MCPcopy Index your code
hub / github.com/0x00-0x00/ShellPop

github.com/0x00-0x00/ShellPop @0.34

Chat with this repo
repository ↗ · DeepWiki ↗ · release 0.34 ↗ · + Follow
14 symbols 47 edges 6 files 6 documented · 43%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

ShellPop

About

Pop shells like a master
Shell pop is all about popping shells. With this tools you can
generate easy and sofisticated reverse or bind shell commands
to help you during penetration tests.
Don't wast more time with .txt files storing your Reverse shells!

Installation

root@kali# python setup.py install

Module Index


Help Section

To quickly list all available options of this tools, use --help.

Command line examples

user@pc$ shellpop --help

Screenshot


Shells List

List of shells

You can list all available shellpop shells using the --list option.

Command line example

user@desktop$ shellpop --list

ShellsList

Basics


Shell Types

There is two types of payloads in this program: Bind or Reverse.


1. Reverse shell

Reverse shells use your attacker machine to serve as the "server". In this type of payload, you need both --host and --port pointing back to your machine. A handler must be set.


2. Bind shell

Bind shells use the remote host to serve the connection. In this type of payload, all you need is the --port option with a valid port number.

Command line examples

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443

Screenshot

Generating a Powershell TCP bind shell over port 1337

Screenshot


Encoders

Encoders are special options that you can use while generating shellpop payloads.

There are, currently, three encoding methods that can be applied singularly, or concurrently, and they are:

  1. XOR encoding

Uses a random numeric key (1-255) to obfuscate the payload and add a decryption stub to decrypt it.

  1. Base64 encoding

Simple base64 encoding in payload data and add a decryption stub to decrypt it.

  1. URL encoding

Simple URL encode over the final payload.

Command line examples

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443 but using URL-encoding, suitable to use over HTTP protocol.

Screenshot

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443 but encode it to base64 and set-up a wrapper to decode it. This helps when quotes are troublesome.

Screenshot

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443 URL-encoded and encoded to base64 ... Yes, you know the drill!

Screenshot

Generating a Powershell bind shell over port 1337 encoded in base64

Screenshot

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443 using --xor encoding.

Screenshot

Generating a Python TCP reverse shell to IP 1.2.3.4 at port 443 using ALL methods of encoding!

Screenshot


Protocols

Currently there is support of two protocols to land your shells:

  1. TCP
  2. UDP

Command line examples

TCP is blocked but UDP is not? Let there be shell!

Screenshot


Credits

This code is authored by Andre Marques (@zc00l) and this project's contributors.

It is made open to public the moment it was released in this github.

Any damage caused by this tool don't make any contributor, including the author, of responsibility.


Contributors

  • zc00l
  • touhidshaikh
  • lowfuel

Core symbols most depended-on inside this repo

to_urlencode
called by 2
src/encoders.py
to_unicode
called by 2
src/encoders.py
powershell_base64
called by 2
src/encoders.py
xor
called by 2
src/encoders.py
xor_wrapper
called by 2
src/classes.py
base64_wrapper
called by 2
src/classes.py
get
called by 0
src/classes.py
get
called by 0
src/classes.py

Shape

Function 6
Method 5
Class 3

Languages

Python100%

Modules by API surface

src/classes.py10 symbols
src/encoders.py4 symbols

For agents

$ claude mcp add ShellPop \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact