RickShell is a penetration testing and red team tool. It is designed exclusively for use on systems you own or have explicit written authorization to test. Unauthorized use against third-party systems is illegal and unethical.

Only the latest version on the main branch receives security updates.

If you discover a security vulnerability in RickShell itself (e.g. unintended code execution on the attacker machine, insecure defaults, dependency issues), please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

1. Open a private GitHub Security Advisory via the Security tab of this repository.
2. Include the following information:
   • A clear description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Your suggested fix (if any)

You can expect an initial response within 72 hours.

The following are considered in-scope for vulnerability reports:

• Remote code execution on the attacker machine (the machine running RickShell)
• Privilege escalation caused by RickShell itself
• Insecure handling of session data or socket connections
• Dependency vulnerabilities with direct exploitability

The following are out of scope:

• Vulnerabilities in payloads executed on target machines (that is the intended functionality)
• Issues arising from use on systems without authorization
• Social engineering of the maintainers

By using RickShell you agree to:

• Only use this tool on systems you own or have explicit written permission to test
• Comply with all applicable local, national, and international laws
• Not use this tool to cause harm, disrupt services, or compromise systems without authorization

The authors of RickShell are not responsible for any damage or legal consequences resulting from misuse of this software.

RickShell depends on the following third-party library:

Keep dependencies up to date. You can check for outdated packages with:

pip3 list --outdated