SharPyShell
SharPyShell is a post-exploitation framework written in Python designed for penetration testing against IIS web servers hosting C web applications on .NET Framework 2.0 or higher. It generates a small, obfuscated ASP.NET webshell that executes commands through an encrypted channel, compiling C code in memory at runtime. The framework includes two main components: a generator that creates the obfuscated webshell, and an interactive client that simulates a Windows terminal session against the deployed webshell. SharPyShell is intended for scenarios where a tester has reached a restricted server with limited inbound and outbound connectivity, making traditional C2 frameworks like Meterpreter or Empire impractical. It supports privilege escalation, network discovery, and lateral movement tasks directly on the target, using in-memory execution for both C and PowerShell modules to remain stealthy. Obfuscation techniques address both file and network signature detection, employing XOR and AES encryption with Base64