// the find
0dayCTF/reverse-shell-generator
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
A browser-based UI for generating reverse shell one-liners across bash, Python, PowerShell, PHP, and a dozen other runtimes. The hosted version at revshells.com is the actual product — the repo is mostly the source behind it. Aimed squarely at CTF players and pentesters who want to stop hunting through cheatsheets mid-engagement.
Covers an unusually wide range of shells including HoaxShell integration for HTTP-based C2, which most similar tools skip. URI and Base64 encoding built in saves the extra manual step when you're working with a WAF. Docker support means you can run a local instance air-gapped from revshells.com if your engagement requires it. LocalStorage persistence means your IP/port config survives a browser refresh.
The JS stack is vanilla jQuery + Bootstrap 4 with vendored assets in the repo — nothing about this codebase is modern or maintainable, and adding new shell types means hand-editing js/data.js. No test coverage whatsoever, so a contributed shell template that subtly breaks encoding goes in undetected. The obfuscation transformer is a bizarre inclusion for an open-source security tool — it obscures client-side code but adds zero security value and makes contributions harder to audit. Self-hosting requires Netlify CLI for the raw-link server function to work; plain nginx won't cut it.