Penelope: The Modern Shell Handler That’s Redefining RCE Exploitation
Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation, aiming to simplify, accelerate, and optimize post-exploitation workflows.
Features
Session Features
| Description | Unix with Python>=2.3 | Unix without Python>=2.3 | Windows |
|---|---|---|---|
| Auto-upgrade shell | PTY | PTY(*) | readline |
| Real-time terminal resize | ✅ | ✅ | ❌ |
| Logging shell activity | ✅ | ✅ | ✅ |
| Download remote files/folders | ✅ | ✅ | ✅ |
| Upload local/HTTP files/folders | ✅ | ✅ | ✅ |
| In-memory local/HTTP script execution with real-time output downloading | ✅ | ❌ | ❌ |
| Local port forwarding | ✅ | ❌ | ❌ |
| Spawn shells on multiple tabs and/or hosts | ✅ | ✅ | ❌ |
| Maintain X amount of active shells per host no matter what | ✅ | ✅ | ❌ |
Global Features
- Streamline interaction with the targets via modules
- Multiple sessions
- Multiple listeners
- Serve files/folders via HTTP (-s switch)
- Can be imported by python3 exploits and get shell on the same terminal (see Extras)
Modules
Meterpreter module demonstration
Penelope can work in conjunction with metasploit exploits by disabling the default handler with set DisablePayloadHandler True
Install & Use
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce
