Reverse-shell handler & post-exploitation console — the eights to wraith's aces.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for gusta-ve from gravatar.com gusta-ve

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Gustavo Almeida
  • Tags offensive-security , pentest , post-exploitation , red-team , reverse-shell , security
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

hickok

A reverse-shell handler and post-exploitation console. Catch shells on multiple listeners, run commands, upgrade to a full PTY, and generate reverse-shell one-liners — from one dependency-free CLI.

It's the other half of a hand: wraith holds the aces — it does the recon and proves the way in; hickok brings the eights — it acts on what wraith caught. Aces and eights, the dead man's hand.

CI Python 3.10+ MIT

Install

pipx install hickok

Or from a clone: pip install -e . — or run it with no install at all: PYTHONPATH=src python3 -m hickok.

Usage

The listener is the default command, so a bare hickok starts catching shells:

hickok                                   # listen on :9001, drop into the console
hickok -l 9001,9002 --lhost 10.10.14.7   # multiple listeners, fixed LHOST
hickok payloads 10.10.14.7 9001          # print reverse-shell one-liners
hickok hand                              # act on wraith's latest run (found on its own)
hickok hand path/to/findings.json        # ...or a specific one

Inside the console:

hickok>
  sessions          list connected shells
  payloads          reverse-shell one-liners for your LHOST
  cmd 1 id          run a command on session 1
  upgrade 1         turn a dumb shell into a PTY
  interact 1        attach (detach with Ctrl-])
  kill 1            drop a session

The bridge — hickok hand

hickok hand picks up wraith's latest run on its own — wraith writes to a fixed per-user dir (~/.local/share/wraith/runs/, or wherever WRAITH_RUNS points) that both tools agree on, so it works from any directory. It reads the table, lists what wraith found, and flags every finding that means code execution (command injection, SSTI, …) — those are the doors to a shell.

hickok hand                          # wraith's latest run, wherever you are
hickok hand path/to/findings.json    # ...or a specific one

  [Critical] Command Injection in 'host'   http://target/ping   ⮕ shell
  [High]     SSTI in 'name'                http://target/render ⮕ shell
  [High]     Reflected XSS in 'q'          http://target/search

      ┌─────┐   ┌─────┐   ┌─────┐   ┌─────┐
      │ A♠  │   │ A♣  │   │ 8♠  │   │ 8♣  │
      └─────┘   └─────┘   └─────┘   └─────┘

  aces and eights — the dead man's hand.

wraith deals the aces; hickok brings the eights. The hand is complete.

Disclaimer

Built for authorized security testing and research — point it where you're meant to. What anyone does with it from there is theirs alone; the author takes no responsibility for misuse.

License

MIT.

in memory of J.B. Hickok — shot holding aces and eights, Deadwood, 1876.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for gusta-ve from gravatar.com gusta-ve

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Gustavo Almeida
  • Tags offensive-security , pentest , post-exploitation , red-team , reverse-shell , security
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.7.0

0.6.0

0.5.0

0.4.1

0.4.0

0.3.1

0.3.0

This version

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hickok-0.2.0.tar.gz (14.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hickok-0.2.0-py3-none-any.whl (15.1 kB view details)

Uploaded Python 3

File details

Details for the file hickok-0.2.0.tar.gz.

File metadata

  • Download URL: hickok-0.2.0.tar.gz
  • Upload date:
  • Size: 14.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hickok-0.2.0.tar.gz
Algorithm Hash digest
SHA256 7a54a6a8a4da19df123fbdf03dfda96fc93ab711464f67dd3f3ef53a55457810
MD5 285fbad00c3a2f4e52265f85e720c763
BLAKE2b-256 ff9b96f6d1478262dc4ece5cbb2d88d80f68c5954dc04d666245ddd160e52c4a

See more details on using hashes here.

Provenance

The following attestation bundles were made for hickok-0.2.0.tar.gz:

Publisher: release.yml on gusta-ve/hickok

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file hickok-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: hickok-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 15.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for hickok-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 1ca76252a3c3db7ac630ed83989832fdbfa778110444afc73ee67b7340f7e26f
MD5 462fd80a9e42493e7eb7a1ca38bfbb36
BLAKE2b-256 01adc245eb8fbfaeac33890b50609ac8431e60dbfcc821b467dc6255bb89274b

See more details on using hashes here.

Provenance

The following attestation bundles were made for hickok-0.2.0-py3-none-any.whl:

Publisher: release.yml on gusta-ve/hickok

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page