MonkeyShell

MonkeyShell is a post-login shell environment for authorized security research, red team operations, incident response labs, and controlled adversary emulation. It is a fork of HackShell with a distinct identity, a cleaner operator surface, a stronger command map, and a practical focus on field use rather than novelty.

Purpose

MonkeyShell is built for the moment after a shell is available and the operator needs a consistent environment quickly. It configures shell behavior, aliases, temporary workspace handling, transport helpers, host inspection, file handling, discovery utilities, and command wrappers in one sourceable script.

The project does not pretend to be magic. It is a shell environment. Its value is speed, repeatability, and operator ergonomics under imperfect conditions.

Lineage

MonkeyShell is derived from HackShell by The Hacker's Choice contributors Messede, DoomeD, and skpr.

This fork keeps the parts that are useful in real post-login workflows while moving the project toward a distinct toolchain:

• clearer branding and repository ownership
• better startup identity and prompt profiles
• a structured command map through xhelp and ms_help
• MonkeyShell-native commands such as ms, ms_status, ms_about, ms_banner, ms_ready, ms_env, ms_commands, ms_find, ms_checksum, ms_prompt, and ms_profile
• documentation written for professional security work instead of hype

HackShell Compatibility

MonkeyShell preserves the current upstream HackShell top-level command surface and adds MonkeyShell-native operator commands on top. Existing HackShell workflows remain available while the shell gains a stronger identity layer, readiness reporting, a compact command index, prompt profiles, and production-focused documentation.

Compatibility does not mean blind trust. Operators should still read command output, understand engagement scope, and use only the commands that match the authorized objective.

Scope

MonkeyShell helps with:

• temporary operator workspace setup
• shell history and tool history reduction
• command aliases for common post-login work
• URL retrieval through available local runtimes
• file transfer helpers
• encryption and decryption helpers for files and streams
• host and session inspection
• DNS, certificate, and subdomain utilities
• static binary retrieval when internet access is explicitly enabled
• focused command discovery through built-in help

MonkeyShell is not:

• an exploit framework
• a vulnerability scanner replacement
• an authorization bypass
• a persistence framework
• a substitute for written rules of engagement
• a guarantee of stealth

Legal And Ethical Use

Use MonkeyShell only on systems where you have explicit permission to operate.

Valid use cases include:

• internal security assessment
• contracted penetration assessment
• red team exercises with approved scope
• blue team labs
• malware analysis labs
• capture the flag environments
• personal research systems

Do not use MonkeyShell against third-party systems without written authorization. The tool contains functionality that can alter shell behavior, move data, inspect local secrets, and assist post-login operations. That makes authorization and scope non-negotiable.

Installation

Direct no-clone usage:

QUIET=1 exec bash --rcfile <(curl -fsSL https://git.nadeko.net/legs/monkeyshell/raw/branch/main/monkeyshell.sh) -i

No-clone usage with wget:

QUIET=1 exec bash --rcfile <(wget -qO- https://git.nadeko.net/legs/monkeyshell/raw/branch/main/monkeyshell.sh) -i

Reusable one-line usage:

msdir="${TMPDIR:-/tmp}/monkeyshell"; { git clone --depth 1 https://git.nadeko.net/legs/monkeyshell "$msdir" 2>/dev/null || git -C "$msdir" pull --ff-only; } && source "$msdir/monkeyshell.sh"

Clone the repository:

git clone https://git.nadeko.net/legs/monkeyshell
cd monkeyshell

Source it into the current shell:

source ./monkeyshell.sh

For a quiet startup:

QUIET=1 source ./monkeyshell.sh

For no PTY upgrade attempt:

NOPTY=1 source ./monkeyshell.sh

Runtime Controls

MonkeyShell is source-based. It modifies the current shell session.

Common environment variables:

variable	purpose
XHOME	sets the temporary MonkeyShell home directory
HOMEDIR	sets the home directory root used by discovery helpers
ROOTFS	sets an alternate filesystem root for selected operations
QUIET	suppresses startup output
NOPTY	disables PTY upgrade logic
MS_PROMPT	selects compact, classic, or monster prompt style
MS_URL	overrides the displayed project URL
MS_RAW_URL	overrides the direct script URL

Internet access is gated by design for helper functions that download content:

xint

Run xint again to disable it.

Core Commands

ms
ms_status
ms_about
monkey
ms_banner
ms_help
ms_version
ms_path
ms_checksum
ms_ready
ms_doctor
ms_env
ms_commands
ms_find
ms_prompt compact
ms_prompt classic
ms_prompt monster
ms_profile show
ms_profile quiet
ms_profile loud
ms_profile ops
xhelp

ms and ms_status provide a quick runtime view of user, host, architecture, IP state, load, process count, XHOME state, and internet access state.

ms_ready and ms_doctor show whether the current shell has the expected runtime pieces available.

ms_env prints the active MonkeyShell environment.

ms_commands prints a compact operator index for the command surface.

ms_find searches the compact operator index.

ms_checksum prints a checksum for the loaded source or a specified file.

xhelp and ms_help provide the command map.

Command Areas

MonkeyShell organizes its command surface around operational needs:

area	examples
core	ms, ms_status, ms_ready, ms_env, ms_commands, ms_find, ms_checksum, ms_prompt, ms_profile, xhome, xint
network	scan, dns, rdns, cn, sub, dl, purl, surl, burl
files	enc, dec, transfer, tb, shred, notime, notime_cp, ctime
discovery	loot, lootlight, hgrep, wfind, find_subdomains, ws, xid
session	xssh, xscp, xtmux, xpty
binaries	bin, dbin, memexec

Focused help is available for selected commands:

xhelp scan
xhelp dbin
xhelp tit
xhelp memexec
xhelp bounce

Security Model

MonkeyShell assumes the operator already has shell access. It does not establish authorization, validate scope, or decide whether an action is appropriate. Those responsibilities remain with the user and the engagement process.

Important behavior:

• it changes shell environment variables
• it can change command aliases
• it may create temporary runtime directories
• it can suppress history for common tools
• it can download binaries when internet access is enabled
• it can inspect local files and local process state
• some commands require root privileges
• some commands are intrusive and should only be used when explicitly in scope

Read command output before acting. Do not run commands because they exist. Run them because the engagement objective and authorization justify them.

Operational Notes

Source MonkeyShell only in shells intended for security work.

Use xhome when you want the session to operate from the temporary workspace.

Use xkeep only when you intentionally want to keep the temporary workspace after logout.

Use xdestruct to tear down the temporary workspace during the session.

Use ms_profile ops for a compact operator prompt.

Use ms_profile loud for the full MonkeyShell prompt.

Use QUIET=1 in scripted or repeated setup paths.

Production Standard

MonkeyShell should be judged by whether it helps a security researcher work faster with fewer mistakes in a real authorized environment.

The standard is:

• understandable
• scoped
• useful under pressure
• honest about risk
• quiet unless output matters
• explicit before network use
• temporary by default
• compatible with constrained Linux hosts

License And Attribution

MonkeyShell is released under the MIT License.

MonkeyShell is a fork of HackShell. Upstream authorship is preserved in attribution because the foundation matters and the lineage is part of the tool.