Guides
Scenario playbooks for authorized labs — pick a path, load a preset, adapt LHOST/LPORT.
Scenario playbooks
Start from a real engagement pattern, not a changelog.
Use Python, PHP, or Node one-liners when you have command execution but limited tooling. Prefer URL-encoded variants behind WAFs.
Bash /dev/tcp, netcat mkfifo, or socat when outbound TCP is open. Match architecture and available binaries on target.
PowerShell and cmd techniques with optional encoding. Confirm execution policy and AMSI context in your lab.
When only encrypted outbound traffic is allowed, use OpenSSL, ncat SSL, or TLS-wrapped callbacks.
Inbound connections when reverse egress is blocked. Set bind port and ensure firewall rules in the lab.
curl/wget loaders and second-stage scripts for segmented networks. Host the stage on your HTTP server.
Release notes
May 2026
Your last builder config is saved locally; share lab setups with query parameters.
The builder restores your last template, LHOST, LPORT, and obfuscation from localStorage. Valid configs also sync to the URL so you can bookmark or share a lab setup. A recommended listener card appears beside the generated command, and the payload picker supports search across the expanded catalog.
May 2026
How to use the builder, listener, and engagement card export in authorized labs.
Open the builder to pick a template, set LHOST/LPORT, and copy or export commands. Use collections for presets, and the engagement card export to capture configuration and notes in markdown.