AES-Encrypted TCP Reverse Shell
A Go-based reverse shell with AES-encrypted TCP communications for penetration testing
3X-Shell is a reverse shell written in Go that encrypts all TCP traffic using AES symmetric encryption. By using Go instead of traditional C#/C++/Python payloads, it achieves significantly lower detection rates against AV engines while maintaining native performance through compiled machine code.
- AES-Encrypted Traffic — All C2 communications are encrypted with AES symmetric encryption
- Low Detection Rate — 2/40 on ScanTime (as of March 2022)
- Screenshot Capture — Remote screenshot functionality
- Cross-Platform Server — Listener works on Windows and Linux
- Native Binary — Compiled Go binary, no interpreter needed
- No External Dependencies — Pure Go implementation
| Scanner | Result | Date |
|---|---|---|
| ScanTime | 2/40 bypass | March 2022 |
Server Listener:
Encrypted TCP Traffic (AES):
Detection Rate:
# Build the server
go build -o server ./server/
# Build the client (implant)
go build -ldflags "-s -w" -o client ./client/# Start the listener
./server -p 4444
# Execute the client on the target
.\client.exe- Multi-stage payload delivery
- Persistence mechanisms
- Shellcode injection
- System information collection
This tool is intended for authorized penetration testing and security research only. Unauthorized access to computer systems is illegal. Always obtain proper written authorization before testing. The author assumes no liability for misuse of this software.
For educational and authorized security testing purposes only.