Docs · Tools
Reverse Shell / Listener
Catch a connect-back during an authorized engagement. The Listener opens a socket and waits; the payload generator produces a matching one-liner for the test host. Sessions time out automatically so nothing is left listening forever.
- Category
- Offensive (authorized)
- Powered by
pure-Python sockets- Edition
- Pro
- Where
- Desktop → Listener tab
What it does
- Listener — binds a local port and waits for an inbound connection from a test host, giving you an interactive session for authorized post-exploitation validation.
- Payload generator — emits a ready-to-use connect-back one-liner (host/port pre-filled) for common shells.
- Auto-timeout — the listener closes after ~600s of inactivity so you never leave an open socket behind.
How to use it
1
Start the listener
Set the bind address and port and start listening.
text
Listen: 0.0.0.0:4444 (use your engagement's agreed callback port)2
Generate the payload
Copy the generated one-liner and run it only on a host that is in scope for your test.
3
Interact, then close
When the session connects, validate access, capture evidence, and stop the listener (or let it time out).
Modes & options
- Bind host/port — choose the interface and callback port.
- Payload shell — pick the shell variant for the target environment.
- Timeout — sessions auto-close (~600s) to avoid stray listeners.
What you get
An interactive session console for the connected host, plus the generated payload string. Capture what you need for your report, then tear it down.
Tips
- Use the callback port agreed in your rules of engagement.
- Always stop the listener when finished — do not leave it running on shared networks.
Authorized use only. Reverse shells are powerful and easily misused. Use the Listener and payloads exclusively on systems within an authorized engagement. Running them against systems you do not own is illegal and unethical.