A WordPress plugin that provides reverse shell functionality with a graphical user interface (GUI) for configuration. This plugin allows users to configure and initiate a reverse shell connection to a specified IP address and port.
- Modular architecture (separate pages & assets)
- Web-based terminal (AJAX-powered command execution)
- Reverse shell engine with dual I/O pipe handling
- Cross-platform support (Linux / Windows)
- Bootstrap-powered modern UI
- WordPress-native integration (hooks, nonces, admin_post)
- Optimized asset loading (only on plugin pages)
- Execute system commands directly from the browser
- Real-time output rendering
- OS-aware prompt (
user@host) - AJAX-based secure request handling
- Initiates outbound connection to listener
- Uses
proc_openfor interactive shell handling - Supports:
/bin/sh(Linux/macOS)cmd.exe(Windows)
- Non-blocking stream handling for stability
- Clean navigation panel
- Modular page structure
- Interactive cards for quick access
-
Download the plugin file (
reverse-shell.zip). -
Log in to your WordPress admin panel.
-
Navigate to Plugins > Add New.
-
Click the Upload Plugin button.
-
Upload the downloaded
reverse-shell.zipfile.
-
After uploading, click Activate to enable the plugin.
- Navigate to: RSWP → Dashboard
- Go to: RSWP → Web Terminal
- Enter a command
- Press Enter
- Output will appear in real-time
-
Start a listener on your machine:
nc -lvnp 4444
-
Go to: RSWP → Reverse Shell
-
Enter:
- Attacker IP
- Port
-
Submit → connection will be attempted
add_action('wp_ajax_rswp_web_exec', 'rswp_handle_web_exec');- Uses:
fsockopenproc_openstream_select
- Implements:
- Full-duplex communication
- Non-blocking streams
| OS | Shell Used |
|---|---|
| Linux | /bin/sh |
| macOS | /bin/sh |
| Windows | cmd.exe |
This plugin is released under the MIT License.
