Reverse-shell handler & post-exploitation console — the eights to wraith's aces.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for gusta-ve from gravatar.com gusta-ve

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Gustavo Almeida
  • Tags offensive-security , pentest , post-exploitation , red-team , reverse-shell , security
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

hickok

A reverse-shell handler and post-exploitation console. Catch shells on multiple listeners, run commands, upgrade to a full PTY, and generate reverse-shell one-liners — from one dependency-free CLI.

It's the other half of a hand: wraith holds the aces — it does the recon and proves the way in; hickok brings the eights — it acts on what wraith caught. Aces and eights, the dead man's hand.

CI Python 3.10+ MIT

Install

pipx install hickok

Or from a clone: pip install -e . — or run it with no install at all: PYTHONPATH=src python3 -m hickok.

Usage

The listener is the default command, so a bare hickok starts catching shells:

hickok                                   # listen on :9001, drop into the console
hickok -l 9001,9002 --lhost 10.10.14.7   # multiple listeners, fixed LHOST
hickok payloads 10.10.14.7 9001          # print reverse-shell one-liners
hickok hand                              # act on the latest wraith run (./wraith-runs/)
hickok hand path/to/findings.json        # ...or a specific one

Inside the console:

hickok>
  sessions          list connected shells
  payloads          reverse-shell one-liners for your LHOST
  cmd 1 id          run a command on session 1
  upgrade 1         turn a dumb shell into a PTY
  interact 1        attach (detach with Ctrl-])
  kill 1            drop a session

The bridge — hickok hand

Run hickok from where you ran wraith and it picks up the last run on its own — it reads the table, lists what wraith found, and flags every finding that means code execution (command injection, SSTI, …) — those are the doors to a shell.

hickok hand                                     # the latest run under ./wraith-runs/
hickok hand wraith-runs/target.com-<ts>/findings.json   # ...or a specific one

  [Critical] Command Injection in 'host'   http://target/ping   ⮕ shell
  [High]     SSTI in 'name'                http://target/render ⮕ shell
  [High]     Reflected XSS in 'q'          http://target/search

      ┌─────┐   ┌─────┐   ┌─────┐   ┌─────┐
      │ A♠  │   │ A♣  │   │ 8♠  │   │ 8♣  │
      └─────┘   └─────┘   └─────┘   └─────┘

  aces and eights — the dead man's hand.

wraith deals the aces; hickok brings the eights. The hand is complete.

Disclaimer

Built for authorized security testing and research — point it where you're meant to. What anyone does with it from there is theirs alone; the author takes no responsibility for misuse.

License

MIT.

in memory of J.B. Hickok — shot holding aces and eights, Deadwood, 1876.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for gusta-ve from gravatar.com gusta-ve

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Gustavo Almeida
  • Tags offensive-security , pentest , post-exploitation , red-team , reverse-shell , security
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.7.0

0.6.0

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

0.2.0

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hickok-0.1.3.tar.gz (13.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hickok-0.1.3-py3-none-any.whl (14.8 kB view details)

Uploaded Python 3

File details

Details for the file hickok-0.1.3.tar.gz.

File metadata

  • Download URL: hickok-0.1.3.tar.gz
  • Upload date:
  • Size: 13.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hickok-0.1.3.tar.gz
Algorithm Hash digest
SHA256 6da0ca607a375ee35295bcb41bad063c11f98bfd3f99f51883df632e4f44a861
MD5 6b33f0260fc9804a114eb1d28855d1a2
BLAKE2b-256 0138f31b297f8c415f137a84fda86d9fe6c1c8d33d5ea87f1cb1bcc9ee77deb0

See more details on using hashes here.

Provenance

The following attestation bundles were made for hickok-0.1.3.tar.gz:

Publisher: release.yml on gusta-ve/hickok

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file hickok-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: hickok-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 14.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hickok-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 38d0bafab2a7663474d5cf13beefd415553a9c929f13713c10ffff3217d58249
MD5 4210898b57c674ef8f12964dcca73ec9
BLAKE2b-256 e2f7f44c5ca7d9f3a27f5d11fac27ca4f4168aef241fffe5160045c3bc97dc99

See more details on using hashes here.

Provenance

The following attestation bundles were made for hickok-0.1.3-py3-none-any.whl:

Publisher: release.yml on gusta-ve/hickok

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page