Exploitation Tools

Evilreg – Reverse Shell Using Windows Registry Files (.Reg)

Evilreg - Reverse Shell Using Windows Registry Files (.Reg)


Reverse shell using Windows Registry file (.reg).



  • Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup
  • Your authtoken is available on your dashboard: https://dashboard.ngrok.com
  • Install your auhtoken: ./ngrok authtoken <YOUR_AUTHTOKEN>
  • Target must reboot/re-login after installing the .reg file

Legal disclaimer:
Usage of Evilreg for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program


git clone https://github.com/thelinuxchoice/evilreg
cd evilreg
bash evilreg.sh

Author: github.com/thelinuxchoice
Twitter: twitter.com/linux_choice

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: