Phantom is a multi-platform HTTP(S) Reverse Shell server and client in Python 3. Binaries for Linux and Windows platforms can be built through an embedded script that executes PyInstaller.

Reverse shells can be established through HTTP or HTTPS. The certificates used for HTTPS can be auto-generated by Phantom or supplied by the user.

Phantom includes a helper shell script that enables the fast generation of self-signed certificates for use of both servers and clients. After generation, the server and certificate authority certificates required for encrypted connections are bundled in the binaries for portability and ease of execution.

Try it out!

Simply head over to the dist directory and download the pre-built Linux/Unix or Windows binaries.

The HTTP client files are set to connect to http://localhost:8080, whereas the HTTPS client bundles a CA certificate file for https://localhost:4443 and will only connect to this socket. With that in mind, choose either HTTP or HTTPS and run the server on one shell:

./linux_server http://localhost:8080
            <-- or -->
./linux_server https://localhost:4443

And the client on another one…

     <-- or -->

The same procedure works for the Windows binaries.

download the HTTP binaries from dist and you’re done. Execute the binaries with the --help option for instructions.

multiple methods or by a simple execution of the helper script.

Once the certificates are ready you only need to follow the steps from the Build and Run section below.

Poetry (recommended) and Virtualenv. You need to install all dependencies before building binaries.

git clone
cd BCA-Phantom
poetry install <--or--> pip install -r requirements.txt