🚨 SecShell - Secure Shell for Modern Systems (Go)

SecShell is a next-generation secure shell written in Go, engineered for professionals who demand robust security, fine-grained control, and operational transparency. It provides a hardened environment for command execution, featuring advanced whitelisting, process isolation, and real-time job/service management.

---

🔑 Key Features

• Command Whitelisting & Blacklisting: Only explicitly allowed commands or those in trusted directories can run. Blacklisted commands are strictly blocked.
• Input Sanitization: All user input is sanitized to prevent injection and exploitation.
• Process Isolation: Each command runs in its own process, minimizing risk.
• Job Management: Track, control, and inspect background jobs.
• Service Management: Start, stop, restart, and check system services securely.
• Piped & Background Execution: Full support for pipes (|), redirection (>, <), and background jobs (&).
• Command History & Search: Persistent history with interactive and query-based search, including interactive search mode.
• Environment Variable Control: Set, unset, and list environment variables.
• Security Toggle (Admin Only): Temporarily bypass security checks with authentication.
• Pentesting Utilities: Built-in port, host, and web scanners, reverse shell payload generation, and session management.
• Encoding/Decoding Tools: Base64, Hex, URL, Binary encode/decode, and file support.
• Hashing Utility: Calculate and compare hashes (MD5, SHA1, SHA256, SHA512) for strings and files.
• String Extraction: Extract printable strings from binaries.
• Script Execution: Run scripts with automatic interpreter detection.
• Update & Version Control: Self-update and version display commands.
• Comprehensive Logging: All actions are logged for audit and review.
• Interactive Paged Output: View long output with paging and search (more command).
• Built-in Text Editor: Edit files directly with the edit command.

---

🛡️ Built-in Commands

---

Command	Description / Usage
allowed	Show allowed directories, commands, built-ins, or binaries. Usage: `allowed <dirs
help	Show help message or help for a specific command. Usage: help [command]
exit	Exit the shell (admin only).
services	Manage system services. Usage: services <start,stop,restart,status,list> <service_name>
jobs	Manage background jobs. Usage: jobs <list,stop,start,status,clear-finished> [pid]
cd	Change directory. Usage: `cd (--prev
history	Show command history. Usage: `history [-s
export	Set an environment variable. Usage: export VAR=value
env	List all environment variables.
unset	Unset an environment variable. Usage: unset VAR
logs	List or clear logs. Usage: `logs <list
blacklist	List blacklisted commands.
whitelist	List whitelisted commands.
edit-blacklist	Edit the blacklist file (admin only).
edit-whitelist	Edit the whitelist file (admin only).
reload-blacklist	Reload the blacklist (admin only).
reload-whitelist	Reload the whitelist (admin only).
download	Download files from the internet. Usage: download [-o output1,output2,...] <url [url2 ...]>
toggle-security	Toggle security enforcement (admin only, password required).
time	Show current time.
date	Show current date.
--version	Display current version.
--update	Update SecShell to the latest version.
features	List all available features. Usage: features
changelog	Display the application changelog. Usage: changelog
Pentesting Tools
portscan	Advanced port scanner. Usage: portscan [options] <target>
	Options:
	-p <ports> (port range, e.g. 1-1000)
	-udp (UDP scan)
	-t <1-5> (timing, 1=slowest, 5=fastest)
	-v (show service version)
	-j (JSON output), -html (HTML output)
	-o <file> (output file)
	-syn (SYN scan, root only)
	-os (OS detection)
	-e (enhanced detection)
hostscan	Discover hosts in a network. Usage: hostscan <network-range>
webscan	Scan a web target. Usage: webscan [options] <url>
	Options:
	-t, --timeout <sec>
	-H, --header <Header:Value>
	-k, --insecure (skip SSL verification)
	-A, --user-agent <UA>
	--threads <n>
	-w, --wordlist <file>
	-m, --methods <GET,POST,...>
	-v, --verbose
	--follow-redirects
	--cookie <cookie>
	--auth <token>
	`-f, --format <text
	-o, --output <file>
payload	Generate reverse shell payload. Usage: payload <ip-address> <port>
session	Manage pentest sessions.
	Usage:
	session -l (list sessions)
	session -i <id> (interact with session)
	session -c <port> (listen for new session)
	session -k <id> (kill session)
Encoding/Decoding
base64	Encode/decode Base64. Usage: `base64 [-e
hex	Encode/decode Hex. Usage: `hex [-e
urlencode, url	Encode/decode URL. Usage: `urlencode [-e
binary	Encode/decode binary. Usage: `binary [-e
Hashing
hash	Calculate or compare hashes. Usage: `hash -s
Analysis
extract-strings	Extract printable strings from binaries. Usage: extract-strings <file> [-n min-len] [-o output.json]<br>&nbsp;&nbsp;(or > output.json)
type	Show how a name resolves in SecShell (builtin, alias, keyword, or executable). Usage: type <name> [name ...]
size	Show file/folder size in selected unit. Usage: `size <-b
meta	Show file metadata or remove extended metadata. Usage: meta [-r] <file>
obfu	Obfuscate text and print encoded output. Usage: obfu <text>
mini	Minify file content in place (HTML/CSS/JS/plain text). Usage: mini <file>
Scripting
./<script>	Execute scripts with automatic interpreter detection.
UI/Display
more	Display text files or command output with interactive paging and search. Usage: more <file> or `command
edit	Open a file in the built-in text editor. Usage: edit <filename>
colors	Display all available colors and styles. Usage: colors
edit-prompt	Edit the command prompt. Usage: edit-prompt
reload-prompt	Reload the command prompt configuration. Usage: reload-prompt
prompt	Display the current command prompt configuration and options. Usage: prompt
files	Open interactive file manager. Usage: files
sec	Run the built-in scripting engine (SecEngine). Usage: sec

---

---

⚡ Quick Start

Requirements

• Go (Golang) - For building from source
• systemctl - For service management features
• Nano Editor - For built-in editing features
• DrawBox (DrawBox Repository)
• PAM Development Library (libpam0g-dev) - For Linux authentication (not required on macOS)

Installation Options

Option 1: Quick Install Script (Recommended)

Install the pre-compiled binary directly:

curl -fsSL https://raw.githubusercontent.com/KaliforniaGator/SecShell-Go/main/install.sh | bash

This will:

• Auto-detect your OS (Linux/Darwin) and architecture (x86_64/arm64)
• Fetch the latest version from GitHub releases
• Download the appropriate archive (e.g., SecShell-Go_Darwin_arm64.tar.gz for M1/M2 Macs)
• Install the binary and DrawBox dependency

Supported platforms:

OS	Architecture	Archive
macOS (Darwin)	Apple Silicon (M1/M2)	SecShell-Go_Darwin_arm64.tar.gz
macOS (Darwin)	Intel (x86_64)	SecShell-Go_Darwin_x86_64.tar.gz
Linux	x86_64	SecShell-Go_Linux_x86_64.tar.gz

Option 2: Update Existing Installation

Update an existing installation to the latest version:

curl -fsSL https://raw.githubusercontent.com/KaliforniaGator/SecShell-Go/main/update.sh | bash

Or from within SecShell:

--update

This will:

• Compare your current version with the latest release
• Download only if an update is available
• Update both SecShell-Go and DrawBox

Option 3: Manual Build from Source

If you prefer to build from source:

# Clone the repository
git clone https://github.com/KaliforniaGator/SecShell-Go.git
cd SecShell-Go

# Build the binary
go build -o secshell secshell.go

# Install the binary
sudo mv secshell /usr/bin/  # Linux
# or
sudo mv secshell /usr/local/bin/  # macOS

Note: Building from source requires Go to be installed on your system.

---

🚀 Usage

Start SecShell:

secshell

Example Commands

• List files: ls -l
• Start a service: services start nginx
• Set an environment variable: export MY_VAR=value
• Run a command in the background: sleep 10 &
• View command history: history
• Search history: history -s nginx
• Interactive history search: history -i
• Download a file: download https://example.com/file.txt
• Scan ports: portscan 192.168.1.1 1-1000
• View file content page by page: more /var/log/syslog or ls -la | more
• Edit a file: edit myfile.txt
• Toggle security (admin): toggle-security
• Encode a string in base64: base64 -e "Hello"
• Decode a hex string: hex -d "48656c6c6f"
• Calculate SHA256 hash: hash -s "test" sha256
• Extract strings from a binary: extract-strings firmware.bin -n 8
• Resolve command type: type ls cd url if
• Show folder size in MB: size -mb ./tools
• Show metadata: meta ./README.md
• Remove file metadata: meta -r image.jpg
• Obfuscate text: obfu "my secret token"
• Minify a JS file: mini app.js
• Run a Python script: ./myscript.py arg1 arg2

---

⚙️ Configuration

SecShell uses two config files:

• .whitelist — List of allowed commands.
• .blacklist — List of disallowed commands.

Edit with edit-whitelist or edit-blacklist (admin only). Files are auto-created if missing.

---

🔒 Security Model

• Strict Whitelisting: Only commands in .whitelist or trusted directories are allowed.
• Blacklist Enforcement: Blacklisted commands are always blocked.
• Admin Bypass: Admins can temporarily disable security (with authentication).
• Network Command Restrictions: Sensitive network tools (e.g., wget, curl, nmap) are restricted for non-admins.
• Audit Logging: All actions are logged for review.

---

🤝 Contributing

Contributions are welcome! Please open issues or submit pull requests for improvements, bug fixes, or new features.

---

📄 License

SecShell is licensed under the GNU Affero General Public License (AGPL). See LICENSE for details.

---

Serious about security. Built for professionals.