, Project structure
- server.py — listens for incoming connections, executes commands on the target machine, and processes files
- backdoor.py — the client is on the "victim" side: connects to the server and waits for commands
- README.md — explains how to configure IP and ports and shows a list of commands
, Key features
- Reverse shell — remote command execution
- File transfer — upload and download between machines
- A wealth of JSON communication — message structures for reliability
- Automatic reconnection — the client tries to reconnect
- CLI interface — commands: cd, upload, download, clear, quit, others
:contentReference[oaicite:1]{index=1}
Why is this necessary?
- Learning objectives: the best way to understand how shell feedback and socket programming work
- Pentest / CTF practice: practicing remote access and file transfer skills
- Ethical hacking: understanding the mechanics and protection of such tools
Important: the ethical aspect
The author emphasizes: use it only for educational purposes, and only in permitted environments. Unauthorized use may be considered illegal.
Quick start
1. Set up an IP address in server.py , run:
Bash:
python server.py2. Set up the IP in backdoor.py , run on the target machine:
Bash:
python backdoor.py3. Manage:
- cd <dir> — directory change
- upload <file> / download <file>
- clear, quit, or run a system command
, Pumping opportunities
- Add TLS encryption — for channel security
- Implement authentication to filter connecting clients
- Switch to asynchronous asyncio for scalability
- Add a one-way control channel via HTTP/WebSocket (C2 command center)
- Integrate into CI for learning — automatically deploy sandbox and work out commands
Link - >
