Evilreg : Reverse Shell Using Windows Registry Files (.reg)

Evilreg : Reverse Shell Using Windows Registry Files (.reg)

Evilreg is a reverse shell using Windows Registry files (.reg)


Reverse TCP Port Forwarding using Ngrok.io


  • Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup
  • Your authtoken is available on your dashboard: https://dashboard.ngrok.com
  • Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN>
  • Target must reboot/re-login after installing the .reg file

Also Read – CatchYou : FUD Win32 Msfvenom Payload Generator


git clone https://github.com/thelinuxchoice/evilreg
cd evilreg
bash evilreg.sh


Usage of Evilreg for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.