MagicShells - Webshell and Reverse Shell Generator

A browser-based tool for generating webshells and reverse shells with file upload bypass techniques for penetration testing and CTF challenges.

Author: melmols

Requirements

Any modern browser (Chrome, Firefox, Edge, Safari). No install, no server, no internet connection required.

Installation

• git clone https://github.com/melmols/MagicShells
• cd MagicShells
• open magicshells.html

Supported Modes

Mode	Description
Webshell	Generate webshells with upload bypass variants and curl commands
Reverse Shell	Generate reverse shell one-liners for multiple languages
Stabilize	Shell upgrade steps and Evil-WinRM command generator

Webshell Tab

Generates ready-to-upload webshell files with bypass variants for restricted upload endpoints.

Supported Shell Types

Shell	Extension
PHP (system)	.php
PHP (passthru)	.php
PHP (exec)	.php
PHP (shell_exec)	.php
PHP (full)	.php
Classic ASP	.asp
ASPX (C#)	.aspx
ColdFusion	.cfm
JSP	.jsp
Node.js	.js
Perl CGI	.pl

File Upload Bypass Techniques

Variant	Technique
.php	Standard extension
.php5	Alternate PHP extension
.php7	Alternate PHP extension
.phtml	Alternative PHP handler
.pHp	Case swap bypass
.php.jpg	Double extension — PHP executes, appears as image
.php.pdf	Double extension — PHP executes, appears as PDF
.jpg	Extension swap — shell disguised as image (use with magic bytes)
.pdf	Extension swap — shell disguised as PDF (use with magic bytes)
.shtml	Server-side include handler

Magic Bytes

Prepend file magic bytes to help bypass content-type checks:

• None - plain shell
• PDF - prepends %PDF-1.4\n
• GIF - prepends GIF89a;\n
• JPEG - JPEG magic bytes via curl command

Output Tabs

• Shell File - copy or download the raw webshell
• Curl Command - ready-to-run curl upload command with correct MIME type
• All Variants - every bypass variant with individual copy/download per entry
• Trigger URL - build the GET request URL to fire the uploaded shell

Trigger URL

After upload, paste the shell's public URL into the Trigger URL tab. MagicShells generates the full GET request with the command parameter pre-filled, ready to copy or open.

Reverse Shell Tab

Generates reverse shell one-liners. Enter LHOST and LPORT, select your shells, and copy.

Supported Shell Types

Shell	Notes
Bash	/dev/tcp redirect
Bash (196)	File descriptor variant
Python 3	socket + pty
Python 2	socket + pty
Netcat (-e)	Traditional nc with -e
Netcat (mkfifo)	Named pipe variant, works without -e
Ncat	nmap's ncat with --sh-exec
PowerShell	Raw PowerShell TCP reverse shell
PowerShell (encoded)	Base64-encoded for WAF/AV bypass
PHP reverse	PHP socket reverse shell
Ruby	Ruby TCPSocket
Perl	Perl IO::Socket

URL Encode Toggle

Toggle URL encode in the reverse shell output panel to percent-encode payloads for delivery via GET parameters or curl commands.

Stabilize Tab

Step-by-step shell upgrade reference for both Linux and Windows targets.

Linux

Step	Command
Spawn PTY	python3 -c 'import pty; pty.spawn("/bin/bash")' (or python/script fallbacks)
Background	Ctrl+Z
Raw terminal	stty raw -echo; fg
Set TERM	export TERM=xterm
Fix rows/cols	stty rows N cols N (auto-filled from your terminal size)

Windows

Step	Action
rlwrap	Wrap listener with rlwrap nc -lvnp PORT for arrow keys
PowerShell upgrade	Drop into PowerShell from cmd
Check privileges	whoami /all
AMSI bypass	In-memory bypass one-liner

All step commands have individual copy buttons.

Evil-WinRM Generator

Builds the evil-winrm connection command from:

Field	Notes
IP	Target host
Port	Default 5985 (HTTP) or 5986 (HTTPS)
Username	Domain or local user
Password	Plaintext password
NTLM Hash	Pass-the-hash — leave password blank
SSL	Switches port default to 5986, adds -S flag

Features

• No server required - open directly in any browser, works fully offline
• Shell tooltips - hover any shell card to see what it does and when to use it
• Per-variant controls - copy shell or curl command for each bypass variant individually
• Magic byte injection - prepend PDF, GIF, or JPEG bytes to bypass content-type filters
• Custom code - paste your own shell and use {param} as the command placeholder
• PowerShell base64 - encodes UTF-16LE in-browser for encoded payload generation
• Listener reminder - displays nc -lvnp PORT with a copy button
• Trigger URL - generate the full GET request URL to fire an uploaded webshell
• URL encode toggle - percent-encode reverse shell payloads for URL delivery
• Stabilize tab - Linux and Windows shell upgrade steps with copy buttons
• Evil-WinRM generator - build password or pass-the-hash WinRM connection commands

Usage

Webshell

1. Open magicshells.html and stay on the Webshell tab
2. Select a shell type
3. Set your filename, GET parameter name, and (optionally) upload target URL
4. Select magic bytes if needed
5. Click Generate
6. Use the Shell File tab to download/copy the shell, Curl Command for the upload command, All Variants for all bypass combinations, or Trigger URL to build the execution request

Reverse Shell

1. Switch to the Reverse Shell tab
2. Enter your LHOST and LPORT
3. Select which shell types to generate
4. Click Generate Shells
5. Start your listener with the displayed nc -lvnp command, then copy and run the shell of your choice
6. Toggle URL encode if delivering the payload via a URL parameter

Stabilize

1. Switch to the Stabilize tab
2. Select Linux or Windows
3. Follow the steps in order — copy each command with the button on the right
4. For Evil-WinRM: fill in the target details and click Generate

Example Workflow

Start your listener in a terminal:

nc -lvnp 4444

Then generate and deliver the reverse shell payload using MagicShells.

For webshell upload with magic byte bypass:

# Example curl command generated by MagicShells
curl -s -X POST http://target/upload \
  -F "file=@shell.php.jpg;type=image/jpeg"

Once uploaded, use the Trigger URL tab to build and copy the execution request.

Privacy

All processing is done client-side in JavaScript. No data is sent anywhere.