A true javascript reverse shell in NodeJS using Websockets
Inspired by XSShell, this project hosts a NodeJS server which allows you to run arbitrary javascript on connected clients
To setup the program, you’re going to need the ws package, so download the repository, then run npm i ws
to install ws.
Then, simply run node index.mjs
in order to start the server
To connect the client to the server, simply copy the contents of exploit.js
or exploit-min.js
, and change the url from ws://your.url.goes.here
to your server address. If your server is running over http (default), then the url should use ws://
. However, if you’re using another server or server host that is running over https, you should use wss://
Once a client connects, the server will start accepting input. You can use the following commands to affect the server side:
exit || q -- exits the console
help || h -- shows a help menu
clear || cls -- clears the console
socket || s -- prints all currently connected sockets
socket (0-9, *) || s (0-9, *) -- specifies the socket to run commands on (* for all sockets)
Any input that isn’t one of these commands will be sent to the currently selected client as a javascript command.