com o framework Rasa para responder dúvidas referentes ao COVID-19.

Racom Chatbot Chatbot construido com o framework Rasa. Como executar Necessário instalar Docker e Docker Compose. Para inicializar a aplicação, basta

Vinícius Souza 4 Jul 28, 2022
A simple anti-ghostping python bot made using diskord.

Anti Ghostping A simple Anti-Ghostping python bot made with ❤ using Diskord Requirements No one will use this but, all you need for this bot is: Pytho

RyZe 2 Sep 12, 2022
Python SDK for IEX Cloud

iexfinance Python SDK for IEX Cloud. Architecture mirrors that of the IEX Cloud API (and its documentation). An easy-to-use toolkit to obtain data for

Addison Lynch 640 Jan 07, 2023
Python client for the iNaturalist APIs

pyinaturalist Introduction iNaturalist is a community science platform that helps people get involved in the natural world by observing and identifyin

Nicolas Noé 79 Dec 22, 2022
The Simple Google Colab Notebook to Download Files from Direct Link to Google Drive with custom name and bulk link support.

Direct Link to Google Drive (Advanced! 🔥 ) The Most Advanced yet Simple Google Colab Notebook to Download Files from Direct Link to Google Drive. 🆕

Dr.Caduceus 14 Jul 26, 2022
This is a telegram bot built using the Oxford Dictionary API

Oxford Dictionaries Telegram Bot This is a telegram bot built using the Oxford Dictionary API Source: Oxford Dictionaries API Documentation Install En

Abhijith N T 2 Mar 18, 2022
Mikasa is a 100% Spanish bot, a multifunctional bot, Mikasa is in beta.

Mikasa Miaksa, It is a multi-functional discord bot that is currently in development, this is not complete, there are still many things to fix and imp

Made in 2 Oct 05, 2021
A simple Facebook Account generator, written in python (needs different Email so Accounts do not get banned)

FacebookAccountGenerator FAB is a Facebook-Account generating script, written in python Installation Use the package manager pip to install selenium p

MrOverload 7 Jan 05, 2023
Acc-discord-rpc - Assetto Corsa Competizione Discord Rich Presence Client

A simple Assetto Corsa Competizione Rich Presence client. This app only works in

6 Dec 18, 2022
A Telegram Music Bot written in Python using Pyrogram and Py-Tgcalls

A Telegram Music Bot written in Python using Pyrogram and Py-Tgcalls. This is Also The Source Code of The UserBot Which is Playing Music in @S1-BOTS Support Group ❤️

SAF ONE 224 Dec 28, 2022
Throttle and debounce add-on for Pyrogram

pyrothrottle Throttle and debounce add-on for Pyrogram Quickstart implementation on decorators from pyrogram import Client, filters from pyrogram.type

7 Oct 01, 2022
Telegram PHub Bot using ARQ Api and Pyrogram. This Bot can Download and Send PHub HQ videos in Telegram using ARQ API.

Tg_PHub_Bot Telegram PHub Bot using ARQ Api and Pyrogram. This Bot can Download and Send PHub HQ videos in Telegram using ARQ API. OS Support All linu

TheProgrammerCat 13 Oct 21, 2022
⭐️ Pyro String Generator ⭐️ Genrate String Session Using this bot.Made by TeamUltronX 🔥

⭐️ Pyro String Generator ⭐️ Genrate String Session Using this bot.Made by TeamUltronX 🔥 Configs: API_HASH Get from Here. API_ID Get from Here. API_KE

TheUltronX 2 Dec 16, 2022
An enhanced discord.py, based off of the now-archived discord.py project

enhanced-discord.py A modern, maintained, easy to use, feature-rich, and async ready API wrapper for Discord written in Python. The Future of enhanced

Devision 2 Dec 21, 2022