EN
ENNA

Penelope

GPL-3.0

๐Ÿ”ฅ Offensive Ops ยท Python

Penelope is an advanced shell handler designed to replace netcat as the go-to reverse shell listener during penetration tests. Written in Python with zero external dependencies, it automatically upgrades received shells to fully interactive PTYs with tab completion, history, and job control - eliminating the manual 'python -c import pty' dance. Penelope handles multiple simultaneous shell sessions with a clean interface for switching between them, provides built-in file upload and download without needing to set up separate transfer servers, automatically logs all session activity for reporting, and can generate reverse shell payloads for various platforms and languages. It supports encrypted shells, can spawn listeners on multiple ports, and includes a command history searchable across sessions.

1.6kstars
182forks
3issues
Updated 7d ago
View on GitHub

Installation

pip

$ pip install penelope-shell

from source

$ git clone https://github.com/brightio/penelope.git && cd penelope && python penelope.py

Use Cases

  • Handling reverse shells with automatic PTY upgrade and interactive features
  • Managing multiple simultaneous shell sessions during penetration tests
  • Transferring files to and from compromised hosts without additional tools
  • Generating reverse shell one-liners for various languages and platforms
  • Logging all shell session activity automatically for engagement reporting

Tags

reverse-shellhandlerptymulti-sessionfile-transferred-teamctfctf-toolshacktheboxoscposcp-toolsrceshell-handlertryhackmetty

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
Python
License
GPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos

Links

GitHub Repository

github.com/brightio/penelope

Releases

github.com/brightio/penelope/releases

Issues

github.com/brightio/penelope/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Villain

Python

Windows and Linux backdoor generator and handler. Auto-obfuscation, multi-session, and reverse shell management.

Compare Penelope vs Villain

hoaxshell

Python

Unconventional Windows reverse shell using HTTP(S) traffic - fully undetectable by Microsoft Defender.

Compare Penelope vs hoaxshell

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound