Skip to content

17. Remote Shells

Jump to bottom
“samuele edited this page Mar 1, 2026 · 1 revision

Remote Shells — Live Session Interaction

The Remote Shells tab provides a unified view of every active session established by the AI agent — meterpreter shells, raw reverse/bind shells, background handlers, and netcat listeners. Sessions appear automatically within seconds of being opened, and each one can be interacted with directly from the browser.

Overview

When the AI agent exploits a target and establishes a session (e.g., a meterpreter reverse shell), it automatically appears in the Remote Shells tab. You can select any session to open an interactive terminal, send commands, and see the output in real time — without switching to a separate tool or terminal window.

Remote Shells Overview

Session List

The left panel displays all active sessions grouped by type:

  • Metasploit sessions — Meterpreter and raw shell sessions managed by the Metasploit Framework
  • Other sessions — Non-Metasploit listeners (netcat, socat) registered by the agent
  • Background jobs — Active Metasploit handlers waiting for incoming connections

Each session card shows the session ID, type (meterpreter/shell), connection details, and the chat session that created it. Action buttons allow you to kill a session or upgrade a raw shell to meterpreter.

Interactive Terminal

Clicking a session opens an interactive terminal on the right panel. You can type commands directly and see the output — just like a local terminal, but running inside the Kali sandbox against the remote target.

The terminal supports:

  • Command history — use arrow keys to navigate previous commands
  • Session-aware prompts — shows meterpreter > for meterpreter sessions and $ for raw shells
  • Agent busy detection — if the AI agent is mid-exploit, the terminal shows a warning banner and queues your interaction

Command Whisperer

Above the terminal command input sits the Command Whisperer — an AI-powered input where you describe what you want in plain English, and the project's LLM translates it into the correct command for the current shell type.

For example:

  • "list all files containing passwords"search -f *password* (meterpreter) or find / -name "*password*" 2>/dev/null (shell)
  • "dump password hashes"hashdump (meterpreter) or cat /etc/shadow (shell)
  • "check network interfaces"ifconfig (meterpreter) or ip addr (shell)

The generated command auto-fills the terminal input for review — it does not auto-execute. You always have the chance to edit or discard the suggestion before pressing Enter.

Concurrency with the AI Agent

The Remote Shells tab and the AI agent share the same Metasploit console. When the agent is actively running a command (e.g., a long exploit or brute force attack), session interaction may be briefly delayed. The terminal will display an "Agent is executing" banner during these moments. Session listing always works regardless of agent activity, as it reads from a background cache.

RedAmon GitHub Repository | Report an Issue | Back to Home

Home

User Guide

  1. Getting Started
  2. User Management
  3. Creating a Project
  4. The Graph Dashboard
  5. Running Reconnaissance
  6. GVM Vulnerability Scanning
  7. GitHub Secret Hunting
  8. AI Agent Guide
  9. Remote Shells
  10. CypherFix — Automated Remediation

Reference

  1. Project Settings Reference
  2. AI Model Providers
  3. Attack Surface Graph
  4. Data Export & Import
  5. EvoGraph — Attack Chain Evolution
  6. Attack Paths
  7. Insights Dashboard

Help

  1. Troubleshooting

Clone this wiki locally