Free unix shell software for linux

Squirrel Shell is made as a cross-platform alternative to system shells like bash in *nix.
Main features:
- object-oriented programming;
- C++-like syntax;
- dynamic typing;
- delegation;
- generators;
- exception handling;
- weak references;
Enhancements:
- Added: fprintl() function.
- Added: regcompile(), regmatch(), regfree(), regfreeall() and regerror() functions.
- Fixed: Passing null as redirIn parameter for run() function.
- Fixed: readdir() function truncated path at the first slash.
- Fixed: Floating point numbers staring with integer part equal to zero (for example, 0.123) were treated as octal integers.
- Fixed: Documentation for printl() function.
- Fixed: Potential buffer overflow in scan() and fscan() functions.
- Fixed: substr() returned one redundant character.
- Changed: Leading and trailing spaces in paths are removed.
- Changed: SQUIRREL_VERSION is now "2.1.3.1".
- Changed: Increased internal buffer for scan() and fscan() functions.
- Changed: Removed .dummy files and source code from Windows installer.

XSS Shell script is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application.
It demonstrates the real power and damage of Cross-site Scripting attacks.
Enhancements:
Regenerating Pages
- This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment. Thus even user click any links in the infected page he or she will be still under control! (within cross-domain restrictions) In normal XSS attacks when user leaves the page you cant do anything.
- Secondly this feature keeps the session open so even victim follow an outside link from infected page session is not going to timeout and you will be still in charge.
Keylogger
- Mouse Logger (click points + current DOM)
Built-in Commands:
- Get Keylogger Data
- Get Current Page (Current rendered DOM / like screenshot)
- Get Cookie
- Execute supplied javaScript (eval)
- Get Clipboard (IE only)
- Get internal IP address (Firefox + JVM only)
- Check victims visited URL history
- DDoS
- Force to Crash victims browser
Version restrictions:
- Keylogger is not working on IE
- Possibly not going to work for framed pages because of frame regeneration.
- Not working on Konqueror
Enhancements:
- Connection drop timeout check. If your XSS Shell server is down or connection dropped because of victim itll try to repair itself.
- DoS and Crash commands added

CGI-Shell provides a shell using CGI, so everyone who has a CGI directory on a Web server can also have a shell on it. It is something like telnet or SSH.
How to install?
make
make install (you have to be root)
How to uninstall?
make uninstall (you have to be root)
The server is distributed as binary - you can also compile it yourself with "make server", but its not recommendable.
Enhancements:
- PHP support (works not if system() call is disabled in PHP)
- configuration file
- bugfixes, little improvements

Wsh, "Web Shell" is a remote UNIX/WIN shell, that works via HTTP/HTTPS. The package contains two perl scripts for server and client hosts, one C source code and one Java servlet code for the server host : the client script is for console usage and the server scripts run as CGI/Servlet scripts on the target host.
The client part provides shell-like prompt, encapsulating user commands into HTTP POST requests and sending them to the server part script on the target web server directly or via HTTP proxy server.
The server part extracts and executes commands from HTTP post requests and returns STDOUT and STDERR output as HTTP response messages. By default both scripts encode HTTP data with Xor.
Main features:
- SSL support
- Command line history support
- File upload/download
- Protect server part script usage with secret key inside HTTP message
- Data flow Xor encoding
- Can work trough HTTP proxy server.
Enhancements:
- WSH server Java servlet version was added.
- Disabled "why is it enabled ?" auth in wsh-c.conf.
- Corrected header fields mistakes in wsh-c-* (X-* => HTTP_X*)
Instalation
1. Check path to perl in the "config.pl" file;
2. Run "config.pl" : `./config.pl`
OPTIONAL ----------------------------------------------------
Modify the file "wsh-c.conf", if you want to use HTTP proxy;
use_proxy 1
proxy_ip
port
Check other client configuration options also..
-------------------------------------------------------------
3. For the wsh-s.c and WshServlet.java, check the Shell (*Nix or Win32) location;
4a. Perl server version :
+ Check path to perl and permissions of the newly created "wsh-c.pl";
+ Upload wsh-s.pl under the target cgi-bin directory and check path to perl;
4b. C server version :
+ Upload wsh-s.c under the target cgi-bin directory and compile it (remove the source code after) :
- Under *Nix : gcc -g2 -Wall -o wsh-s wsh-s.c
- Under Win32 (Visual C++) : cl /W3 wsh-s.c ws2_32.lib
- Under Win32 Cygwin : Set the WIN32_RUN variable in the source code and build it as for the *Nix version.
4c. Java servlet version :
+ Upload the java built version under a servlet executable location.
About SSL :
a. If you use a SSL wsh-c.pl client, you can configure the client to check the server certificate CN (but this check can be circumvented !):
my $ssl_set_check=1;
# (0 || 1) dont or check the webserver
# ssl certificate with internal
# ssl_crt_subject.
my $ssl_crt_subject="/C=Fr/ST=Paris/L=Paris/O=XXX/OU=XXX/CN=XXX";
=> You only have to execute the wsh-c.pl client one time and grab the CN displayed by the error message.
b. We didnt check the wsh-c-SSL.pl client on a Win32 platform. If you manage to install the Net::SSLeay on Win32 and check wsh-c-SSL.pl, send us a mail.

JSON::Shell is an interactive shell for performing JSON and JSON-RPC requests.

SYNOPSIS

$ bin/jsonshell

JSON::Shell 1.0
www.example.com/json-rpc-demo$ post { "id": 1, "method": "echoObject", "params": { "o": [ "YAY JSON~" ] } }
REQUEST: $VAR1 = {
params => {
o => [
YAY JSON~
]
},
method => echoObject,
id => 1
};

RESPONSE: $VAR1 = {
id => 1,
result => [
YAY JSON~
]
};

www.example.com/json-rpc-demo$

JSON::Shell provides an interactive debugger and workbench for JSON based web services.

MirBSD Korn Shell (mksh) is an actively developed successor of pdksh (the Public Domain Korn Shell), aimed at producing a shell good for interactive use, but with primary focus on scripting.
The project is intended to be portable to most *nix-like operating systems as long as theyre not too obscure. mksh incorporates improvements from OpenBSD and Debian, as well as bugfixes and enhancements developed for the MirOS and FreeWRT projects. The emacs command line editing mode is UTF-8 capable.
The shell supports large files, as well as all pdksh and some csh, AT&T ksh, and GNU bash features, is compatible with the Bourne shell (within limits, but you can turn off brace expansion), has no limit on array sizes, and incorporates some other useful builtins and features. While being already fast and small (without losing functionality), flags to make it even smaller can be given at compile time. An interactive shell reads "~/.mkshrc" on startup.
Enhancements:
- Packagers should read the information at http://www.mirbsd.org/mksh.htm#upgrade.
- mksh can now be built on more platforms, such as AIX, and with a lot of vendor compilers (Intel, Sun, IBM, Microsoft, Borland, Digital Mars, HP) in addition to gcc.
- Some constructs from GNU bash are supported.
- The code and build system got cleaned up, fixed, and improved further.
- Large file support on some OSes and POSIX compatibility got better.

PyGTK Shell provides widgets derived from PyGTK optimized for interactive programming as well as an interactive, extensible PyGTK console for the rapid prototyping of GUI applications. It can be embedded by PyGTK applications.