Hey everyone, I finally found the time to upload my tool to Github. Let me introduce you all to Shelldon.
Shelldon is a simple python tool for creating a customizable reverse shell payload with very little effort. Basically, instead of heading over to Reverse Shell Cheat Sheet | pentestmonkey every 5 minutes, changing the IP address, and having a time-consuming headache, I made this program.
Shelldon is very configurable, allowing a python shell (with the correct HTB ip address, despite the address changing every day) to be as simple as: shelldon python
I urge you all to check it out. It’s a very simple program and I’m not claiming to be a great python developer. It’s just something I would like to share, because the clipboard functionality (among other things) have saved me possibly hours overtime of retyping the command when someone resets the box or I accidentally <CTRL+C> out of my shell.
Feel free to contribute to it. I’m open to suggestions on functionality.
Nice work man.
It takes some time and effort to make these things, looks good.
Maybe a few things that come to mind:
The biggest challenge for your project I think is “simplicity”, so that using your tool actually saved time, compared to copy-pasting the shell and looking up the ip.
Two things you could consider for example is:
have a command ‘shelldon’ (without any arguments) that just outputs all available shells. In my notes I often have a look at what shells are on my menu to then pick the best one for the job.
It would greatly simplify your tool, and still add the benefit of all ip’s being filled in for me.
If there would be too much text on screen to keep things organised, then you could consider a same default command like ‘shelldon’ (without any arguments) that presents the user with a choice menu of all choices. For example Access the shell remotely (1) or locally (2)? ',… follow up with one or two more choices, so that you end up with a few shells you can fit on one screen.
Along the same lines:
You could also consider making the github page so that there is more focus on why people would want to use it.
It may be better to start of with one simple example that makes people go like “yeah, that makes my life easier”, in stead of them having to read through a bunch of documentation.
Your documentation is great, but currently there may be a bit too much emphasis on “this is what you can or need to do” and too little on “here’s how this tool makes your life easier”.
To be honest, if I read all configuration right now, it seems more work than the simple copy paste from my notes.
I don’t mean to offend or discourage you, I just think other people will share this concern and my goal here is be realistic about what feelings it gives me and think constructively what you could do to overcome that.
Either way, great job and thanks for sharing it with us. It’s great to see your initiative!
Good luck with the project. I really hope it will help people!
@gnothiseauton
While I disagree with some of your points, I really appreciate your detailed feedback!
Your first point confuses me, as running shelldon displays the help menu (which has a list of every shell option clearly in front of it.) Furthermore, I fundamentally disagree with your suggestion to use a text-based user interface as opposed to a script you can pass commands to.
Typing shelldon python for me makes more intuitive and convenience sense than typing shelldon, waiting for a list, typing python, waiting for it to ask me if I want to add any options (-a, -y, etc…).
This is a personal preference (it basically boils down to I prefer command line over GUI)
Your second point doesn’t make much sense to me either… these are reverse shells. You are to have a listener ready at whatever port you want (say, 53) and then copy/paste the reverse-shell command onto the victim (say, by a second terminal). Local / Remote doesn’t make much sense.
I agree with your point on the configuration. While I think it’s best to just read it, I edited the script to automatically configure itself by default to HTB (defaulting to eth0 if you’re not on the HTB VPN). Again, there’s things that I cannot do or anticipate, which is why configuration exists. If someone’s main wifi interface is ens33 and not eth0, they would need to edit it themselves. I can’t be in charge of that, especially for this simple script.
I’ll consider making more documentation about how it could be useful, but it really is just a convenience tool. I’ve had shells crash every 5 minutes (and my VM crashes often when I have another VM running) so having shelldon python instead of the long winded actual command is just faster.
Either way, I really appreciate your detailed feedback and I just wanted to address some points that I care about. I have improved the functionality to my satisfaction based on the feedback you gave, so please feel free to give more suggestions.