Charlex-Webshell

Welcome to Charlex-Webshell — the ultimate hacker tool for secret control!

What’s inside?

• Flask webshell with a secret, random URL (UUID) to stay hidden from prying eyes.
• Powerful C2 server inside the Flask app, listening on port 5555, talking to clients with sneaky XOR encryption.
• Smart client agent that connects back, runs your commands, and sends back the results.
• Cool green-on-black terminal UI for that real hacker feel.

How to use

1. Run the client agent on the target machine:

python client_agent.py

(Change the IP in client_agent.py if needed)

1. Start the webshell (with the C2 server):

python app.py

1. Open your browser and go to:

http://127.0.0.1:5555/<secret-uuid>

(The secret UUID shows up in the console when you start the webshell)

1. Pick your target client from the list, type commands, hit Enter, and watch the magic happen!

Important stuff

• For authorized use only — don’t be a jerk.
• Communication uses simple XOR encryption — not perfect, but sneaky.
• The secret URL keeps you hidden.
• Stay safe, stay smart.

Files

• app.py — Flask webshell backend with built-in C2 server
• client_agent.py — The little agent that does your bidding
• templates/shell.html — The hacker-themed terminal UI
• .gitignore — Stuff to ignore in git

License

Use it wisely.

How to compile the client agent

Want a standalone executable? Here’s how:

1. Create and activate a Python virtual environment:

python3 -m venv venv
source venv/bin/activate

1. Upgrade pip and install PyInstaller:

pip install --upgrade pip
pip install pyinstaller

1. Compile the client agent script:

pyinstaller --onefile client_agent.py

1. Find your executable in the dist/ folder.

2. When done, deactivate the virtual environment:
   

deactivate

This replaces the old compile_client_agent.sh script.