Penelope Shell Handler

Related tags

Miscellaneouspenelope
Overview

penelope

Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way.

Among the main features are:

  • Auto-upgrade shells to PTY (auto-resize included)
  • Logging interaction with the targets
  • Download files from targets
  • Upload files to targets
  • Upload preset scripts to targets
  • Spawn backup shells
  • Multiple sessions
  • Multiple listeners
  • Can be imported by exploits and get shell on the same terminal.

Sample basic usage

penelope.py                   # Listening for reverse shells on 0.0.0.0:4444
penelope.py 5555              # Listening for reverse shells on 0.0.0.0:5555
penelope.py 5555 -i eth0      # Listening for reverse shells on eth0:5555

penelope.py -c target 3333    # Connect to a bind shell on target:3333

Demonstrating random usage (1)

  1. Executing penelope without parameters and getting a reverse shell
  2. Pressing F12 to detach the session and go to the main menu
  3. Run 'recon' command to upload preset privesc scripts to the target
  4. Interacting again with the session, confirming that scripts are uploaded
  5. Detaching again with F12 and downloading /etc directory from the target
  6. Kill the session and exiting with Ctrl-D

sample_usage

Demonstrating random usage (2)

  1. Adding an extra listener and show all listeners
  2. Interacting with session 1
  3. Spawning 2 extra backup sessions
  4. Showing all sessions

sample_usage2

Command line options

positional arguments:
  PORT                  Port to listen/connect to depending on -i/-c options. Default: 4444

Reverse or Bind shell?:
  -i , --address        IP Address or Interface to listen on. Default: 0.0.0.0
  -c , --connect        Bind shell Host

Hints:
  -a, --hints           Show sample payloads for reverse shell based on the registered listeners
  -l, --interfaces      Show the available network interfaces
  -h, --help            show this help message and exit

Verbosity:
  -Q, --silent          Show only errors and warnings
  -X, --extra-silent    Suppress all logging messages

Logging:
  -L, --no-log          Do not create session log files
  -T, --no-timestamps   Do not include timestamps on logs

Misc:
  -H, --no-history      Disable shell history on target
  -P, --plain           Just land to the menu
  -S, --single-session  Accommodate only the first created session
  -C, --no-attach       Disable auto attaching sessions upon creation
  -U, --no-upgrade      Do not upgrade shells

Debug:
  -d, --debug           Show debug messages
  -NP, --no-python      Simulate python absense on target
  -NB, --no-bash        Simulate bash absense on target

Menu options

use [sessionID|none]
  Select a session

sessions [sessionID]
  Show active sessions. When followed by <sessionID>, interact with that
  session

interact [sessionID]
  Interact with a session

kill [sessionID|all]
  Kill a session

download <glob>...
  Download files and folders from the target

open <glob>...
  Download files and folders from the target and open them locally

upload <glob|URL>...
  Upload files and folders to the target. If URL is specified then it is
  downloaded locally and then uploaded to the target

recon [sessionID]
  Upload preset reconnaissance scripts to the target

spawn [sessionID]
  Spawn a new session. Whether it will be reverse or bind, depends on
  the current session.

upgrade [sessionID]
  Upgrade the session's shell to "PTY". If it fails attempts to upgrade
  it to "Advanced". If this fail too, then falls back to "Basic" shell.

dir|. [sessionID]
  Open the session's local folder. If no session is selected, opens the
  base folder.

listeners [<add|stop> <Interface|IP> <Port>]
  Add or stop a Listener. When invoked without parameters, it shows the
  active Listeners.

connect <Host> <Port>
  Connect to a bind shell

hints
  Show sample commands to run on the targets to get reverse shell, based
  on the registered listeners

reset
  Reset the local terminal

history
  Show menu history

help [command]
  Show menu help or help about specific command

DEBUG
  Open debug console

SET [<param> <value>]
  Set options. When invoked without paramaters it shows current options

exit|quit|q|Ctrl+D
  Exit penelope

Bonus

There are also included two sample exploit simulation scripts to demonstrate how penelope can be imported and get shell on the same terminal. Furthermore, one bash script is included that automatically upgrades Unix shells to PTY using xdotool.

TODO

Features

  • currenly download/upload/spawn/upgrade commands are supported only on Unix shells.
  • port forwarding
  • persistence
  • edit command: open the remote file locally, make changes and upon saving, upload it to target
  • ability to specify a list of commands to run automatically on target and/or the main menu
  • execute a local script on target and get the output on a local file
  • main menu autocompletion for short commands
  • download/upload progress bar
  • download/upload autocompletion
  • IPv6
  • encryption
  • UDP

Bugs

  • Ctrl-C on main menu has not the expected behaviour yet. However can still stop commands like 'download'.
  • Session logging: when executing commands with alternate buffers like nano on target, then when cat the log it seems corrupted. However the data are still there.

Misc

  • apply some PEP8
  • consider autorunning bash -l on new shells
  • better way to handle duplicate downloads

Limitations

  • emojis don't appear on mate-terminal (parrot OS)
  • download command: path links are not clickable on qterminal (Kali Linux)
  • penelope menu commands and PTY autoresize operate on the same socket. This could be an advantage but it has a side effect that for example if nano is open on target, then detaching the session and attempt a download, penelope copes with that by sending Ctrl-Z -> Ctrl-E -> Ctrl-U. Then must run fg to get the process back. Maybe consider to spawn extra socket for controling the session in the future. However, if before executing a menu command, the target's terminal if left on a clear state, then there is no problem.
Comments
  • Upload not working

    Upload not working

    Hello, just found this tool last night and it looks amazing. Just starting to play around with it this evening and I have a great reverse shell (multiple shells with the maintain function) and I have tried to upload files unsuccessfully multiple times.

    Here's what one session looks like when trying to use the run upload_privesc_scripts command

    image

    The session gets disconnected and then says the upload was successful and then tells you there there are no sessions.

    Here's another time when I tried to upload the linpeas.sh script from my system to the remote machine and the session was disconnected again but I had enabled the maintain function and a new shell was spawned. None of the file are visible on the remote system. I have validated that I can write files to the location that I am trying to upload to

    image

    I was able to do a download. I downloaded the entire /etc/ directory without any issue.

    The system is running CentOS release 5.6 (Final) Linux version 2.6.18-238.12.1.el5 ([email protected]) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Tue May 31 13:23:01 EDT 2011

    Great tool even without the upload, but I will definitely have an even bigger ear to ear grin if I can get the upload working.

    Thanks for an excellent tool!

    opened by robertstrom 4
  • multiple session break console output

    multiple session break console output

    Hi,

    First of all, this tool is amazing. Right now i facing weird issue is that the console just simply messed up after receiving more than 2 connection.

    I attached screenshot to visually describe the issue Capture

    thank you!

    bug 
    opened by RamadhanAmizudin 4
  • Use

    Use "script /dev/null" instead of relying on Python for PTY upgrade

    The shell command "script /dev/null" (and some variations) work without spawning a Python process to launch a PTY shell.

    I'd recommend doing this before trying to do the better known Python method, as it is more reliable.

    enhancement 
    opened by darrenmartyn 4
  • Invalid shell from *

    Invalid shell from *

    Hi When I am trying to connect to the shell through Linux ubuntu 5.11.0-34-generic (using fish shell), it is writing to me: "Invalid shell from"

    opened by NirLevy98 3
  • More privesc scripts

    More privesc scripts

    It would be awesome if you added deepce (Docker enumeration ) , PrivescCheck (Fancy script)

    options.recon_scripts = {
    'Unix':[
    	'https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh',
    	'https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh',
    	'https://raw.githubusercontent.com/stealthcopter/deepce/main/deepce.sh'
    ],
    'Windows':[
    	'https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1',
    	'https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1'
    ]}
    
    enhancement 
    opened by zAbuQasem 2
  • new feature: Interact console

    new feature: Interact console

    I'm glad to see the creation of this tool,During my use, I came up with a new idea: Can I connect to the current penelope console at another terminal by running the same command again? This makes it easy for me to connect and manage multiple sessions at the same time

    enhancement 
    opened by WAY29 2
  • TERM=xterm-256color for all connection is a slight issue with old Linux versions

    TERM=xterm-256color for all connection is a slight issue with old Linux versions

    Hello,

    I'm working on a very old version of Red Hat (Linux tophat.acme.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 athlon i386 GNU/Linux) and I noticed this when using penelope and trying to clear the screen it would not work and you would get an error about unknown terminal xterm-256color

    image

    Trying to clear the terminal

    image

    Environment

    image

    Setting the TERM variable to TERM=xterm image

    The clear command works now

    image

    Not a huge deal by any means, not sure if you were aware or had experienced this or not and not sure if you can check for something like this and set the TERM variable to a standard xterm if xterm-256color is not possible.

    Thanks for the great tool! I'm loving using it and cannot wait to, hopefully, see some updates in the not too distant future (Windows multiple sessions , etc. ;-) )

    opened by robertstrom 1
  • Appreciation

    Appreciation

    I loved your script I have a question can you do some type of stuff like if its windows shell instead of aborting the shell it starts the shell with non tty mode

    bug good first issue 
    opened by root-tanishq 1
  • Questions about v0.9.2

    Questions about v0.9.2

    Hello, I'm about to pull down v0.9.2 and was wondering if you could elaborate on what these two statements translate to.

    • Removed Unix 'advanced' shell support
    • Removed PTY Windows shell support temporarily

    I'm particularly interested in the Windows shell support. Does this mean that using v0.9.2 of penelope no longer supports any Windows reverse shells, or no longer supports some subset of Windows reverse shells?

    What does the removal of Unix 'advanced' shell support mean as far as reduced functionality?

    Thanks again for an excellent tool!! Very glad to see some development updates.

    opened by robertstrom 1
  • Download files /folders

    Download files /folders

    Hi, great work with penelope! My target machine is windows client, so it is not possible to upgrade shell to PTY. When I try do download a file / folder it does not show up "download sucsseful" and the file is not stored on the penelope location it should be. So, is it because the shell is not PTY? Isn t it possible to download files with the simple shell? And, if it isn t, Is there any command to see contents of files on targest system, instead of downloading them? Thanks

    opened by darkness2020 2
Releases(v0.9.2)
  • v0.9.2(Dec 18, 2022)

    Features added:

    • Added PEASS-ng module
    • Introduced tasks (execute remote command from file/memory in background and get the output in a local file)
    • Introduced 'exec' menu command
    • Introduced progress bar for download/upload

    Improvements

    • Enriched Unix shell PTY upgrade process
    • Changed terminal resize functionality from auto to realtime
    • Improved download and upload functionalities
    • Fixed several bugs

    Changes

    • Introduce 'agent' mode (needs python on target) for smoother interaction with the targets
    • Introduce 'control session' concept when python is not available
    • Removed PTY Windows shell support temporarily
    • Removed Unix 'advanced' shell support
    Source code(tar.gz)
    Source code(zip)
  • v0.8.5(May 11, 2022)

    Features added:

    • Configuration file
    • Interfaces command
    • Multiple listeners at once via command line

    Changes

    • Removed 'recon' command and implemented 'run' command
    Source code(tar.gz)
    Source code(zip)
  • v0.8.4(Jan 24, 2022)

    Features added:

    • Maintain X active sessions
    • Spawn to another port and/or host
    • Compatibility with Python >= 3.6
    • Upload exploitdb exploit from URL

    Changes

    • No detaching or PTY resize while on alternate buffer
    Source code(tar.gz)
    Source code(zip)
  • v0.8.0(Jan 24, 2022)

    Initial release

    Features

    • Auto-upgrade shells to PTY (auto-resize included)
    • Logging interaction with the targets
    • Download files from targets
    • Upload files to targets
    • Upload preset scripts to targets
    • Spawn backup shells
    • Multiple sessions
    • Multiple listeners
    • Can be imported by exploits and get shell on the same terminal
    Source code(tar.gz)
    Source code(zip)
github action test, because I dont know it.

mad-y testing testing pip install -r requirements.txt add the DISCORD_TOKEN value to your env vars. and run mad-y how to Deploy ` docker build -t mad-

Mit 1 Oct 29, 2021
Python tools for working with Orbit Ephemeris Messages (OEMs).

Python Orbit Ephemeris Message tools Python tools for working with Orbit Ephemeris Messages (OEMs). Development Status Installation The oem package is

Brad Sease 4 Apr 06, 2022
Python based scripts for obtaining system information from Linux.

sysinfo Python based scripts for obtaining system information from Linux. Python2 and Python3 compatible Output in JSON format Simple scripts and exte

Petr Vavrin 70 Dec 20, 2022
A curated list of awesome things related to Pydantic! 🌪️

Awesome Pydantic A curated list of awesome things related to Pydantic. These packages have not been vetted or approved by the pydantic team. Feel free

Marcelo Trylesinski 186 Jan 05, 2023
A continuation Of Project Glow By @glowstik-yt

Project Glow Greetings, I see you have stumbled upon project glow. Project glow is an open source bot worked on by many people to create a good and sa

1 Nov 17, 2021
A working roblox account generator it doesnt bypass the capcha stuff cuz these didnt showed up in my test runs

A working roblox account generator (state 11.5.2021) it doesnt bypass the capcha stuff cuz these didnt showed up in my test runs

TerrificTable 22 Jan 03, 2023
A scuffed remake of Kahoot... Made by Y9 and Y10 SHSB

A scuffed remake of Kahoot... Made by Y9 and Y10 SHSB

Tobiloba Kujore 3 Oct 28, 2022
Run python scripts and pass data between multiple python and node processes using this npm module

Run python scripts and pass data between multiple python and node processes using this npm module. process-communication has a event based architecture for interacting with python data and errors ins

Tyler Laceby 2 Aug 06, 2021
Larvamatch - Find your larva or punk match.

LarvaMatch Find your larva or punk match. UI TBD API (not started) The API will allow you to specify a punk by token id to find a larva match, and vic

1 Jan 02, 2022
Utils to quickly evaluate many 🤗 models on the GLUE tasks

Utils to quickly evaluate many 🤗 models on the GLUE tasks

Przemyslaw K. Joniak 1 Dec 22, 2021
Create a program for generator Truth Table

Python-Truth-Table-Ver-1.0 Create a program for generator Truth Table in here you have to install truth-table-generator module for python modules inst

JehanKandy 10 Jul 13, 2022
Intelligent Systems Project In Python

Intelligent Systems Project In Python

RLLAB 3 May 16, 2022
A Blender addon to enable reloading linked libraries from UI.

library_reload_linked_libraries A Blender addon to enable reloading linked libraries from UI.

3 Nov 27, 2022
Ontario-Covid-Screening - An automated Covid-19 School Screening Tool for Ontario

Ontario-Covid19-Screening An automated Covid-19 School Screening Tool for Ontari

Rayan K 0 Feb 20, 2022
PyPIContents is an application that generates a Module Index from the Python Package Index (PyPI) and also from various versions of the Python Standard Library.

PyPIContents is an application that generates a Module Index from the Python Package Index (PyPI) and also from various versions of the Python Standar

Collage Labs 10 Nov 19, 2022
A collection of Python library code for building Python applications.

Abseil Python Common Libraries This repository is a collection of Python library code for building Python applications. The code is collected from Goo

Abseil 2k Jan 07, 2023
Search and Find Jobs in Ethiopia

✨ EthioJobs ✨ Search and Find Jobs in Ethiopia Easy start critical warning Use pycharm No vscode No sublime No Vim No nothing when you want to use

Abdimk 12 Nov 09, 2022
aaencode for python,把python代码转换为颜文字

py-aaencode aaencode for python,把python代码转换为颜文字 compile.py: 将python编译成颜文字,编译结果有随机性,可以选择BPE词表压缩代码 compile_min.py: 最小化的编译器 compiled_min.txt: 编译得到的最小的com

11 Dec 30, 2021
Цифрова збрoя проти xуйлoвської пропаганди.

Паляниця Цифрова зброя проти xуйлoвської пропаганди. Щоб негайно почати шкварити рашистські сайти – мерщій у швидкий старт! ⚡️ А коли ворожі сервери в

8 Mar 22, 2022
Repo created for the purpose of adding any kind of programs and projects

Programs and Project Repository A repository for adding programs and projects of any kind starting from beginners level to expert ones Contributing to

Unicorn Dev Community 3 Nov 02, 2022