Added option for filling powershell-log. It will start a bunch of powershell sessions, passing a long string and exit. This will fill the log, when scriptblock logging is enabled, effectively pushing out earlier log entries and thus removing the event of the shell itself spawning. Could prevent EDR detection. Tested with success on SentinelOne.
Fixed confusing menu selections. Removed auto-enter on selecting options on most menus.
Added Metasploit Multi/handler Listener
Added Powershell ETW-patch
Added Powershell embedded full AMSI-bypass.
Added payload length check. The maximum length of the string that you can use at the Windows command prompt (cmd.exe) is 8191 character.
Fixed Powershell SSL-shell
Added variable expansion on the powershell payload, making it run from e.g. batch-files without modifying it
Renaming to Shellz
Listener started in new window. (Optional on Linux)
Powershell: Added option for reflective loading Sharpcat
PowerShell: New custom SSL shell
PowerShell: Added options for choosing TCP/UDP/SSL
PowerShell/OpenSSL: Defaulting to correct listener when using SSL
Updated installer to use wrapper-script (remember to delete /usr/local/bin/shells when upgrading from < 1.5.8)
PowerShell: Buildt a unique TCP revshell, that is not using Net.Sockets.TCPClient
PowerShell: Remote errormessages now being properly displayed
PHP: added options and more payloads
Added option on other payloads for changing shell
Powershell: Fixed the NIX payload
Powershell: Updated the payload for reflective loading C#
Powershell: Added options for payload in menu.
PowerShell: Changed revshell for bypassing more AV vendors
Powershell: Added firewall-rule, preventing MS ATP from phoning home (if the running user has access)
Powershell: Updated VBA (MS Office Macros)
PowerShell: Disabling scriptblock logging and CheckSuspiciousContent
PowerShell: Clears PowerShell eventlogs (if the running user has access)
PowerShell: Added VBA payloads for MS Office Macros
Added some node.js payloads
Added a simple C# shell.
Added payload for reflective loading the C# shell into memory. (Needs full AMSI bypass)
Covering this by adding Rastamouse's full AMSI Bypass
PowerShell: You can automatically upload and run full AMSI bypass. The partitial AMSI bypass makes this possible.
C# Shell: Automatically upload and run full AMSI bypass before loading it into memory
Updog and ngrok status showing in every menu
Sometimes less is more. Removed the obfuscating on TCP/UDP PowerShell revshells, because it actually triggers AV more than it bypasses and the payload got really big :-) Still using randomization.
Added webshells (ASPX, PHP, JSP)
Added 2 c++ revshell binaries for Windows 32 and 64 bit.
Fixed the handling of starting/stopping Updog
Added Updog support
Added Netcat binaries.
Powershell: Created upload/download functionality (upload requires Updog for receiving files)
Added more information about running ngrok and Updog.
PowerShell: Added a new "mini AMSI-bypass". (It is a partial bypass) Based on Matt Graebers Reflection method
PowerShell: Added a "upload" function in the Powershell reverseshell
Removed AMSI. Not tested enough :-)
Added AMSI-bypass for the powershell payloads
Fixed bug when setting port
Changed default port to 443
PowerShell: obfuscated some more
PowerShell: Minor changes to the UDP payload
Using only native nc on macOS, because the one on homebrew doesn't work on incoming UDP
PowerShell: Added UDP payloads
PowerShell: Added more payloads
PowerShell: Added some randomization and obfuscation for the payload
PowerShell: Using UTF8 encoding in payload
Fixed bug in Python revshell
Added Bash UDP
Added Windows Python revshells
Added a ngrok running-status
Hiding ngrok choice if not installed
Fixed the install options: not doing default option when pressing enter without making a choice
Added support for ngrok.
Added a install-script
Added install options for checking and installing missing dependencies
Added a couple of PHP shells
Added shells for: Ruby, Perl, Telnet and zsh
Added copy to clipboard using pbcopy on macOS
Added info about listening netcat as the macOS versions doesn't display that
Added looping netcat shells. Calls back every 10 seconds. Great in case you loose your shell
Added check for netcat GNU netcat 0.7.0 Homebrew when running on macOS