Penelope Shell Handler
What Is It?
If you've spent any time on Hack The Box, you know the pain. You pop a shell, celebrate for about three seconds, and then the real suffering begins coping with a dumb, non-interactive reverse shell that can't tab-complete, and dies if you sneeze too hard. Enter Penelope, and honestly, its the best thing since sliced bread.
What Is It?
Penelope is a wicked shell handler built as a modern netcat replacement for RCE exploitation, designed to simplify, and optimize post-exploitation workflows. It's a single Python script with zero external dependencies. Just download and run. That's it. No bloated installs, no dependency hell, no excuses not to use it.
Why It's an Absolute Game-Changer for Hack The Box
You Get a Real Shell.. Instantly
The moment a connection comes in, Penelope automatically upgrades your shell to a full PTY (if it can), complete with tab completion, arrow key history, Ctrl+C that doesn't kill your session
File Transfers Are Trivially Easy
On HTB, getting tools onto the box is half the battle. With Penelope, you can download remote files and folders, upload local files and folders, and even upload files directly from HTTP URLs all from within the session. Want to grab the latest LinPEAS straight from the internet and run it entirely in memory without touching disk? Penelope does that too, and streams the output back to you in real time.
Multiple Shells, Multiple Tabs
You can spawn shells across multiple tabs and multiple hosts simultaneously. Working on privilege escalation in one tab while running enumeration in another? Ez pz.
Everything Is Logged
Every shell interaction is automatically logged to a local file. When you're writing up your HTB report or going back to check what command gave you that juicy output 45 minutes ago, it's all there waiting for you.
Ready-to-Use Payloads, Already Filled In With YOUR IP
Run Penelope with the -a flag and it instantly spits out a full list of ready-to-copy reverse shell payloads with your actual IP and port already baked in. It detects all your network interfaces automatically, including tun0, so you don't have to go hunting for your VPN IP every time. The payloads cover pretty much every scenario you'll hit on a box: Bash, Netcat with mkfifo fallback, Python 2 and 3, PHP, Perl, Ruby, and PowerShell with base64 encoding for Windows. All pre-populated, all ready to go.
One File. No Installation Required.
The best thing of all is that penelope requires no installation as it uses only Python's stdlib. Simply download and execute the script.
The Bottom Line
If you're still catching reverse shells with plain netcat on Hack The Box, you are making your life dramatically harder than it needs to be. Penelope takes all the tedious, frustrating post-exploitation shenanigans and makes it a breeze, so you can focus on the actual hacking. It's free, it's a single Python file, and it has 1.6k stars on GitHub for a reason. It literally does not get better than that
Go get it: github.com/brightio/penelope