Necromancy is a TUI-first reverse shell manager written in Go. It combines multi-session handling, payload generation, file transfer helpers, tabbed shell workspaces, and a built-in module catalog for post-session operations.
Warning Use this project only in environments you own or are explicitly authorized to test.
Necromancy is designed for operators who want a more structured alternative to plain nc listeners. The application focuses on three things:
- managing multiple shell sessions from one place,
- reducing friction after a shell lands, and
- keeping common operator tasks available inside the terminal UI.
The codebase includes:
- reverse-shell listeners and bind-shell connections,
- a TUI dashboard built with
tview, - session logging and tabbed shell workspaces,
- payload preview and clipboard copy support,
- a lightweight HTTP file server,
- a built-in module registry for post-session helpers.
- Multi-listener support with comma-separated ports.
- Reverse-shell and bind-shell workflows.
- Automatic PTY upgrade attempts for non-Windows shells.
- Session logging under
logs/unless disabled. - Headless mode for VPS,
tmux,nohup, or CI-style environments.
- Dashboard pages for sessions, payloads, modules, network info, and interfaces.
- Raw interactive shell mode and TUI-based tabbed shell workspace.
- Clipboard-friendly payload preview with automatic IP substitution.
- Session actions for upload, in-memory execution, module dispatch, and command cancel.
- Built-in update checker and GitHub release downloader.
- Enumeration helpers such as
peass_auto,linpeas,winpeas, andlse. - Privilege-escalation helpers such as
traitor,uac, andpotato. - Tunneling helpers such as
chisel,ligolo, andngrok. - Operations and monitoring helpers such as
cleanup,process_monitor, andbackground_checker. - Additional workflow helpers including
payload_obfuscator,enhanced_preflight_recon,redsun, andbluehammer.
Note Some modules are full command dispatchers, while others are helper or placeholder workflows that print guidance or bootstrap commands. See
MODULES.mdfor the current catalog.
graph TD
A[Operator] -->|Starts| B[Necromancy]
B -->|Configures| C[Listener Setup]
C -->|Generates| D[Payloads]
D -->|Executed On| E[Target System]
E -->|Connects Back| F[Listener]
F -->|Creates| G[Interactive Session]
G -->|Enables| H[Post-Session Workflow]
H --> I[File Operations]
H --> J[Module Execution]
graph LR
A[Session Browser] --> B[Select Session]
B --> C[Shell Tabs Or Raw Interact]
C --> D[Post-Session Actions]
D --> E[File Manager]
D --> F[Run Module]
D --> G[Upload Or In-Memory Exec]
D --> H[Cancel Or Kill Session]
graph TD
A[Choose Session] --> B[Open Run Module]
B --> C[Select Module]
C --> D{Module Type}
D -->|Enumeration| E[LinPEAS WinPEAS LSE]
D -->|Privilege Escalation| F[Traitor UAC Potato]
D -->|Tunneling| G[Chisel Ligolo Ngrok]
D -->|Operations| H[Cleanup Monitor Background Check]
D -->|Payload Helper| I[Payload Obfuscator Recon]
E --> J[Dispatch Through Session Stream]
F --> J
G --> J
H --> J
I --> J
graph TD
A[Local Interfaces] --> B[Network Detection]
C[Public IP Services] --> B
B --> D[Selected IP Address]
D --> E[Payload Template Replacement]
F[Configured Listening Ports] --> E
E --> G[Updated Reverse Shell Payloads]
# Linux amd64
curl -LO https://github.com/Aryma-f4/necromancy/releases/latest/download/necromancy-linux-amd64
chmod +x necromancy-linux-amd64
./necromancy-linux-amd64go install github.com/Aryma-f4/necromancy@latestgit clone https://github.com/Aryma-f4/necromancy.git
cd necromancy
go build -o necromancy .
./necromancy# Default listener on 4444
./necromancy
# Listen on multiple ports
./necromancy -p 4444,4445,4446
# Serve a directory over HTTP
./necromancy -p 4444 -s ./payloads -w 8000
# Connect to a bind shell
./necromancy -c target.example -p 4444
# Run without the TUI
./necromancy --headlessNecromancy currently exposes a mix of short flags and a few long-form utility flags. The core listener options are short-form in the current implementation.
| Flag | Type | Default | Description |
|---|---|---|---|
-p |
string | 4444 |
Comma-separated listening ports |
-s |
string | empty | Serve a directory through the built-in HTTP server |
-i |
string | 0.0.0.0 |
Local interface or IP to bind |
-c |
string | empty | Connect to a bind shell host instead of listening |
-m |
int | 0 |
Maintain at least N sessions per target |
-L |
bool | false |
Disable per-session log files |
-U |
bool | false |
Disable automatic PTY upgrade |
-O |
bool | false |
Enable OSCP-safe mode flag |
-w |
int | 8000 |
HTTP file-server port |
-S |
bool | false |
Accept only the first created session |
-C |
bool | false |
Do not auto-attach on new sessions |
--prefix |
string | empty | URL prefix for the HTTP file server |
-a, --payloads |
bool | false |
Print sample reverse-shell payloads and exit |
-l, --interfaces |
bool | false |
Print local network interfaces and exit |
-v, --version |
bool | false |
Print version and exit |
--headless |
bool | false |
Run without the TUI |
--check-update |
bool | false |
Check GitHub Releases for a newer version |
--update |
bool | false |
Download and replace the current binary with the latest release |
# Print payload suggestions using the current IP detection logic
./necromancy --payloads -p 8080
# List local interfaces
./necromancy --interfaces
# Check whether a new release exists
./necromancy --check-updateNecromancy is primarily a menu-driven terminal UI, not a typed command console. Most actions are selected from panels.
The main menu exposes:
SessionsPayloadsModulesNetwork InfoInterfacesExit
Selecting a session opens the action menu:
Shell TabsRaw InteractFile ManagerCancel CommandsRun ModuleUpload FileIn-Memory ExecPort ForwardingKill
The tabbed shell workspace keeps multiple local views for the same remote stream.
| Key | Action |
|---|---|
Ctrl+N |
Create a new tab |
Ctrl+W |
Close the active tab |
Tab / Shift+Tab |
Switch tabs |
Up / Down |
Browse local command history |
Esc |
Return to session actions |
The payload page:
- renders payloads using the detected IP,
- prefers a public IP when available,
- supports
Enterorcto copy the selected payload, - supports
rto refresh network information.
- Starting Necromancy with
-senables the built-in HTTP file server. - Per-session logs are written to
logs/session_<id>.logunless-Lis used. - General runtime logs are written to
necromancy-go.log. - Session upload and in-memory execution are available from the session action menu.
Modules are dispatched after a shell is already established. The full catalog lives in MODULES.md.
Current built-in module keys include:
peass_auto,linpeas,winpeas,lsetraitor,uac,potatochisel,ligolo,ngrokmeterpreter,cleanup,panix,linux_procmemdumpfilemanager,redsun,bluehammerpayload_obfuscator,enhanced_preflight_reconprocess_monitor,background_checker
- Documentation.md: complete product documentation
- MODULES.md: built-in module catalog
- QUICK_REFERENCE.md: short operational cheatsheet
- CONFIGURATION.md: configuration examples
- AGENTS.md: project architecture and AI-agent notes
- CONTRIBUTING.md: contribution guide
- SECURITY.md: security reporting policy
necromancy/
├── core/ # sessions, networking, terminal helpers, config
├── modules/ # built-in post-session helpers and file-manager logic
├── pty/ # PTY upgrade logic
├── server/ # HTTP file server
├── ui/ # tview-based interface and shell tabs
├── updater/ # release checking and self-update logic
├── utils/ # formatting and network helpers
└── main.go # application entry point
- Only use Necromancy for authorized testing.
- Review generated payloads before using them.
- Treat helper modules as automation aids, not guarantees.
- Validate OS-specific behavior on lab targets before production assessments.
This project is released under the MIT License.
Version: v1.5.1
Repository: https://github.com/Aryma-f4/necromancy