Reverse Shell Cheat Sheet Logo

Reverse Shell Cheat Sheet

0
Free
Updated 11 March 2025
Offensive Security
Reverse Shell
Command Execution
Penetration Testing
Vulnerability Exploitation
Visit Website

If you're lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you'll probably want an interactive shell. If it's not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either throwing back a reverse shell or binding a shell to a TCP port. This page deals with the former. Your options for creating a reverse shell are limited by the scripting languages installed on the target system – though you could probably upload a binary program too if you're suitably well prepared. The examples shown are tailored to Unix-like systems. Some of the examples below should also work on Windows if you use substitute "/bin/sh -i" with "cmd.exe". Each of the methods below is aimed to be a one-liner that you can copy/paste. As such they're quite short lines, but not very readable.

FEATURES

EXPLORE BY TAGS

Reverse Shell

Command Execution

Penetration Testing

Vulnerability Exploitation

SIMILAR TOOLS

NSBrute Logo
NSBrute

A Python utility to takeover domains vulnerable to AWS NS Takeover

Free
Offensive Security
Reverse Shell Manager Logo
Reverse Shell Manager

A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.

Free
Offensive Security
Maigret The Commissioner Logo
Maigret The Commissioner

Online Telegram bot for collecting information on individuals from various websites.

Free
Offensive Security
tko-subs Logo
tko-subs

A tool for detecting and taking over subdomains with dead DNS records

Free
Offensive Security
SmashTheStack Wargaming Network Logo
SmashTheStack Wargaming Network

A wargaming network for penetration testers to practice their skills in a realistic environment.

Free
Offensive Security
SprayingToolkit Logo
SprayingToolkit

A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.

Free
Offensive Security
SSRFmap Logo
SSRFmap

Automatic SSRF fuzzer and exploitation tool

Free
Offensive Security
Harpoon Logo
Harpoon

A collection of tips and tricks for container and container orchestration hacking

Free
Offensive Security
EvilClippy Logo
EvilClippy

A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.

Free
Offensive Security

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy